DNSBL and additional features Plugin for Unbound

[lar.hed]

If I may ask for two small requests:

1) A local blacklist, where one can enter a few local (for me swedish) URLs to block

2) Firefox DoH checkbox since "Custom options" is about to be removed. Currently I have, which I think is correct inside the "Custom options" box the following: local-zone: "use-application-dns.net" static - it would be nice to get a checkbox the same thing so to speak, call something like "Prevent client auto DoH"?

ERROR: My try on request no 2 above, using custom options is NOT correct - I wonder what I did wrong....?

[lar.hed]

Yea right I now know what I did wrong - so I am new to unbound, so this goes under learning I guess.

Under the Unbound DNS - > General -> Custom options, one need to add this:

Code Select Expand

server:
local-zone: "use-application-dns.net." always_nxdomain


I simply forgot to add the "server:" part of the above.

[cioby23]

I just installed latest release of OPNsense 20.7 and it seems Unbound DNS blacklist do not work at all. No matter what lists I select from the dropdown list ads are still being displayed.

[lar.hed]

Anyone running DoT with Multi-WAN (failover)? Would be happy if someone could attach a log and settings for getting this to work - I might have screwed up somewhere, and I can not for the world get my failover to work again....

[nikkon]

Anyone running DoT with Multi-WAN (failover)? Would be happy if someone could attach a log and settings for getting this to work - I might have screwed up somewhere, and I can not for the world get my failover to work again....

same for me.

[mimugmail]

What exactly is the problem there?

[lar.hed]

Well that is just that, I know my current config does not work when it comes to failover (although it did once upon a time, and I have verified that with a separate config (which I have backed up of course) that seem to work - however that config makes my printer to not work... so I restored the config where the printer works and failover does not...) - everything else works.

So my idea was to check the config backup that works, and compare it to my non working failover - nothing turned up to help me. So now I am just trying to figure out if anyone else has WAN failover and DoT over Unbound?

[mimugmail]

 But this should be reproducable with en- and disabling DoT, isnt it?

[lar.hed]

Well if I remove my 4 DoT servers (1.1.1.1@853 , 1.0.0.1@853 , 9.9.9.9@853 and 114.112.112.112@853) if will not fix my WAN failover issue, and more importent, when I added them all back I lost some of the URL (DNS) lookups (read: some web sites was not resolved). Something a reboot solved.

I have been thinking alot about this issue I seem to have, and I am convinced it is some sort of rule problem.

For example I have a rule that only allows 853 to pass out of the WAN interfaces (FTTH and LTE), even with that active, after removing the four DoT servers from Unbound, I still get 100% name resolution working - I kind of did not expect that to happen....

So something got to be screwed up on my firewalls rules...

[nzkiwi68]

Can we please have Response Policy Zones (RPZ) in Unbound?

I see it's supported in Unbound;
https://medium.com/nlnetlabs/response-policy-zones-in-unbound-5d453de75f26


The ideal would support for RPZ and the ability to specify the RPZ data and how often to fetch it;

I would immediately start using;
https://urlhaus.abuse.ch/api/#retrieve

and the download for their RPZ is;
https://urlhaus.abuse.ch/downloads/rpz/

RPZ is a very powerful tool for DNS blocking that I would love to use with Unbound.

[mimugmail]

Maybe worth Open a feature request in GitHub?