I am a long-time Linux user, but I've heard good things about OPNsense, so now I am trying to build up a new router to replace my old ALIX box. Over the years, I have built up a large set of blocked domains (6,800, ouch) served by dnsmasq. I would like to port these over, but haven't found an equivalent for them in the new configuration. I have checked out the pre-configured blocklists, but none really cover all of what I'm after.
I set up a DNSBL URL for Unbound DNS on the new router pointing at an internal web server. That works no problem and I see the listed domains return an address of 0.0.0.0. However, subdomains of the listed domains aren't blocked like dnsmasq did.
I also looked at adding host overrides in dnsmasq, but that worked similarly, with subdomains not covered. It'll also produce a pretty massive configuration to put them all in the XML, so I'm not excited about that path.
Is there any way to accomplish this with the OPNsense tools? Thanks.
Hi and welcome,
Have you seen the functionality for Dnsmasq advanced settings?
https://docs.opnsense.org/manual/dnsmasq.html#advanced-settings
Cheers,
Franco
Excellent, thank you very much. I indeed hadn't seen that. I see there is also an equivalent for Unbound since dnsmasq has been deprecated. Between the two I should be able to get this working.