IPFire Domain Blocklist ( Suricata - Unbound - Adguard )

[yeraycito]

https://www.ipfire.org/dbl

[nero355]

My eyes hurt when I open that link... :(

You should have linked to : https://www.ipfire.org/blog/introducing-ipfire-dbl-community-powered-domain-blocking-for-everyone

Still a lot of RED but just a fraction compared to the link above !!



Seems to work with Pi-Hole too, but not going to use it for now since a lot of websites/companies claim to have the best Block List out there and not all of them are actually that great...

[Patrick M. Hausen]

I am going to try them in AdGuard Home because blocklist management and logging in AGH is great, so why not.

[abraxxa]

Can we get this integrated into the unbound blocklists?

[Patrick M. Hausen]

Can we get this integrated into the unbound blocklists?

You can easily configure it.

- Navigate to https://www.ipfire.org/dbl/how-to-use
- Scroll down to "Plaintext Formats"
- Pick e.g. Domains > Malware

This results in this URL: https://dbl.ipfire.org/lists/malware/domains.txt

In OPNsense navigate to Service > Unbound > Blocklists, click the tiny + to add one, enable advanced mode, enter the URL above into the "URLs of Blocklists" field, add a description, save and apply.

Done. Repeat for more lists as you see fit.

This is what it looks like in AdGuard Home which is what I use. Should work in Unbound all the same.

[abraxxa]

Thanks for the quick reply!
I wasn't aware of keeping the Type field empty and entering the URL(s) instead.

Reading the IPFire DBL how-to-use docs guided me towards using the 'DNS Request Policy Zone (RPZ)' feature of unbound but I guess this isn't configurable via the OPNSense WebUI?