Configuring Unbound DNS for Domain/Site Blocking

[Shivang Pithadiya]

Hello OPNsense Team,

I would like to use the Unbound DNS blocklist functionality. My requirement is to block all DNS traffic by default, and then allow only specific domains/sites by adding them to a whitelist so they can pass through the OPNsense firewall. Could you please guide me on how to achieve this setup using Unbound DNS blocklist?

Thanks & Regards
Shivang Pithadiya

[Fabian Wenk]

As I see it, the only possible way is to add all TLDs into the "Wildcard Domains", a full list is at https://newgtlds.icann.org/en/program-status/delegated-strings

But according to the help text, this may allow sites running on the TLD itself to still be accessible.

Not sure if you e.g. can create your own DNSBL and then use that.