[SOLVED] Include /var/unbound/ad_servers.conf to unbound.conf

Started by fbar, December 11, 2015, 12:27:30 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 11, 2015, 12:27:30 AM Last Edit: January 09, 2016, 12:14:53 AM by franco
Hi ,

I've switched from OpenBSD server to OPNSense and must say it is quite nice. In my old setup I had autogenerated a conf file for ad servers so that unbound would respond back with 127.0.0.1:

curl -sS -L --compressed "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound;showintro=0" | sed -e 's/<[^>]*>//g' | sed -e 's/^Ad.*//g' > /var/unbound/ad_servers.conf

Then in unbound.conf:

include /var/unbound/ad_servers.conf


this generates hundreds of adserver domains that point back to 127.0.0.1:
local-zone: "101com.com" redirect
local-data: "101com.com A 127.0.0.1"
local-zone: "101order.com" redirect
local-data: "101order.com A 127.0.0.1"
...


How do I make this persistent on reboots in OPNSense so that I can continue to block adservers at the network/DNS level ?

Thanks.
December 11, 2015, 12:53:01 AM #1

Found my own answer by editing the file:

/usr/local/etc/inc/unbound.inc

to include:
include /var/unbound/ad_servers.conf

then restarting unbound. Works like a charm.

December 11, 2015, 11:41:08 AM #2
Hi,

Only issue is, you have to repeat your action after every upgrade.
You can try to add your include to the "Advanced" section, if I'm not mistaken it will copy those settings directly into the config file.

Cheers,

Ad
December 11, 2015, 09:58:51 PM #3
Yes, paste the file contents into the GUI if it is static. If it is dynamic, you can add the following to unbound advanced options text area instead... (note the colon)

include: /var/unbound/ad_servers.conf
December 15, 2015, 01:06:32 AM #4
Quote from: franco on December 11, 2015, 09:58:51 PM
Yes, paste the file contents into the GUI if it is static. If it is dynamic, you can add the following to unbound advanced options text area instead... (note the colon)

include: /var/unbound/ad_servers.conf

That unfortunatly doesnt work because it puts the line after the "." cache section:
# Forwarding
forward-zone:
    name: "."
        forward-addr: x.x.x.x
        forward-addr: y.y.y.y


# Unbound custom option
include:
/var/unbound/ad_servers.conf

This causes the contents of ad_servers.conf to be ignored and actually resolves it to the real addresses instead of 127.0.0.1. The placement of it appears to be important. If I place it before the forwarding section I get the intended results. If it is placed after (as it is when using the "advanced method") it doesnt work.


December 22, 2015, 03:09:44 PM #5
Okay, I'm "unsolving" this, added a ticket: https://github.com/opnsense/core/issues/550
January 08, 2016, 01:46:24 AM #6
Thank you for looking into this  :)
January 09, 2016, 12:14:40 AM #7
Should be fixed in 15.7.24.
Print
Go Up Pages1
User actions