Add single url to blocklist in unbound

[Simaryp]

I tried now really long and hard to get a single domain to the blocklist. I am really surprised that it's so hard next to impossible.
My path so far:
1. I first misinterpreted the area insecure domains wrongly. Adding the domains there had no effect of blocking them. Since i falsely thought i should enter them as regex I crashed my system inbetween.
2. I then read that one can edit the config of unbound directly over ssh. But the files are always restored after reboot.
3. I then read that one can add own configs under /var/unbound/etc/ that are included during start. But restarting unbound just deleted the .conf again and the domain was still not blocked.
4. I finally set up a domainoverride under overrides of that domain to 0.0.0.0. ie. what blocklist is doing anyway.

So it works now. But I found it really strange that there is no option for that under blocklist, plus that all manual config changes don't work at all.

Is there a better way?

[Maurice]

Host Overrides (not Domain Overrides!) are the correct way to do this. The Blocklist feature is not meant for individual hosts.

Custom Unbound conf files need to be placed in /usr/local/etc/unbound.opnsense.d: https://docs.opnsense.org/manual/unbound.html#advanced-configurations

Cheers
Maurice

[Simaryp]

Thx for clarification I think now something might be still broken. After some hours unbound seems to have crashed. There was a problem with unbound being not able to update the blocklists. After that it was impossible to get it started. Only after I deavtivated it, rebooted and then activated the blocklist again it seems up working.
But now I am afraid it might just crash again.

[Patrick M. Hausen]

The blocklists are implemented in a very simplistic way, i.e. as explicit configuration statements. If there is anything in those online ressources that results in a syntax error, Unbound won't start.

I prefer AdGuard Home which is much more resilient in that regard.