I've configured Unbound DNS using all suggested Types of DNSBL. This results in some unwanted unresolved URL's like i.e. support.microsoft.com after I discovered that windows update couldn't connect anymore. So I thought this could be corrected by entering these URL's in the whitelist section but that didn't help.
After having a look into /var/unbound/etc/dnsbl.conf I found the entry of support.microsoft.com and removed it and reloaded the Unbound service, than the URL was resolved correctly (using dig at the console). It appears that even though "support.microsoft.com" is entered in the whitelist section (amongst others) this is being ignored.
What do I do wrong???
Next version will ship a working update
Hi,
Does that mean that my findings were correct? Does the whitelist option has no effect in the current version?
And if so, is this also the case for the blacklist?
Thanks!
I havent verified myself but I read something in Github issues to better try current devel version or wait for next stable
Whitelisting still doesn't work in version 21.1. And there is no way to gain any insights into what is block or allowed. I don't understand why that is, it seems like a perfectly valid task to perform. Seeing if the blocklist is effective, is it blocking a domain to you need to whitelist, or vice versa, is something allowed through that you want to block. It is a complete blackbox.
Also still having issues on 21.1.
For me unbound whitelisting is working on 21.1.1.
At first I had an invalid regular expression which could be seen in the unbound log:
blacklist download : skip invalid whitelist exclude pattern "custom_pattern_1" (*.domaintoexclude.com)
blacklist download : exclude domains matching ^(?![a-zA-Z\d]).*|.*localhost$
Using a valid regular expression like
^.*\.domaintoexclude\.com$
resulted in the expected behavior:
blacklist download : exclude domains matching ^(?![a-zA-Z\d]).*|.*localhost$|^.*\.domaintoexclude\.com$
I get the correct DNS reply now. Hopefully this helps.
So does dns whitelisting require using RegEx? the help text says "You can use regular expressions" not you must.
Quote from: gdur on October 03, 2020, 07:37:52 PM
I've configured Unbound DNS using all suggested Types of DNSBL. This results in some unwanted unresolved URL's like i.e. support.microsoft.com after I discovered that windows update couldn't connect anymore.
Maybe deselecting blocklist "WindowsSpyBlocker (update)" helps, then these urls mustn't be whitelisted manually afterwards.
Also "WindowsSpyBlocker (extra)" may be something you don't want to be blocked if you use applications like Skype, Bing, Live, Outlook, NCSI, Microsoft Office, ...