OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: fbar on December 11, 2015, 12:27:30 am

Title: [SOLVED] Include /var/unbound/ad_servers.conf to unbound.conf
Post by: fbar on December 11, 2015, 12:27:30 am

Hi ,

I've switched from OpenBSD server to OPNSense and must say it is quite nice. In my old setup I had autogenerated a conf file for ad servers so that unbound would respond back with 127.0.0.1:

curl -sS -L --compressed "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound;showintro=0" | sed -e 's/<[^>]*>//g' | sed -e 's/^Ad.*//g' > /var/unbound/ad_servers.conf

Then in unbound.conf:

include /var/unbound/ad_servers.conf


this generates hundreds of adserver domains that point back to 127.0.0.1:
local-zone: "101com.com" redirect
local-data: "101com.com A 127.0.0.1"
local-zone: "101order.com" redirect
local-data: "101order.com A 127.0.0.1"
...


How do I make this persistent on reboots in OPNSense so that I can continue to block adservers at the network/DNS level ?

Thanks.

Title: Re: How do I Include /var/unbound/ad_servers.conf to unbound.conf and keep it persis
Post by: fbar on December 11, 2015, 12:53:01 am

Found my own answer by editing the file:

/usr/local/etc/inc/unbound.inc

to include:
include /var/unbound/ad_servers.conf

then restarting unbound. Works like a charm.

Title: Re: How do I Include /var/unbound/ad_servers.conf to unbound.conf and keep it persis
Post by: AdSchellevis on December 11, 2015, 11:41:08 am

Hi,

Only issue is, you have to repeat your action after every upgrade.
You can try to add your include to the "Advanced" section, if I'm not mistaken it will copy those settings directly into the config file.

Cheers,

Ad

Title: Re: How do I Include /var/unbound/ad_servers.conf to unbound.conf and keep it persis
Post by: franco on December 11, 2015, 09:58:51 pm

Yes, paste the file contents into the GUI if it is static. If it is dynamic, you can add the following to unbound advanced options text area instead... (note the colon)

include: /var/unbound/ad_servers.conf

Title: Re: How do I Include /var/unbound/ad_servers.conf to unbound.conf and keep it persis
Post by: fbar on December 15, 2015, 01:06:32 am

Quote from: franco on December 11, 2015, 09:58:51 pm

Yes, paste the file contents into the GUI if it is static. If it is dynamic, you can add the following to unbound advanced options text area instead... (note the colon)

include: /var/unbound/ad_servers.conf

That unfortunatly doesnt work because it puts the line after the "." cache section:
# Forwarding
forward-zone:
    name: "."
        forward-addr: x.x.x.x
        forward-addr: y.y.y.y


# Unbound custom option
include:
/var/unbound/ad_servers.conf

This causes the contents of ad_servers.conf to be ignored and actually resolves it to the real addresses instead of 127.0.0.1. The placement of it appears to be important. If I place it before the forwarding section I get the intended results. If it is placed after (as it is when using the "advanced method") it doesnt work.

Title: Re: [SOLVED] Include /var/unbound/ad_servers.conf to unbound.conf
Post by: franco on December 22, 2015, 03:09:44 pm

Okay, I'm "unsolving" this, added a ticket: https://github.com/opnsense/core/issues/550

Title: Re: Include /var/unbound/ad_servers.conf to unbound.conf
Post by: fbar on January 08, 2016, 01:46:24 am

Thank you for looking into this  :)

Title: Re: Include /var/unbound/ad_servers.conf to unbound.conf
Post by: franco on January 09, 2016, 12:14:40 am

Should be fixed in 15.7.24.