131 lines
6.9 KiB
HTML
131 lines
6.9 KiB
HTML
<!DOCTYPE html>
|
|
<html class="no-js" lang="en-us" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<base href="https://beckmeyer.us/">
|
|
<meta name="viewport" content="width=device-width">
|
|
<title>OpenWRT + Unbound + adblock – Joel Beckmeyer's Blog</title>
|
|
<link rel="stylesheet" href="/css/styles.css">
|
|
<link id="theme_css" rel="stylesheet" href="/css/themes/light.css">
|
|
</head>
|
|
<body>
|
|
<input class="show-hide-menu-input" style="display:none;" autocomplete="off" type="checkbox" id="toggle-1">
|
|
<div class="main">
|
|
<div class="header">
|
|
<div class="header-content">
|
|
<div class="title">
|
|
<a href="https://beckmeyer.us/">Joel Beckmeyer's Blog</a>
|
|
</div>
|
|
<div>
|
|
<div class="header-right">
|
|
<label id="show-hide-menu-label" class="clickable-header-label" for="toggle-1">
|
|
<img class="color-adapting-image" width="30" src="/images/hamburger.svg" alt="menu button">
|
|
</label>
|
|
</div>
|
|
<label class="overlay" for="toggle-1"></label>
|
|
<div class="dont-show">
|
|
Links:
|
|
</div>
|
|
<ul class="links">
|
|
<li><a href="/">Home</a></li>
|
|
<li><a href="/contact/">Contact</a></li>
|
|
<li><a href="/posts/">Posts</a></li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="body">
|
|
<div class="body-content">
|
|
<div class="title-header">
|
|
<h1>OpenWRT + Unbound + adblock</h1>
|
|
<div class="title-header-date">
|
|
<time>Friday, February 5, 2021</time>
|
|
</div>
|
|
</div>
|
|
|
|
<p>I decided to do some work on my Linksys WRT32X running OpenWRT to make it a
|
|
little more useful.</p>
|
|
<p><a href="https://nlnetlabs.nl/projects/unbound/about/">Unbound</a> is a DNS
|
|
resolver which I like because it’s recursive, meaning it directly queries the
|
|
root servers instead of relying on existing DNS servers run by Google,
|
|
Cloudflare, your ISP, or the like. I already have it running on several of my
|
|
servers and computers, but I figured it would be great if everything on my
|
|
network can use Unbound and be, well, <em>unbound</em> from all of those intermediary
|
|
DNS servers.</p>
|
|
<p>Luckily, OpenWRT already has Unbound packaged, and also has a useful LuCI app
|
|
that goes with it (LuCI is the graphical web interface that comes with OpenWRT).
|
|
All I had to do was install <code>luci-app-unbound</code>, which pulls in all of the
|
|
necessary dependencies to run unbound.</p>
|
|
<p><img src="/luci_software.png" alt="LuCI: Software"></p>
|
|
<p><img src="/luci_install.png" alt="LuCI: Install"></p>
|
|
<p>After that finished installing, I
|
|
refreshed LuCI/OpenWRT and went to “Services” on the top, and there it is!</p>
|
|
<p><img src="/luci_services.png" alt="LuCI: Services -> Recursive DNS"></p>
|
|
<p>At this point, you’ll have to get your hands dirty. You can either dig through
|
|
some LuCI menus or SSH in and make some edits. For reference, I’m using
|
|
<a href="https://github.com/openwrt/packages/blob/openwrt-19.07/net/unbound/files/README.md#parallel-dnsmasq">“Parallel dnsmasq”</a> section from the README for unbound in the OpenWRT packages (which
|
|
has a lot of other useful information as well!). Essentially, I made the edits
|
|
to <code>/etc/config/unbound</code> and <code>/etc/config/dhcp</code> after SSH’ing in. However, you
|
|
can make the same edits through LuCI.</p>
|
|
<p>For the <code>/etc/config/unbound</code> edits, you can make the edits to the file in
|
|
LuCI directly at “Services -> Recursive DNS -> Files -> Edit: UCI”:</p>
|
|
<p><img src="/unbound_config.png" alt="LuCI: Edit /etc/config/unbound"></p>
|
|
<p>For the <code>/etc/config/dhcp</code> edits, you can make the edits by finding the same
|
|
fields under “Network -> DHCP and DNS”:</p>
|
|
<p><img src="/dhcp_config.png" alt="LuCI: Edit DHCP and DNS Settings"></p>
|
|
<p>However, the field names are different from the lines in the config, so they
|
|
would need to be researched to determine which fields in LuCI map to which
|
|
lines in <code>/etc/config/dhcp</code>.</p>
|
|
<p>At this point (or maybe after restarting unbound and dnsmasq, which is a lot
|
|
easier using SSH and <code>/etc/init.d ... restart</code> as well), OpenWRT should now
|
|
be using unbound for resolving all DNS lookups, while dnsmasq is only used for
|
|
DHCP-DNS.</p>
|
|
<p>Bonus: you can also enable a nice status dashboard in LuCI under
|
|
“Services -> Recursive DNS -> Status”, but this requires installing several more
|
|
software packages: <code>unbound-control</code> and <code>unbound-control-setup</code>. You will also
|
|
need to change a line in <code>/etc/config/unbound</code>:</p>
|
|
<pre tabindex="0"><code>...
|
|
option unbound_control '0'
|
|
...
|
|
</code></pre><p>becomes</p>
|
|
<pre tabindex="0"><code>...
|
|
option unbound_control '1'
|
|
...
|
|
</code></pre><p>A word of warning: there is another section on “Unbound and odhcpd” which
|
|
tries to cut out dnsmasq completely. However, when I tried to set this up,
|
|
I got myself into a lot of trouble (had to reset OpenWRT, re-install any extra
|
|
software packages, and restore configuration from backup). It is also possible that if you mess up
|
|
the configuration for the “Parallel dnsmasq” method, you could end up in a
|
|
similar error state and have to start over. Please be careful when doing this
|
|
and don’t change anything you’re not supposed to.</p>
|
|
<p>Now, moving on to adblock, which should be <strong>much</strong> simpler to setup. First,
|
|
install <code>luci-app-adblock</code> and refresh. Navigate to “Services -> Adblock”:</p>
|
|
<p><img src="/adblock.png" alt="Services -> Adblock"></p>
|
|
<p>Check the settings at the bottom. The only thing you need to get going is
|
|
to go to the “Blocklist Sources” tab and choose your blocklists.</p>
|
|
<p><img src="/adblock_blocklist.png" alt="Adblock: Blacklist sources"></p>
|
|
<p>The
|
|
<a href="https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md">adblock readme</a>
|
|
has some more info on what each list is. After that,
|
|
make sure “Enabled” is checked under the “General Settings” tab:</p>
|
|
<p><img src="/adblock_enable.png" alt="Adblock: enable"></p>
|
|
<p>and click the “Refresh” button above:</p>
|
|
<p><img src="/adblock_refresh.png" alt="Adblock: refresh"></p>
|
|
<p>Then you’re good to go; adblock should work out of the box with unbound; cheers!</p>
|
|
<p>ADDENDUM: Another word of warning: once you’ve setup adblock, it will download
|
|
the blocklists, merge them into a single file at <code>/var/lib/unbound/adb_list.overall</code>,
|
|
and try to restart unbound. I recommend not trying to view/interact with adblock
|
|
or unbound during this restart, which can take anywhere from 30 seconds - 2 minutes.
|
|
Just leave them alone in LuCI for a little bit…</p>
|
|
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<hr class="dont-show">
|
|
<div class="footer">
|
|
<p>Have any questions? Let me know on <a href="https://matrix.to/#/@joel:thebeckmeyers.xyz">Matrix</a>, or start a discussion on <a href="https://social.beckmeyer.us/TinfoilSubmarine">Fediverse</a>!</p>
|
|
</div>
|
|
</body>
|
|
</html>
|