[SOLVED] Include /var/unbound/ad_servers.conf to unbound.conf

[fbar]

Hi ,

I've switched from OpenBSD server to OPNSense and must say it is quite nice. In my old setup I had autogenerated a conf file for ad servers so that unbound would respond back with 127.0.0.1:

curl -sS -L --compressed "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound;showintro=0" | sed -e 's/<[^>]*>//g' | sed -e 's/^Ad.*//g' > /var/unbound/ad_servers.conf

Then in unbound.conf:

include /var/unbound/ad_servers.conf


this generates hundreds of adserver domains that point back to 127.0.0.1:
local-zone: "101com.com" redirect
local-data: "101com.com A 127.0.0.1"
local-zone: "101order.com" redirect
local-data: "101order.com A 127.0.0.1"
...


How do I make this persistent on reboots in OPNSense so that I can continue to block adservers at the network/DNS level ?

Thanks.

[fbar]

Found my own answer by editing the file:

/usr/local/etc/inc/unbound.inc

to include:
include /var/unbound/ad_servers.conf

then restarting unbound. Works like a charm.

[AdSchellevis]

Hi,

Only issue is, you have to repeat your action after every upgrade.
You can try to add your include to the "Advanced" section, if I'm not mistaken it will copy those settings directly into the config file.

Cheers,

Ad

[franco]

Yes, paste the file contents into the GUI if it is static. If it is dynamic, you can add the following to unbound advanced options text area instead... (note the colon)

include: /var/unbound/ad_servers.conf

[fbar]

Yes, paste the file contents into the GUI if it is static. If it is dynamic, you can add the following to unbound advanced options text area instead... (note the colon)

include: /var/unbound/ad_servers.conf

That unfortunatly doesnt work because it puts the line after the "." cache section:
# Forwarding
forward-zone:
    name: "."
        forward-addr: x.x.x.x
        forward-addr: y.y.y.y


# Unbound custom option
include:
/var/unbound/ad_servers.conf

This causes the contents of ad_servers.conf to be ignored and actually resolves it to the real addresses instead of 127.0.0.1. The placement of it appears to be important. If I place it before the forwarding section I get the intended results. If it is placed after (as it is when using the "advanced method") it doesnt work.

[franco]

Okay, I'm "unsolving" this, added a ticket: https://github.com/opnsense/core/issues/550

[fbar]

Thank you for looking into this 

[franco]

Should be fixed in 15.7.24.