Block Top-Level-Domains with Unbound DNS (.zip domain)

[PhoenixRider]

Hi,

the .zip domains are a pretty big risk. With the unbound DNS, blocking this top-level domain should not be so easy.

I don't want to use PiHole or AdGuard. Is it somehow possible with Unbound DNS? Alternatively, can the feature be added accordingly by the development team?

Best regards

[cookiemonster]

The unbound implementation might have what you want for this purpose. You could use a blocklist of just that tld or you could try using the domain override.

[PhoenixRider]

Hey,

thank you for reply.

How can I block this domain with Unbound DNS? I've already tried ".zip" and ".*.zip" under Blocklist Domain. Unfortunately, this does not work. :(

[cookiemonster]

Post here the options and values you used. Someone using it would likely chime in. I use AdguardHome.

[zan]

Have a look https://forum.opnsense.org/index.php?topic=34098.0

[PhoenixRider]

Thank you! But unfortunately, these settings do not work either. :(

[cookiemonster]

Impossible to advise without more information. "It doesn't work" is not a lot to go on.
Could you please post the values used and where. Also how you are testing would be helpful.

[Stormscape]

So this is how you do it:

First install the custom options plugin from Mimugmail's repository, it's called os-unboundcustom-maxit.

Next, after the plugin is installed, go to Services -> Unbound DNS -> Custom Options and enter the following

Code Select Expand

server:
    local-zone: "zip." always_nxdomain
    local-zone: "mov." always_nxdomain

After you do so, restart Unbound and they'll all be blocked. Remember, the custom options window has no validation, so make sure you've typed everything correctly.

[PhoenixRider]

I once made a screenshot. These settings do not work. However, the tip from Stormscape was successful. Thanks for this! :)