"/etc/init.d/unbound test-name-server" not supported anymore?

It used to be possible to check nameservers via the init script like this

/etc/init.d/unbound test-name-server is validating supports TCP fallback
EDNS buffer size for 4096

but now there is no such action anymore and the usage screens gets displayed.

Where can I find the same functionality?

That option was present in CU139 and was not present in CU141.

The post for the release of CU141 mentions “Faster boot because of fewer checks being executed at boot time”
This may be related to the removal of that option from the initscript.

Well, it’s good not to check this on boot (if related), but why completely remove it?
How would I check name servers now?

A dig or kdig should give you info on the status and quality of a name server.

I just had a look through the code for that test.

It basically is checking if the name-server is DNSSEC aware, if it is DNSSEC validating or if there is some other error such as unreachable etc.

I suspect that the removal of the code was part of the move to making dnssec mandatory with IPFire. If a name server is not dnssec aware or validating then it will be marked as an error and not used.

So you automatically get the info from that test-name-server test in the normal operation of unbound now.

I think that test was originally intended to give info about whether a name server that was planned to be used was dnssec aware and using it or not, when you could still have non dnssec validating name servers used in IPFire.

1 Like

I tried to find that code you mentioned, but had no luck. Also tried to find some information on how to recreate the old behaviour by using other commands without luck.

Could you please share the URL to the code?

Here is the location for the code for the initscript as used in CU139 in the git repository.


I believe that all the required code, including variables and subroutines is in this initscript but I don’t guarantee that. You will need to review it and make up your own script to carry out the function.

However, I think if you add the involved name server into the IPFire DNS server list it will tell you if there is a problem with that server such as not using dnssec. It will show a red error for the involved server and placing your mouse pointer over the error label will highlight a short message about the error reason. Also the error will be in the unbound log.

1 Like

Thanks a lot!
This brings back the old functionality:

wget -O checkdns "https://git.ipfire.org/?p=ipfire-2.x.git;a=blob_plain;f=src/initscripts/system/unbound;h=8eaf3734a88a1638004dd5c35a16fed638febe8c;hb=refs/heads/core139" && \
chmod +x checkdns

./checkdns test-name-server

Yes, that’s true. But using the shell is easier (if that script already exists) and faster (as the GUI will test all servers). Matter of preference…

Bear in mind that at a Core Upgrade it is likely to be over written.

1 Like

Saved it in a separate place (not overwriting anything).

Ah OK. I thought you had replaced the unbound initscript with the old version.