dnscache blocklist conversion

[bruceg]

I am a long-time Linux user, but I've heard good things about OPNsense, so now I am trying to build up a new router to replace my old ALIX box. Over the years, I have built up a large set of blocked domains (6,800, ouch) served by dnsmasq. I would like to port these over, but haven't found an equivalent for them in the new configuration. I have checked out the pre-configured blocklists, but none really cover all of what I'm after.

I set up a DNSBL URL for Unbound DNS on the new router pointing at an internal web server. That works no problem and I see the listed domains return an address of 0.0.0.0. However, subdomains of the listed domains aren't blocked like dnsmasq did.

I also looked at adding host overrides in dnsmasq, but that worked similarly, with subdomains not covered. It'll also produce a pretty massive configuration to put them all in the XML, so I'm not excited about that path.

Is there any way to accomplish this with the OPNsense tools? Thanks.

[franco]

Hi and welcome,

Have you seen the functionality for Dnsmasq advanced settings?

https://docs.opnsense.org/manual/dnsmasq.html#advanced-settings


Cheers,
Franco

[bruceg]

Excellent, thank you very much. I indeed hadn't seen that. I see there is also an equivalent for Unbound since dnsmasq has been deprecated. Between the two I should be able to get this working.