Unbound - URLs of Blacklists bug

[roninxt]

OPNsense doesn't apply the url/s added to Unbound - URLs of Blacklists after rebooting. You have to click the Save button to apply it (it looks like it needs to download the list of domains again).

[mimugmail]

Do you run /var und ramdisk?

[roninxt]

Yes I use /var ramdisk.

[mimugmail]

Hm, can you try without and reboot of this still happens?

[Gary7]

I would not say there's a bug with Unbound: Blacklist.
The creation of the blacklist conf file needs to be handled differently if your /var directory is on your disk versus a ramdisk.
If your /var directory is on your physical disk(ssd), then /var/unbound/etc/dnsbl.conf is still available after a reboot. No problem.
If your /var directory is a ramdisk, then the /var directory structure is created at boot time. As a result, /var/unbound/etc/dnsbl.conf is not available (or, maybe, available with length 0. I don't remember).
It would be really nice at bootup when Unbound starts to check if DNSBL is enabled AND /var is a ramdisk. If both these conditions exist, then execute "/usr/local/sbin/configctl unbound dnsbl" shortly after Unbound is up and running.
As an alternative, I would need to manually run "/usr/local/sbin/configctl unbound dnsbl" after bootup. So far, after bootup, I login to the GUI, go to Services: Unbound DNS: Blacklist and select the Save button.

In the GUI System:Settings: Cron, I have enabled "Download Unbound DNSBLs and restart" to run each morning. However, I can't choose an execution time of "@reboot".
Unless somebody has a better idea, I'll just add the line "@reboot           /usr/local/sbin/configctl unbound dnsbl" to /etc/crontab
Just to be safe, I might add a 30-second or 60-second sleep before execution. Something like '/bin/sleep 60; /usr/local/sbin/configctl unbound dnsbl'.

[roninxt]

Hm, can you try without and reboot of this still happens?

I disabled /var ramdisk and it's applying the changes after a reboot.

Unfortunately I turned on not writing the firewall logs to disk as I'm using a circular log by default and have an SSD drive. I also don't need a lot of logs (I don't use reporting) so I don't want to turn off circular log.

[tudou]

Unbound - URLs of Blacklists
I add more lists in ,hope upgrade like adblock plus extension in Chrome.
The same with IDS/IPS download.
Which is failed ,click it do download and installed.
ET Pro/rules and Snort VRT/rules could not installed.
If have a handbook told me how to do it,that is very useful.
In China ,the Internet is very slow.
Thank you!

[Ricardo]

Hm, can you try without and reboot of this still happens?

I disabled /var ramdisk and it's applying the changes after a reboot.

Unfortunately I turned on not writing the firewall logs to disk as I'm using a circular log by default and have an SSD drive. I also don't need a lot of logs (I don't use reporting) so I don't want to turn off circular log.

I had similar issue with unbound since the beginning. I cannot use include files for unbound, because it must be loaded from /var due to being chrooted and the /var is on ramdisk for me as well. So it is rebuilt from 0 after every reboot, so any files copied there disappear. Would be great, if unbound service would start only after the ramdisk is already mounted, and would provide some form of automated file copy servixe that could place the files under /var, so by the time unbound wants to start, those files are already under the proper location. But because thats not the case, I gave up using that include file method.