I use a couple of (vlan) networks.
* guest: allow internet (everything) except rfc1918
* media: reject rfc1819 but connected some devices (chromecast) and some regular guests on this subnet + internet.
* lan: For my "own" networks i like to use DNSBL
The main problem is with "media". I want to use Unbound for dhcp static mappings but i do not want to use the DNSBL for this interface. So, forwarding (to isp or google) dns using DHCP is not really what i want.
So what to seems to be missing is a interfaces dropdown on the "Services -> Unbound DNS -> Blocklist" page? Is this even possible with unbound?
Am i missing something obvious?
Late to the game, but still: I think this would be quite a handy feature, but also am not sure if it is easily achievable with unbound.
My desired scenario would be similar: Allowing different blocklist configurations for different interfaces, so not only enable/disable DNS blocking per interface. For example, having a "global blocklist" on all interfaces (e.g. for blocking malware/phishing), and additional blocklists per interface (e.g. for blocking certain content).
You already found my bug report if i am correct.
https://github.com/opnsense/core/issues/5712#issuecomment-1495674768
Yes I did, thanks so much!