OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: ticker on August 10, 2022, 04:03:57 pm

Title: How to Read and Unblock/Block With Unbound?
Post by: ticker on August 10, 2022, 04:03:57 pm
How do you properly read the Unbound logs to determine sites that are blocked, and are passed?
It looks like there is no way to filter between the two which sucks.

And as for the syntax for whitelisting/blacklisting, how do I make a catch all for a domain?
For example if I wanted to whitelist all of facebook would facebook.com/* not work?
Or all of a website with domains like 1.amazon.com 2.amazon.com something like *.amazon.com/* ?

Not exactly familiar with regex, so a simple cheatsheet would be nice. I don't plan on doing anything crazy but I can not seem to figure it out.
Title: Re: How to Read and Unblock/Block With Unbound?
Post by: cookiemonster on August 10, 2022, 10:58:29 pm
I could very well be wrong as I use Unbound but not block/allow lists on it.  But I don't think it logs them. It'll look up ips in the lists and allow/block the ip. It works with ips, not uris after lookup. Will only log ips.
Title: Re: How to Read and Unblock/Block With Unbound?
Post by: tuto2 on August 17, 2022, 12:12:45 pm
Logged queries do not distinguish between blocked or passed, this is due to the nature of how blocklists are implemented.

The current implementation of Unbound blocklists simply takes domain names and creates an A record pointing it to 0.0.0.0. Unbound takes these records as fully qualified domain names and NOT as zones.

If you want to manually specify an entire zone to block (e.g. '*.facebook.com'), create a host override entry (with hostname '*') and point it to 0.0.0.0.