Unbound OVERRIDE DOMAIN : ALIASES please! (new feature request)

[logan23]

It would ALSO be very convenient to load a list of domains or hosts to override directly from a text file...
Aliases are very convenient to quickly enable/disable a group of domains to override included in one alias.
Thanks for your good work.

[ruggerio]

it's already there: go to services->unbound->bridgeing (Überbrückung), the 2nd point in unbound-menu.

[logan23]

I'm afraid you're wrong: I'm talking about Domain Overrides, not Host Overrides.

[mimugmail]

What about a wildcards host override?

[logan23]

Good try.

The problem is it crashes unbound if you activate os-unbound-plus 1.1_1 DNSBL plugin.

In Host Overrides, add these domains to block:
host=*   domain=windowsupdate.com    ip=0.0.0.0
host=*   domain=microsoft.com    ip=0.0.0.0

Now install this unbound additional plugin (see above) and select these 3 BL :
WindowsSpyBlocker (spy)
WindowsSpyBlocker (update)
WindowsSpyBlocker (extra)

...now enable the blacklist plugin

2020-05-04T08:26:46    unbound: [92889:0] fatal error: Could not set up local zones
2020-05-04T08:26:46    unbound: [92889:0] error: local-data in redirect zone must reside at top of zone, not at 00015e-1.l.windowsupdate.com A 0.0.0.0
2020-05-04T08:26:46    unbound: [92889:0] debug: duplicate acl address ignored.
2020-05-04T08:26:46    unbound: [92889:0] debug: duplicate acl address ignored.
2020-05-04T08:26:46    unbound: [92889:0] debug: drop user privileges, run as unbound
2020-05-04T08:26:46    unbound: [92889:0] debug: chroot to /var/unbound
2020-05-04T08:26:46    unbound: [92889:0] debug: chdir to /var/unbound
2020-05-04T08:26:45    unbound: [69721:0] debug: switching log to stderr
2020-05-04T08:26:45    unbound: [69721:0] info: 0.262144 0.524288 12

I've talked to Michael Muenz, but he didn't find any workaround:
> No idea, sorry. Maybe you can ask in the forums

Moreover, if you have a long list of domains to override, it is very tiresome to add them one by one.
Instead, loading a text file would be cool... and deleting all the domains under one alias.

[mimugmail]

Yes thats me. I still dont get why you need this (Domain Override) If you already use the Tracking list? It's just a limitation of Unbound and design that you cant mix it

[logan23]

Anyways, IMHO, unbound shouldn't crash whatever the settings are between OPNsense standard override settings and the plugin.

There should be a solution to fix this, such as Host Overrides settings that would prevail over the plugin blacklists for instance, it's just a quick idea.

You still don't get it? Seriously? The tracking lists are far from being perfect and everyone should be able to create their own list without risking unbound to crash.

For example, I hate Facebook, I consider it is nothing else than a US government agency asking people over the world to fill their own information/intelligence sheet/card for the benefit of NSA databases (you know? the motherf*ckers on the planet - https://prism-break.org/en/)

See the attachment:

[mimugmail]

You still don't get it? Seriously? The tracking lists are far from being perfect and everyone should be able to create their own list without risking unbound to crash.

Just  use an internal webserver, or github account, create your own list as a text file and load it via the manual blacklist link. Easy.

The error of Unbound is a limitation of Unbound itself and should reported over there as we have no chance to influence.

[logan23]

Just  use an internal webserver, or github account, create your own list as a text file and load it via the manual blacklist link. Easy.

thanks mate!
However it's not convenient at all if you want to temporarily disable/enable a group of domains under one alias...