From 46608b0ae663f64c114b7da84c3beb759a9dc8a0 Mon Sep 17 00:00:00 2001 From: AA Date: Wed, 20 Dec 2023 22:54:56 -0500 Subject: [PATCH 01/12] Update README.md --- README.md | 30 ++++++------------------------ 1 file changed, 6 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 0eeb372..9e49943 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ #### Specs: > |Unbound |OS |HW | > |:-------|:----------------------------|:-----------------------| -> |`1.17.1`|`raspios-bullseye-arm64-lite`|`Raspberry Pi 4 Model B`| +> |`1.19.0`|`raspios-bookworm-arm64-lite`|`Raspberry Pi 4 Model B`| # ### Steps @@ -35,23 +35,12 @@ #### ❯ Redis   đŸ”¸ Install ➜ Config * **Install:** - There are 2 options **either** install redis (6.0.16) from RaspiOS bullseye **or** install redis (7.0.*) from RaspiOS bullseye backports. - * Install redis **(6.0.16)** from raspios bullseye: - > `sudo apt install redis-server` - - * Install redis **(7.0.*)** from raspios bullseye backports: - > Enable backports. Edit sources list: - > `sudo nano /etc/apt/sources.list` - > Add backports source at the end: - > `deb http://deb.debian.org/debian bullseye-backports main` - - > Install redis: - > `sudo apt install redis-server/bullseye-backports` + > `sudo apt install redis-server` * **Config:** An optimized `redis.conf` for unbound is available in the release under `config` dir. Default _redis.conf_ from redis **7.0.*** is used as base config for the provided config. Some of the options may not be available or may be different if you are on an earlier version of redis. You can use _redis.conf_ **either** from the release **or** your preferred one. - If you installed redis **7.0.*** and going to use the provided _redis.conf_, below steps can be helpful: + To use the provided _redis.conf_, below steps can be helpful: > Edit redis config: > `sudo nano /etc/redis/redis.conf` > Delete everything in default redis config: @@ -61,13 +50,6 @@ > `ℹī¸` **Note:** > Provided `redis.conf` is tweaked after some thorough testing in small network. Like 8mb maxmeory has pretty optimal performance with enough cache and evict least recently used keys. Similarly sanpshotting is used to save keys to database, current option will save after 2hrs if atleast 100 new keys were added or after 12hrs if atleast 1 new key is added. Reboot will save database as long as snapshotting is enabled. Feel free to change them as preferred. -* **Startup Warning:** - For redis **7.0.*** from `backports`. Modify services to fix journal `⚠ī¸` warning on redis startup. - > Edit: `sudo nano /usr/lib/systemd/system/redis-server.service` - > Edit: `sudo nano /usr/lib/systemd/system/redis-server@.service` - > Remove/Comment lines starting with `NoExecPaths` and `ExecPaths` from both above services - > Restart redis: `sudo systemctl restart redis-server` -
divider
@@ -81,9 +63,9 @@ > ``` * **Extract:** - [Download](https://github.com/NLnetLabs/unbound/archive/refs/tags/release-1.17.1.tar.gz) and extract unbound. + [Download](https://github.com/NLnetLabs/unbound/archive/refs/tags/release-1.19.0.tar.gz) and extract unbound. > Extract: - > `tar -xvzf unbound-release-1.17.1.tar.gz` + > `tar -xvzf unbound-release-1.19.0.tar.gz` * **CFLAGS:** Remove debugging information, otherwise unbound binary size will be much larger. @@ -91,7 +73,7 @@ > `export CFLAGS="-O2"` > `ℹī¸` **Note:** - > Unbound `1.17.1` binary size comparison: + > Unbound binary size comparison: > ![bookworm](https://user-images.githubusercontent.com/11185794/216804507-b019a32f-c0bc-44be-a6f6-23de274c0493.png)  âžŸ _Debian Bookworm Prebuilt_ `Without Cachdb Module` > ![debug-off](https://user-images.githubusercontent.com/11185794/216804539-a5ebcc20-27d0-4d6f-bf1e-b55c7d064fd0.png)  âžŸ _Compiled Without Debug Info_ `With Cachdb Module` > ![debug-on](https://user-images.githubusercontent.com/11185794/216804527-fa06ba09-2d51-4662-9fae-2cafa3a30721.png)  âžŸ _Compiled With Debug Info_ `With Cachdb Module` From 3bde9e5b37ad008ad75c0bd18348ee0d2421bbc6 Mon Sep 17 00:00:00 2001 From: AA Date: Fri, 22 Dec 2023 14:36:56 -0500 Subject: [PATCH 02/12] Update README.md --- README.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 9e49943..f24b67d 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ 🔸 Redis backend database for `persistent` cache. Works as second level cache. 🔸 Network wide `Ads and Trackers` block. **No** pi-hole/adguard. **No** extra hop to resolve DNS. 🔸 Unbound `dashboard` is available at [unbound-dashboard](https://github.com/ar51an/unbound-dashboard). (_Optional_) +🔸 Refer to `release.md` for changes. #### Prerequisite: * Unbound compilation and installation is validated on `RaspiOS/Debian`. `Post Install` startup service and scripts are reused from RaspiOS bullseye, they may require modification for other linux distributions. @@ -48,7 +49,7 @@ > Copy and paste the provided `redis.conf`. Save and exit nano > `ℹī¸` **Note:** - > Provided `redis.conf` is tweaked after some thorough testing in small network. Like 8mb maxmeory has pretty optimal performance with enough cache and evict least recently used keys. Similarly sanpshotting is used to save keys to database, current option will save after 2hrs if atleast 100 new keys were added or after 12hrs if atleast 1 new key is added. Reboot will save database as long as snapshotting is enabled. Feel free to change them as preferred. + > Provided `redis.conf` is tweaked after some thorough testing in small network. Like 4mb maxmeory has pretty optimal performance with enough cache and evict least recently used keys. Similarly sanpshotting is used to save keys to database, current option will save after 2hrs if atleast 100 new keys were added or after 12hrs if atleast 1 new key is added. Reboot will save database as long as snapshotting is enabled. Feel free to change them as preferred.
divider @@ -243,16 +244,16 @@ # #### ❯ `ℹī¸` Tips & Notes * **Resolver Configuration:** - Make sure `/etc/resolv.conf` has only one name server. - > `nameserver ` **or** `nameserver 127.0.0.1` + Make sure `/etc/resolv.conf` has only RaspberryPi IP name servers. `NetworkManager` in RaspberryPi OS Bookworm will make this change automatically if your router's LAN DNS is pointing to Raspberry Pi IP. + > `nameserver ` * **Add LAN DNS:** According to your router, change LAN DNS to Raspberry Pi IP. DNS setting under internet setup is WAN DNS, it is not same as LAN DNS. If router permits to change LAN DNS, it is usually under LAN setup. * **Troubleshoot Blocked Domain:** - Below configuration logs only blocked domains, using that you can find domain causing the issue. + Below option logs blocked domains, using that you can find domain causing the issue. > Edit: `sudo nano unbound.conf` - > Set: `verbosity: 1` and `log-local-actions: yes` + > Set: `log-local-actions: yes` * **Block Selective:** Specific domains can be blocked for specific IPs with tag options. It works on top of existing ads and trackers block. Provided `unbound.conf` has selective block configuration commented out under `|Block|`. If interested uncomment it and replace the IPs and domains. @@ -281,7 +282,4 @@ After uninstall all the `Post Install` and `Timers & Services` steps can be easily reverted by running `post-remove.sh` provided in the release. > `sudo ./post-remove.sh` - -* **Update Unbound:** - Refer `UPDATE.md` for updating Unbound.
From 3e05e8dd90beb411c08e8842ad961778b103b495 Mon Sep 17 00:00:00 2001 From: AA Date: Fri, 22 Dec 2023 14:37:19 -0500 Subject: [PATCH 03/12] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f24b67d..c9d2754 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ 🔸 `Recursive` resolving from the root. **No** forwarding to other resolvers. 🔸 Redis backend database for `persistent` cache. Works as second level cache. 🔸 Network wide `Ads and Trackers` block. **No** pi-hole/adguard. **No** extra hop to resolve DNS. -🔸 Unbound `dashboard` is available at [unbound-dashboard](https://github.com/ar51an/unbound-dashboard). (_Optional_) +🔸 Unbound `dashboard` is available at [unbound-dashboard](https://github.com/ar51an/unbound-dashboard). (_Optional_) 🔸 Refer to `release.md` for changes. #### Prerequisite: From d2b2dbbf176d710614acf75a4736353a4bb48c60 Mon Sep 17 00:00:00 2001 From: AA Date: Fri, 22 Dec 2023 14:39:01 -0500 Subject: [PATCH 04/12] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c9d2754..c90eef8 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ 🔸 Redis backend database for `persistent` cache. Works as second level cache. 🔸 Network wide `Ads and Trackers` block. **No** pi-hole/adguard. **No** extra hop to resolve DNS. 🔸 Unbound `dashboard` is available at [unbound-dashboard](https://github.com/ar51an/unbound-dashboard). (_Optional_) -🔸 Refer to `release.md` for changes. +🔸 Refer to `release.md` for changes and update. #### Prerequisite: * Unbound compilation and installation is validated on `RaspiOS/Debian`. `Post Install` startup service and scripts are reused from RaspiOS bullseye, they may require modification for other linux distributions. From 89fbc32afb4cc6df76bc538d411660aec9c582ad Mon Sep 17 00:00:00 2001 From: AA Date: Fri, 22 Dec 2023 14:41:41 -0500 Subject: [PATCH 05/12] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c90eef8..aa403bc 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ 🔸 Refer to `release.md` for changes and update. #### Prerequisite: -* Unbound compilation and installation is validated on `RaspiOS/Debian`. `Post Install` startup service and scripts are reused from RaspiOS bullseye, they may require modification for other linux distributions. +* Unbound compilation and installation is validated on `RaspberryPi OS/Debian`. `Post Install` startup service and scripts are reused from RaspberryPi OS Bookworm, they may require modification for other linux distributions. * If unbound package is installed. Take a backup of current `unbound.conf`. Remove unbound package completely: > `sudo apt --purge autoremove unbound` From cd1cb02ea6fe6d260a9d75c6a01e0ad2fbaef2a6 Mon Sep 17 00:00:00 2001 From: AA Date: Fri, 22 Dec 2023 15:30:51 -0500 Subject: [PATCH 06/12] Update UPDATE.md --- UPDATE.md | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/UPDATE.md b/UPDATE.md index cc9dc1e..ae8dfcc 100644 --- a/UPDATE.md +++ b/UPDATE.md @@ -1,20 +1,28 @@ #### Release Notes: -Unbound 1.17.1 release fixes a number of bugs. -Unbound control has a new option to keep cache intact between configuration reloads. It is integrated into blocklist & roothints update. +* **1.2 Release:** + v1.2 release includes RaspberryPi OS Bookworm related scripts and services changes. If you are on Bullseye use v1.1 release.
divider
-#### Update: -To update Unbound from 1.17.0 to 1.17.1. Only below steps are required: -* Unbound ➟ Download, Extract, CFLAGS, Configure, Compile and Install. -* Manually update /opt/unbound/scripts/update-blocklists.sh & /opt/unbound/scripts/update-roothints.sh -* Restart unbound +#### Unbound Updates: +* **Unbound 1.18.0:** + Unbound added the option to connect to redis server over a unix socket. Unix sockets have better throughput. Check +the `Tips & Notes` section in the README for enabling it. + +* **Unbound 1.17.1:** + Unbound has a new option to keep cache intact between configuration reloads. It is integrated into blocklist & roothints update.
divider
-#### Fresh Install: -Follow the README.md +#### Upgrade: +To upgrade unbound from old-ver to latest-ver. Only below steps are required: +* Unbound ➟ `Download, Extract, CFLAGS, Configure, Compile and Install` +* Restart unbound + +
+ divider +
From 80361fa04b1dc8fb234c7e0998b3e6d9d821e02c Mon Sep 17 00:00:00 2001 From: AA Date: Fri, 22 Dec 2023 15:32:17 -0500 Subject: [PATCH 07/12] Rename UPDATE.md to release.md --- UPDATE.md => release.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename UPDATE.md => release.md (100%) diff --git a/UPDATE.md b/release.md similarity index 100% rename from UPDATE.md rename to release.md From 873ce0188446d19a743ef729f2f936722607d3a0 Mon Sep 17 00:00:00 2001 From: AA Date: Fri, 22 Dec 2023 15:36:33 -0500 Subject: [PATCH 08/12] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index aa403bc..773271f 100644 --- a/README.md +++ b/README.md @@ -243,6 +243,9 @@ # #### ❯ `ℹī¸` Tips & Notes +* **Enable Redis Unix Socket:** + + * **Resolver Configuration:** Make sure `/etc/resolv.conf` has only RaspberryPi IP name servers. `NetworkManager` in RaspberryPi OS Bookworm will make this change automatically if your router's LAN DNS is pointing to Raspberry Pi IP. > `nameserver ` From 6424df6aef664a7485dbe35d7e4f92a182d95fc3 Mon Sep 17 00:00:00 2001 From: AA Date: Fri, 22 Dec 2023 15:42:20 -0500 Subject: [PATCH 09/12] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 773271f..796200f 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ > Copy and paste the provided `redis.conf`. Save and exit nano > `ℹī¸` **Note:** - > Provided `redis.conf` is tweaked after some thorough testing in small network. Like 4mb maxmeory has pretty optimal performance with enough cache and evict least recently used keys. Similarly sanpshotting is used to save keys to database, current option will save after 2hrs if atleast 100 new keys were added or after 12hrs if atleast 1 new key is added. Reboot will save database as long as snapshotting is enabled. Feel free to change them as preferred. + > Provided `redis.conf` is tweaked after some thorough testing in small network. Like 4mb maxmemory has pretty optimal performance with enough cache and evict least recently used keys. Similarly snapshotting is used to save keys to database, current option will save after 2hrs if atleast 100 new keys were added or after 12hrs if at least 1 new key is added. Reboot will save database as long as snapshotting is enabled. Feel free to change them as preferred.
divider @@ -180,7 +180,7 @@ > `ℹī¸` **Note:** > `/opt/unbound/scripts/update-blocklists.sh` script uses [StevenBlack's](https://github.com/StevenBlack/hosts) `unified hosts (adware + malware) + porn` as default list. It converts default list to unbound format, removes comments and sorts it. - > You can add more lists to the _update-blocklists.sh_ script. With some basic expertise in sed you can aggregate multiple lists into unbound blocklist `unbound.block.conf` + > You can add more lists to the _update-blocklists.sh_ script. With some basic expertise in `sed` you can aggregate multiple lists into unbound blocklist `unbound.block.conf`
divider From dae1c460ec92904a66363d7476d78db5c537a0ed Mon Sep 17 00:00:00 2001 From: AA Date: Fri, 22 Dec 2023 19:56:07 -0500 Subject: [PATCH 10/12] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 796200f..a3485af 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ 🔸 Refer to `release.md` for changes and update. #### Prerequisite: -* Unbound compilation and installation is validated on `RaspberryPi OS/Debian`. `Post Install` startup service and scripts are reused from RaspberryPi OS Bookworm, they may require modification for other linux distributions. +* Unbound compilation and installation is validated on `RaspberryPi OS/Debian`. `Post Install` startup service and scripts may require modification for other linux distributions. * If unbound package is installed. Take a backup of current `unbound.conf`. Remove unbound package completely: > `sudo apt --purge autoremove unbound` @@ -101,7 +101,7 @@ > Run: `sudo ./post-install.sh` > `ℹī¸` **Note:** - > Startup service and scripts are reused from unbound package in RaspiOS bullseye. `root.hints` is downloaded from `internic`, it will be automated through systemd timer. + > Startup service and scripts are reused from unbound package in RaspberryPi OS Bookworm. `root.hints` is downloaded from `internic`, it will be automated through systemd timer. * Alternatively, create user manually and use your preferred startup service and scripts.
From a29b4c6ec5199776460c5ee856dd3e79c82a57af Mon Sep 17 00:00:00 2001 From: AA Date: Fri, 22 Dec 2023 19:57:33 -0500 Subject: [PATCH 11/12] Update release.md --- release.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release.md b/release.md index ae8dfcc..5ed46ca 100644 --- a/release.md +++ b/release.md @@ -1,6 +1,6 @@ #### Release Notes: * **1.2 Release:** - v1.2 release includes RaspberryPi OS Bookworm related scripts and services changes. If you are on Bullseye use v1.1 release. + v1.2 release includes RaspberryPi OS Bookworm related scripts and service changes. If you are on Bullseye use v1.1 release.
divider From af9fc0a017769a9047e1cb2827e2d57f6d3f1f72 Mon Sep 17 00:00:00 2001 From: AA Date: Fri, 22 Dec 2023 23:37:20 -0500 Subject: [PATCH 12/12] Update README.md --- README.md | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a3485af..f3546a6 100644 --- a/README.md +++ b/README.md @@ -243,9 +243,35 @@ # #### ❯ `ℹī¸` Tips & Notes -* **Enable Redis Unix Socket:** +* **Enable Redis Unix Socket:** + Unbound **(1.18.0)** added the option to connect to redis server over unix socket. It has better throughput. Follow below steps to enable unix socket connection between unbound and redis: + * Redis config: + > Edit: `sudo nano /etc/redis/redis.conf` + + > Add options: + > `unixsocket /var/run/redis/redis.sock` + > `unixsocketperm 707` + + > Restart redis: + > `sudo systemctl restart redis-server` + + * Unbound config: + > Edit: `sudo nano /etc/unbound/unbound.conf` + + > Modify under **`cachedb:`** tag: + > > Add: + > > `redis-server-path: "/var/run/redis/redis.sock"` + > > Comment out: + > > `#redis-server-host: 127.0.0.1` + > > `#redis-server-port: 6379` + + > Restart unbound: + > `sudo systemctl restart unbound` + + > `ℹī¸` **Note:** + > In order to use more restrictive option `unixsocketperm 770` in `redis.conf`, add unbound user to redis group. + > Redis connectivity on TCP can be turned off with option `port 0` in redis.conf. When redis is not listening on TCP, specify socket path in cli cmds `redis-cli -s /var/run/redis/redis.sock` - * **Resolver Configuration:** Make sure `/etc/resolv.conf` has only RaspberryPi IP name servers. `NetworkManager` in RaspberryPi OS Bookworm will make this change automatically if your router's LAN DNS is pointing to Raspberry Pi IP. > `nameserver `