Error(s) during installation

[toazd]

I'm not really sure what I may have done wrong or what these errors mean. It is reproducible from a clean install of unbound Manager via amtm on my particular setup.

RT-AC88U FW-384.15
amtm 3.1.5 with mostly default installs of Diversion, Skynet, scribe, scMerlin, uiDivStats, uiScribe, and Swap file 2.0G. Diversion has customized lists.

Full install log copied from terminal: https://pastebin.com/81g4xDnP
Snippet:

Do you want to add router GUI TAB to Graphically display stats?

        Reply 'y' or press [Enter]  to skip
y

        Installing @juched's GUI TAB to Graphically display unbound stats.....
        unbound_stats.sh downloaded successfully 
        unboundstats_www.asp downloaded successfully 
cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory
cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory
Mounting Unbound_Stats.sh WebUI page as user3.asp
Saving MD5 of installed file /jffs/addons/unbound/unboundstats_www.asp to /jffs/addons/unbound/www-installed.md5
/opt/var/lib/unbound/unbound.conf:154: error: unknown keyword '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@'
read /opt/var/lib/unbound/unbound.conf failed: 1 errors in configuration file
[1585678403] unbound-control[8759:0] fatal error: could not read config file
/opt/var/lib/unbound/unbound.conf:154: error: unknown keyword '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@'
read /opt/var/lib/unbound/unbound.conf failed: 1 errors in configuration file
[1585678403] unbound-control[8775:0] fatal error: could not read config file
awk: cmd. line:1: Unexpected token
Calculated Cache Hit Percentage: 
awk: cmd. line:1: Unexpected token
Adding new value to DB...
Error: near line 2: near ")": syntax error
Calculating Daily data...
Calculating Weekly and Monthly data...
Outputting histogram performance data...
Outputting answers data...

Do you want to install Ad and Tracker blocking?

        Reply 'y' or press [Enter]  to skip

Files (up until installer "paused" at the above snippet step):
tail -f /opt/var/log/messages from clean reboot: https://pastebin.com/2TzsSPUc
/opt/share/unbound/configs/reset.conf: https://pastebin.com/HvV0M2XR
/opt/var/lib/unbound/unbound.conf: https://pastebin.com/MCz80Tcd
Kompare (diff -U 3 -dHrN -- reset.conf unbound.conf.err): https://pastebin.com/FWS0cM1c

Versions:
BusyBox v1.25.1 (2020-02-08 13:39:42 EST)
unbound-checkconf_1.9.6-1_armv7-2.6.ipk
unbound-daemon_1.9.6-1_armv7-2.6.ipk
unbound-control-setup_1.9.6-1_armv7-2.6.ipk
unbound-control_1.9.6-1_armv7-2.6.ipk
openssl-util_1.1.1d-2_armv7-2.6.ipk
unbound-anchor_1.9.6-1_armv7-2.6.ipk
opkg list-installed: https://pastebin.com/8XZGE2EV

After finishing the installer (with errors) I commented out line 154 (so unbound would at least start) then I ran unbound_manager recovery. Then, I started up unbound_manager again and chose "i" (update unbound Installation). The same errors did not appear again and no other errors appeared except this one:

error: SSL handshake failed                                                                                                                                                                  
716132352:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:

I'll continue to monitor and test the setup but it appears to be working fine (dig, dnsinfo and lookup in advanced tools). Let me know if there is anything else that I can provide that might be helpful.

Thank you!

[MartineauUK]

'unbound_manager' v3.00 in both 'Easy' and 'Advanced' mode change the sequence for allowing the 3rd-party Graphical Statistics TAB script to be installed.
Basically during the initial unbound install, 'unbound_manager' calls @Juched's Graphical Statistics TAB script to install itself, but then his script attempts to retrieve the stats from unbound which clearly hasn't yet been installed.

i.e. the 'awk' and 'connection refused' errors (ideally) should be fixed by @Juched:
cat: can't open '/jffs/addons/unbound/www-installed.md5': No such file or directory
Mounting Unbound_Stats.sh WebUI page as user2.asp
Saving MD5 of installed file /jffs/addons/unbound/unboundstats_www.asp to /jffs/addons/unbound/www-installed.md5
[1585737823] unbound-control[3500:0] error: connect: Connection refused for 127.0.0.1 port 953
[1585737823] unbound-control[3515:0] error: connect: Connection refused for 127.0.0.1 port 953
awk: cmd. line:1: Unexpected token
Calculated Cache Hit Percentage:
awk: cmd. line:1: Unexpected token
Adding new value to DB...
Error: near line 2: near ")": syntax error

so too the '.md5' install error will need to be fixed by @Juched:

NOTE: You can try the unbound_manager v3.00 Beta by issuing

uf dev

The other issue is a weird corruption of the 'unbound.conf' file.
You can try downloading the file manually to the screen:

curl --retry 3 -Ls -w %{http_code} https://raw.githubusercontent.com/MartineauUK/unbound-Asuswrt-Merlin/master/unbound.conf

and hopefully you will see that the '@@@@@@@' lines correctly have the leading '#' characters....

#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # v1.05 Martineau #forward-zone: # DNS-Over-TLS support #name: "." #forward-tls-upstream: yes #forward-addr: 1.1.1.1@853#cloudflare-dns.com #forward-addr: 1.0.0.1@853#cloudflare-dns.com #forward-addr: 9.9.9.9@853#dns.quad9.net #forward-addr: 149.112.112.112@853#dns.quad9.net #forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com #forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com #forward-addr: 2620:fe::fe@853#dns.quad9.net #forward-addr: 2620:fe::9@853#dns.quad9.net #@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

I can't replicate the "@@@@@" error, so I suggest you rename '/opt/var/lib/unbound' to say '/opt/var/lib/unboundBAD' (might be a bad sector on the flash drive?) then attempt the reinstall.

[toazd]

Thank you for the tips and explanations! I appreciate your time to look at this issue and help me understand.

I failed to mention that before I used unbound_manager recovery I did compare the GitHub unbound.conf to the reset.conf downloaded by my device. I downloaded both configs again today and the differences are still the same (only the first line is different) and the diff looks like this: https://pastebin.com/kJ1L1SwD.

I didn't/won't have an opportunity today to bring the internet down for an extended period (to do more clean installs) but I will as soon as I get a chance. After reading your reply I did backup and then clone the previous new flash drive to an identical new one (pack of 5) so I could run some tests on it without having the internet down.

Tests so far (format is ext4 w/ journal enabled):

e2fsck /dev/sdc1 -fpv

        1877 inodes used (0.05%, out of 3784704)
           9 non-contiguous files (0.5%)
           2 non-contiguous directories (0.1%)
             # of inodes with ind/dind/tind blocks: 0/0/0
             Extent depth histogram: 1743/6
      833861 blocks used (5.51%, out of 15132668)
           0 bad blocks
           2 large files

        1585 regular files
         163 directories
           0 character device files
           0 block device files
           0 fifos
           0 links
         119 symbolic links (119 fast symbolic links)
           1 socket
------------
        1868 files

e2fsck /dev/sdc1 -cv

e2fsck 1.45.6 (20-Mar-2020)
Checking for bad blocks (read-only test): done
SD64: Updating bad block inode.
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information

SD64: ***** FILE SYSTEM WAS MODIFIED *****

        1877 inodes used (0.05%, out of 3784704)
           9 non-contiguous files (0.5%)
           2 non-contiguous directories (0.1%)
             # of inodes with ind/dind/tind blocks: 0/0/0
             Extent depth histogram: 1743/6
      833861 blocks used (5.51%, out of 15132668)
           0 bad blocks
           2 large files

        1585 regular files
         163 directories
           0 character device files
           0 block device files
           0 fifos
           0 links
         119 symbolic links (119 fast symbolic links)
           1 socket
------------
        1868 files

badblocks -w -s -v -o badblocks.log /dev/sdc

Checking for bad blocks in read-write mode
From block 0 to 60530687
Testing with pattern 0xaa: done
Reading and comparing: done
Testing with pattern 0x55: done
Reading and comparing: done
Testing with pattern 0xff: done
Reading and comparing: done
Testing with pattern 0x00: done
Reading and comparing: done
Pass completed, 0 bad blocks found. (0/0/0 errors)

If you can't replicate the issue then I suppose it is unique to my particular setup and therefore not useful to you. I only opened this issue in case it would be helpful. With that in mind, I will close this issue after editing this post with the results from the badblocks test unless you want me to report back the results of uninstall/reinstall on a new flash drive (or anything else).

Thanks again!

[MartineauUK]

Thank you for taking the time to provide feedback.

Sorry to put you to so much trouble with the speculation about a bad Flash drive.

So if the download is not corrupting 'unbound.conf' then I think only the 'DoT' command attempts to mangle that unique portion of 'unbound.conf'

There was a report in the SNB forum thread, where someone posted 'unbound.conf' corruption, but never replied when quizzed about how to replicate the issue. I assumed that it may have been use of the 'vx' command, and possibly the new user was unfamiliar with 'nano' and may have inadvertently caused the issue.

I'm not saying that there isn't a rogue 'sed' command that is used within the script that is the root cause.

However, if you wish to close this issue, then that's OK, but I'm happy to wait and see if you can reliably and consistently repeat the issue on the new Flash drive.

Regards,

[toazd]

It's no problem I understand the need to cover the basics first. I appreciate the work you've put into this project and I enjoy helping if I can. Before "unbound Manager" showed up in the amtm menu I didn't even know what unbound was.

It will be some time before I can bring the internet down for an extended period again to wipe everything and start over at least several times (this coming Monday at the latest). In the meantime I will do research, look into what I can, and plan ahead.

[toazd]

I may have narrowed down the section of code causing this particular issue for me at least enough to give a small update to the progress. There is still much more investigating to do. I was doing a clean install (uninstall, reboot, remove pid file and unbound folder left over) with debug (set -x) enabled and checking and copying the /tmp/mnt/SD64/entware/var/lib/unbound/unbound.conf after each step that I could (without modifying the script more). Somewhere between choosing "y" to enable stubby and the next step the unbound.conf loses the comment "#" before the 2nd @@@@@@@ line that surrounds the "DNS-Over-TLS support" forward-zone declaration. I paused there to post this update (and to document it).

Full log: https://pastebin.com/t1AqrW8h

Summary of the steps that I took:

1. Manual install without the execute at the end (master branch)
2. nano -l /jffs/addons/unbound/unbound_manager.sh
3. Line 93: removed comment before set -x to enable debug
4. Line: 557: replaced line with "if Unbound_Installed;then" (quick alternative fix to the pull request that I posted)
5. cd /jffs/addons/unbound && sh unbound_manager.sh

Program input (line #'s refer to the full log):
(checkpoint = backup copy of /tmp/mnt/SD64/entware/var/lib/unbound/unbound.conf)

1. Line 218: i
2. Checkpoint (conf seems ok)
3. Line 744: (Enable unbound logging): [Enter]
4. Checkpoint (conf seems ok)
5. Line 777: (optimize Performance/Memory): [Enter]
6. Checkpoint (conf seems ok)
7. Line 801: (integrate Stubby): y
8. Line 825: Execution paused at next step
9. Checkpoint ("#" missing from the beginning of line 154 unbound.conf)

Snippet at this point:

So, do you STILL want to integrate Stubby with unbound?

        Reply 'y' or press [Enter]  to skip
+ read -r ANS
y
+ [ y == y ]
+ Stubby_Integration
+ echo -e \e[96mIntegrating Stubby with unbound.....\e[90m
Integrating Stubby with unbound.....
+ nvram get rc_support
+ tr   \n
+ grep -qE dnspriv|stubby
+ uname -o
+ [ ASUSWRT-Merlin != ASUSWRT-Merlin-LTS ]
+ [ 38415 -ge 38406 ]
+ nvram get dnspriv_enable
+ [ 1 -eq 1 ]
+ echo -e \e[96mAdding Stubby 'forward-zone:'\e[0m
Adding Stubby 'forward-zone:'
+ grep -F #forward-zone: /opt/var/lib/unbound/unbound.conf
+ [ -n #forward-zone:                                                        # DNS-Over-TLS support
#forward-zone: ]
+ sed -i /forward\-zone:/,/forward\-addr: 127\.0\.0\.1\@5453/s/^#// /opt/var/lib/unbound/unbound.conf
+ sed -i s/forward\-addr: 127\.0\.[01]\.1\@[0-9]\{1,5\}/forward\-addr: 127\.0\.1\.1\@53/ /opt/var/lib/unbound/unbound.conf
+ echo -en \e[96mRestarting dnsmasq.....\e[92m
Restarting dnsmasq.....+ service restart_dnsmasq

Done.
+ echo -en \e[0m
+ Option_Disable_Firefox_DoH 
+ local ANS=
+ [ ? != ? ]
+ [ ? == ? ]
+ echo -e \nDo you want to DISABLE Firefox DNS-over-HTTPS (DoH)? (USA users)\n\n\tReply\e[91m 'y' \e[92mor press [Enter] \e[0m to skip

Do you want to DISABLE Firefox DNS-over-HTTPS (DoH)? (USA users)

        Reply 'y' or press [Enter]  to skip
+ read -r ANS

unbound.conf before stubby: https://pastebin.com/8dauAvt7
unbound.conf after stubby: https://pastebin.com/ZKe58CF8
diff -U 3 -dHrN -- before after: https://pastebin.com/Qz3b8pWi
diff -U 3 -dHrN -- reset.conf after: https://pastebin.com/h87YwZ9P

I will continue to investigate.

[MartineauUK]

Given 'unbound+Stubby' is considered no better than the firmware's inbuilt 'dnsmasq+Stubby' I may decide to totally remove the inbound_manager Stubby Integration option!

OK thanks for the detailed diagnostics - it helped identify (as alluded to earlier in my previous reply) which 'sed' is the culprit.

The issue is that since v1.05 there are now TWO possible 'forward-zone' sectional clauses; one for Stubby and one for DoT.

Now apart from a silly typo, the following sed usage example (used to uncomment a desired range of lines) appears to always be applied globally to the file despite no explicit 'g' flag.

sed -i '/From_line_containing_THIS/,/To_line_containing_THAT/ s/^#//' /opt/var/lib/unbound/unbound.conf

So a quick'n'dirty hack (while I reread the sed man pages) is to make the FIRST 'forward-zone:' clause unique in 'unbound.conf'

######################################## #forward-zone:#Stubby #name: "." #forward-addr: 127.0.1.1@53 #forward-addr: 0::1@5453 # integration IPV6 #########################################

So now you can patch the code

            if [ -n "$(grep -F "#forward-zone:" ${CONFIG_DIR}unbound.conf)" ];then
                #sed -i '/forward\-zone:/,/forward\-addr: 127\.0\.0\.1\@5453/s/^#//' ${CONFIG_DIR}unbound.conf
                #sed -i 's/forward\-addr: 127\.0\.[01]\.1\@[0-9]\{1,5\}/forward\-addr: 127\.0\.1\.1\@53/' ${CONFIG_DIR}unbound.conf
                sed -i '/forward\-zone:#Stubby/,/forward\-addr: 127\.0\.1\.1\@53/s/^#//' ${CONFIG_DIR}unbound.conf
                [ "$(nvram get ipv6_service)" != "disabled" ] && sed -i '/forward\-addr: 0::1@5453/ s/^#//' ${CONFIG_DIR}unbound.conf`

`

[toazd]

Is the formatting for your suggestion correct? Forgive me if I misinterpreted but I think this is what you meant:

156 ########################################
157 #forward-zone:#Stubby
158 #name: "."
159 #forward-addr: 127.0.1.1@53
160 #forward-addr: 0::1@5453 # integration IPV6
161 #########################################

I quickly wrote a dirty script to test the change and produce diff's for each sed command (both always run for me because nvram get ipv6_service = dhcp6) before going through the longer process of testing the entire install/uninstall process.

The first sed seems to run ok but I believe it is showing the same issue you described (it removes a "#" before "v1.01 Added the following") https://pastebin.com/rzCY5Mib:

--- /opt/var/lib/unbound/unbound.test.conf	2020-04-06 18:58:36.635595291 +0000
+++ /opt/var/lib/unbound/unbound.test.conf.sed1	2020-04-06 18:58:42.035601269 +0000
@@ -154,13 +154,13 @@
 #@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 
 #########################################
-#forward-zone:#Stubby
-#   name: "."
-#   forward-addr: 127.0.0.1@5453
-#   forward-addr: 0::1@5453 # integration IPV6
-#########################################
+forward-zone:#Stubby
+   name: "."
+   forward-addr: 127.0.0.1@5453
+   forward-addr: 0::1@5453 # integration IPV6
+########################################
 
-# v1.01 Added the following
+ v1.01 Added the following
 auth-zone:
        name: "."
        url: "https://www.internic.net/domain/root.zone"

If the first sed command didn't run correctly the second diff may not be useful but I've included it in case I am mistaken: https://pastebin.com/ijSmGveZ

I would have continued further and tried to figure out how to fix the sed command before reporting back but I think it would have taken too much time because I am barely a novice with sed at this time (WIP). Additionally, the possibility exists that I misinterpreted your fix.

Just in case it's useful (and because I had to find it for myself anyway) here is a link to sed.c for busybox v1.25. I have yet to find a clear definition/comparison of the sed implementation used in my busybox version so I will just compare what I am learning (GNU sed) to the source as needed.

[MartineauUK]

Fortunately the two 'forward-zone:' directives are currently different as the DoT one already contains a comment containing the word 'DNS'.

So without altering 'unbound.conf', the following hack will explicitly ignore the DoT statement and find the 'Stubby' related line and should only match on that sectional clause

            echo -e $cBCYA"Adding Stubby 'forward-zone:'"$cRESET
            if [ -n "$(grep -E "#forward-zone:" ${CONFIG_DIR}unbound.conf)" ];then
                #sed -i '/forward\-zone:/,/forward\-addr: 127\.0\.0\.1\@5453/s/^#//' ${CONFIG_DIR}unbound.conf   # v2.18 Bug prompted to review by @toazd
                local POS=$(grep -nE "^#forward-zone:" ${CONFIG_DIR}unbound.conf | grep -v DNS | cut -d':' -f1)   # v2.18 Hotfix
                [ -n "$POS" ] && sed -i "$POS,/forward\-addr: 127\.0\.[01]\.1\@5453/s/^#//" ${CONFIG_DIR}unbound.conf   # v2.18 Hotfix
                sed -i 's/forward\-addr: 127\.0\.[01]\.1\@[0-9]\{1,5\}/forward\-addr: 127\.0\.1\.1\@53/' ${CONFIG_DIR}unbound.conf
                [ "$(nvram get ipv6_service)" != "disabled" ] && sed -i '/forward\-addr: 0::1@5453/ s/^#//' ${CONFIG_DIR}unbound.conf   # v2.18 Hotfix
            fi

[toazd]

Using this script I tested your hotfix (-i removed from sed to redirect output, and local removed from POS):

#!/bin/sh
CONFIG_DIR="/opt/var/lib/unbound/"
if [ -n "$(grep -E "#forward-zone:" ${CONFIG_DIR}unbound.conf)" ];then
	POS=$(grep -nE "^#forward-zone:" ${CONFIG_DIR}unbound.conf | grep -v DNS | cut -d':' -f1)
	[ -n "$POS" ] && sed "$POS,/forward\-addr: 127\.0\.[01]\.1\@5453/s/^#//" ${CONFIG_DIR}unbound.conf > sed1
	sed 's/forward\-addr: 127\.0\.[01]\.1\@[0-9]\{1,5\}/forward\-addr: 127\.0\.1\.1\@53/' sed1 > sed2
	[ "$(nvram get ipv6_service)" != "disabled" ] && sed '/forward\-addr: 0::1@5453/ s/^#//' sed2 > sed3

	diff -U3 -dHrN -- unbound.conf sed1 > sed1.diff
	diff -U3 -dHrN -- sed1 sed2 > sed2.diff
	diff -U3 -dHrN -- sed2 sed3 > sed3.diff
fi

Summary of changes to unbound.conf:

--- unbound.conf	2020-04-06 20:28:02.000000000 -0400
+++ sed3	2020-04-06 20:44:14.000000000 -0400
@@ -154,10 +154,10 @@
 #@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 
 #########################################
-#forward-zone:
-#   name: "."
-#   forward-addr: 127.0.0.1@5453
-#   forward-addr: 0::1@5453 # integration IPV6
+forward-zone:
+   name: "."
+   forward-addr: 127.0.1.1@53
+   forward-addr: 0::1@5453 # integration IPV6
 #########################################
 
 # v1.01 Added the following

Step by step:

--- unbound.conf	2020-04-07 00:28:02.584158011 +0000
+++ sed1	2020-04-07 00:44:14.813536502 +0000
@@ -154,9 +154,9 @@
 #@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 
 #########################################
-#forward-zone:
-#   name: "."
-#   forward-addr: 127.0.0.1@5453
+forward-zone:
+   name: "."
+   forward-addr: 127.0.0.1@5453
 #   forward-addr: 0::1@5453 # integration IPV6
 #########################################

--- sed1	2020-04-07 00:44:14.813536502 +0000
+++ sed2	2020-04-07 00:44:14.813536502 +0000
@@ -156,7 +156,7 @@
 #########################################
 forward-zone:
    name: "."
-   forward-addr: 127.0.0.1@5453
+   forward-addr: 127.0.1.1@53
 #   forward-addr: 0::1@5453 # integration IPV6
 #########################################

--- sed2	2020-04-07 00:44:14.813536502 +0000
+++ sed3	2020-04-07 00:44:14.893536465 +0000
@@ -157,7 +157,7 @@
 forward-zone:
    name: "."
    forward-addr: 127.0.1.1@53
-#   forward-addr: 0::1@5453 # integration IPV6
+   forward-addr: 0::1@5453 # integration IPV6
 #########################################
 
 # v1.01 Added the following

While I think the applicable lines are at and around line 1541 of unbound_manager.sh (to update it and test a full run) I DO NOT want to mess that part up. I can attempt to update it with your confirmation of which lines to replace or I can wait for you to hotfix the unbound_manager.sh if the above results are sufficient data.

[MartineauUK]

I've pushed the Hotfix (in two places to accommodate those using @john9527's LTS firmware).

[toazd]

I went through two clean installs, one using amtm and one manual using the Readme.md instructions (with debug enabled). I believe that both were successful with regards to this particular issue but of course it will need your review to be sure.

amtm install:

1. (main menu) i
2. (Enable unbound logging): [Enter]
3. (optimize Performance/Memory): [Enter]
4. (integrate stubby) y
5. (Disable Firefox DoH) y
6. (Add router GUI TAB) [Enter]
7. (Ad and Tracker blocking) [Enter]
8. Install finishes and unbound_manager does not go AWOL
9. (main menu) e

diff -U3 -dHrN -- reset.conf unbound_amtm.conf:

--- /tmp/mnt/SD64/entware/share/unbound/configs/reset.conf	2020-04-08 19:17:51.486903710 +0000
+++ unbound_amtm.conf	2020-04-08 19:28:20.977817872 +0000
@@ -28,7 +28,7 @@
 #########################################
 
 do-ip4: yes
-do-ip6: no
+#do-ip6: no
 do-udp: yes
 do-tcp: yes
 
@@ -52,12 +52,12 @@
 #########################################
 # integration IPV6
 #
-# do-ip6: yes
-# interface: ::0
-# access-control: ::0/0 refuse
-# access-control: ::1 allow
-# private-address: fd00::/8
-# private-address: fe80::/10
+ do-ip6: yes
+ interface: ::0
+ access-control: ::0/0 refuse
+ access-control: ::1 allow
+ private-address: fd00::/8
+ private-address: fe80::/10
 #########################################
 #module-config: "dns64 validator iterator"      # v1.03 v1.01 perform a query against AAAA record exists
 #dns64-prefix: 64:FF9B::/96                     # v1.03 v1.01
@@ -126,7 +126,7 @@
 #########################################
 # Adblock blacklist
 #include: /opt/var/lib/unbound/adblock/adservers
-#include: /opt/var/lib/unbound/adblock/firefox_DOH
+include: /opt/var/lib/unbound/adblock/firefox_DOH
 #########################################
 
 remote-control:
@@ -154,10 +154,10 @@
 #@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 
 #########################################
-#forward-zone:
-#   name: "."
-#   forward-addr: 127.0.0.1@5453
-#   forward-addr: 0::1@5453 # integration IPV6
+forward-zone:
+   name: "."
+   forward-addr: 127.0.1.1@53
+   forward-addr: 0::1@5453 # integration IPV6
 #########################################
 
 # v1.01 Added the following

unbound_amtm.conf:

# rgnldo Github Version=v1.07 Martineau update (Date Loaded by unbound_manager Wed Apr  8 15:17:51 DST 2020)
# v1.07 Martineau - Add     'control-use-cert:' "Fast Menu" template
# v1.06 Martineau - Add     'extended-statistics:' template
# v1.05 Martineau - Add     'DNS-Over-TLS support' & 'so-rcvbuf:' templates
#                   Remove  'prefetch:' & 'prefetch-key:' duplicates - Thanks @Safemode
# v1.04 Martineau - Change  'ip-ratelimit:'
# v1.03 Martineau - Remove  'dns64-prefix:' and 'module-config: "dns64 ..."' from auto ENABLE if IPv6 detected
# v1.02 Martineau - Add     '#use-syslog:' '#log-local-actions:' '#log-tag-queryreply:' Option placeholders
# v1.01 Martineau - Add     'auth-zone:', 'edns-buffer-size:' log-time-ascii: 'log-servfail:' IPv6 'dns64-prefix:' and 'module-config: "dns64 ..."'
#                   Change  'interface: 0.0.0.0' to 'interface: 127.0.0.1@53535'
#                   Add     If IPv6 detected, auto ENABLE 'dns64-prefix:' and modify to include 'module-config: "dns64 ..."'
server:
# port to answer queries from
port: 53535

#########################################
# integration LOG's
#
#verbosity: 1                               # v1.02 '1' is adequate to prove unbound is processing domains
logfile: "/opt/var/lib/unbound/unbound.log" # v1.01 as per @dave14305 minimal config
log-time-ascii: yes                         # v1.01 as per @dave14305 minimal config
#log-tag-queryreply: yes                    # v1.02 @Martineau Explicitly Tag log-queries/replies with 'query'/'reply'
#log-queries: yes
#log-replies: yes
#use-syslog: yes                            # v1.02 @Martineau Let scribe/syslog-ng handle the log as it gets erased daily if Ad Block enabled :-(
#log-local-actions: yes                     # v1.02 @Martineau
log-servfail: yes                           # v1.01 as per @dave14305 minimal config
#########################################

do-ip4: yes
#do-ip6: no
do-udp: yes
do-tcp: yes

# don't be picky about interfaces but consider your firewall
#interface: 0.0.0.0
interface: 127.0.0.1@53535                  # v1.01 as per @dave14305 minimal config

access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: 10.0.0.0/8 allow
access-control: 172.16.0.0/16 allow
access-control: 192.168.0.0/24 allow

# RFC1918 private IP address - Protects against DNS Rebinding
private-address: 127.0.0.0/8
private-address: 169.254.0.0/16
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16

#########################################
# integration IPV6
#
 do-ip6: yes
 interface: ::0
 access-control: ::0/0 refuse
 access-control: ::1 allow
 private-address: fd00::/8
 private-address: fe80::/10
#########################################
#module-config: "dns64 validator iterator"      # v1.03 v1.01 perform a query against AAAA record exists
#dns64-prefix: 64:FF9B::/96                     # v1.03 v1.01

tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"     # v1.01 as per @dave14305 minimal config

# no threads and no memory slabs for threads
num-threads: 1
msg-cache-slabs: 2
rrset-cache-slabs: 2
infra-cache-slabs: 2
key-cache-slabs: 2

# tiny memory cache
#extended-statistics: yes                        # v1.06 Martineau for @juched GUI TAB
key-cache-size: 8m
msg-cache-size: 8m
rrset-cache-size: 16m
cache-max-ttl: 21600
cache-min-ttl: 5
# prefetch
prefetch: yes
prefetch-key: yes
minimal-responses: yes
serve-expired: yes
serve-expired-ttl: 3600
incoming-num-tcp: 600
outgoing-num-tcp: 100
ip-ratelimit: 0                                  # v1.04 as per @L&LD as it impacts ipleak.net?
edns-buffer-size: 1472                           # v1.01 as per @dave14305 minimal config

# Ensure kernel buffer is large enough to not lose messages in traffic spikes
#so-rcvbuf: 1m                                   # v1.05 Martineau see DEFAULT /proc/sys/net/core/rmem_default

#########################################
# Options for integration with TCP/TLS Stubby
# udp-upstream-without-downstream: yes
#########################################

# gentle on recursion
hide-identity: yes
hide-version: yes
do-not-query-localhost: no
qname-minimisation: yes
harden-glue: yes
harden-below-nxdomain: yes
rrset-roundrobin: yes
aggressive-nsec: yes
deny-any: yes

# Self jail Unbound with user "nobody" to /var/lib/unbound
username: "nobody"
directory: "/opt/var/lib/unbound"
chroot: "/opt/var/lib/unbound"

# The pid file
pidfile: "/opt/var/run/unbound.pid"

# ROOT Server's
root-hints: "/opt/var/lib/unbound/root.hints"

# DNSSEC
module-config: "validator iterator"
auto-trust-anchor-file: "/opt/var/lib/unbound/root.key"

#########################################
# Adblock blacklist
#include: /opt/var/lib/unbound/adblock/adservers
include: /opt/var/lib/unbound/adblock/firefox_DOH
#########################################

remote-control:
control-enable: yes
#control-use-cert: no                            # v1.07 Martineau "Fast Menu"
control-interface: 127.0.0.1
control-port: 953
server-key-file: "/opt/var/lib/unbound/unbound_server.key"
server-cert-file: "/opt/var/lib/unbound/unbound_server.pem"
control-key-file: "/opt/var/lib/unbound/unbound_control.key"
control-cert-file: "/opt/var/lib/unbound/unbound_control.pem"

#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # v1.05 Martineau
#forward-zone:                                                        # DNS-Over-TLS support
#name: "."
#forward-tls-upstream: yes
#forward-addr: 1.1.1.1@853#cloudflare-dns.com
#forward-addr: 1.0.0.1@853#cloudflare-dns.com
#forward-addr: 9.9.9.9@853#dns.quad9.net
#forward-addr: 149.112.112.112@853#dns.quad9.net
#forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
#forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
#forward-addr: 2620:fe::fe@853#dns.quad9.net
#forward-addr: 2620:fe::9@853#dns.quad9.net
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

#########################################
forward-zone:
   name: "."
   forward-addr: 127.0.1.1@53
   forward-addr: 0::1@5453 # integration IPV6
#########################################

# v1.01 Added the following
auth-zone:
       name: "."
       url: "https://www.internic.net/domain/root.zone"
       fallback-enabled: yes
       for-downstream: no
       for-upstream: yes
       zonefile: root.zone

Manual install:
-Same install procedure
-Full install log (set +x enabled): https://pastebin.com/7gXpw4gL

diff -U3 -dHrN -- unbound_manual.conf unbound_amtm.conf:
(I didn't expect any difference I just included this because I saved everything)

--- unbound_manual.conf	2020-04-08 19:53:46.050131455 +0000
+++ unbound_amtm.conf	2020-04-08 19:59:07.760677560 +0000
@@ -1,4 +1,4 @@
-# rgnldo Github Version=v1.07 Martineau update (Date Loaded by unbound_manager Wed Apr  8 15:53:23 DST 2020)
+# rgnldo Github Version=v1.07 Martineau update (Date Loaded by unbound_manager Wed Apr  8 15:17:51 DST 2020)
 # v1.07 Martineau - Add     'control-use-cert:' "Fast Menu" template
 # v1.06 Martineau - Add     'extended-statistics:' template
 # v1.05 Martineau - Add     'DNS-Over-TLS support' & 'so-rcvbuf:' templates

If everything looks ok to you and there are no other questions I can help answer pertaining to this issue I do believe that this issue been fixed quite well!