How to Read and Unblock/Block With Unbound?

[ticker]

How do you properly read the Unbound logs to determine sites that are blocked, and are passed?
It looks like there is no way to filter between the two which sucks.

And as for the syntax for whitelisting/blacklisting, how do I make a catch all for a domain?
For example if I wanted to whitelist all of facebook would facebook.com/* not work?
Or all of a website with domains like 1.amazon.com 2.amazon.com something like *.amazon.com/* ?

Not exactly familiar with regex, so a simple cheatsheet would be nice. I don't plan on doing anything crazy but I can not seem to figure it out.

[cookiemonster]

I could very well be wrong as I use Unbound but not block/allow lists on it.  But I don't think it logs them. It'll look up ips in the lists and allow/block the ip. It works with ips, not uris after lookup. Will only log ips.

[tuto2]

Logged queries do not distinguish between blocked or passed, this is due to the nature of how blocklists are implemented.

The current implementation of Unbound blocklists simply takes domain names and creates an A record pointing it to 0.0.0.0. Unbound takes these records as fully qualified domain names and NOT as zones.

If you want to manually specify an entire zone to block (e.g. '*.facebook.com'), create a host override entry (with hostname '*') and point it to 0.0.0.0.