Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Need help with DNS blocklists in Unbound
« previous
next »
Print
Pages: [
1
]
Author
Topic: Need help with DNS blocklists in Unbound (Read 2806 times)
Darkfella
Newbie
Posts: 7
Karma: 0
Need help with DNS blocklists in Unbound
«
on:
April 20, 2023, 04:48:34 pm »
Hello people, i need some advice how to enable downloaded dns blocklists on Unbound and use them. I'm trying to use multiple blocklists from the hagezi github and using the links provided specially for use in Unbound. In the logs i see that the domain names for the download links are resolved but it would not download them ? Im attaching a screenshot with the logs.
Logged
Darkfella
Newbie
Posts: 7
Karma: 0
Re: Need help with DNS blocklists in Unbound
«
Reply #1 on:
April 20, 2023, 05:06:38 pm »
Nvm i figured it out..
Additional http
location to download blacklists from, only plain text files containing a list of fqdn’s (e.g. my.evil.domain.com) are supported.
Logged
tabsats
Newbie
Posts: 17
Karma: 0
Re: Need help with DNS blocklists in Unbound
«
Reply #2 on:
October 28, 2023, 12:44:53 am »
could you explain what exactly you have figured out? I was searching for this topic and found your question here. Would be great if you could elaborate on it a bit. thanks
Logged
Darkfella
Newbie
Posts: 7
Karma: 0
Re: Need help with DNS blocklists in Unbound
«
Reply #3 on:
October 28, 2023, 08:22:28 am »
Hi, i cant recall now. I ended up using AdGuard Home for dns blocking, together with Unbound and DNSCrypt-Proxy.
Logged
marunjar
Newbie
Posts: 24
Karma: 5
Re: Need help with DNS blocklists in Unbound
«
Reply #4 on:
October 28, 2023, 09:24:33 am »
Glad you found a solution with adguard.
You already mentioned in first post that the lists are specially for unbound following it's config format.
As documented, you would've needed a simple list of domains:
https://docs.opnsense.org/manual/unbound.html#blocklists
But host files are working too and with recent update also lists including wildcard domains should work.
Logged
tabsats
Newbie
Posts: 17
Karma: 0
Re: Need help with DNS blocklists in Unbound
«
Reply #5 on:
October 28, 2023, 10:07:49 am »
Hi, I would like to stick just with the native blocklists in opnsense. Do you know which kind of lists should be preferred? Which ones are best for performance? Wildcard or hosts/domains?
Logged
marunjar
Newbie
Posts: 24
Karma: 5
Re: Need help with DNS blocklists in Unbound
«
Reply #6 on:
October 28, 2023, 11:13:48 am »
Wildcard domains will make list a lot smaller, which should be preferred IMO, but i have no experience with as it is pretty new.
Between domain list and hosts file there shouldn't be much difference.
Logged
CJ
Hero Member
Posts: 832
Karma: 30
Re: Need help with DNS blocklists in Unbound
«
Reply #7 on:
October 29, 2023, 03:43:06 pm »
You really shouldn't see much of a performance difference regarding the lists. I'm currently using half a dozen of them which results in about a quarter of a million entries and I'm not seeing any issues.
There's two ways to determine what lists to run and it's really dependent on your tolerance for nitpicking. Both require you to turn on the Unbound Reporting.
1. Enable all lists. When something doesn't work, go to the Unbound Reporting page and see what was blocked and by which list. Either add it as an allowed domain or disable the list. If you add it as an allowed domain, keep track of which list blocked it. If you start getting a bunch from the same list, you're probably better offer disabling that list.
2. Enable a list. If it doesn't break anything and you're happy with the results, enable another. Keep going until you're satisfied.
In turns of getting started, you really can't go wrong with the Stephen Black list. That will work for the vast majority of people with no tweaking.
Logged
Have Answer, Will Blog
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Need help with DNS blocklists in Unbound