Help with DNSBL on Unbound

[Darkfella]

Hello, i've been trying to figure out how to use hagezi's dns blocklists with DNSBL on Unbound but i have this problem.

The lists that don't include domains and subdomains but contain only wildcard domains wouldnt be treated as such and only block exact matches if i use to load they remotely by using the URLs . If i put the where it says Wildcard Domains it works but there i need to put each domain individually and i wont have that auto update of the lists. Is there any other way around this ?

[newsense]

You can now test by applying this patch, report any issues on GH

https://github.com/opnsense/core/commit/15757711a6ad37f7a20612f5e39af7fe19348627

Code Select Expand

opnsense-patch 1575771

Code Select Expand

root@OPNsense:~ # opnsense-patch 1575771
Fetched 1575771 via https://github.com/opnsense/core
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From 15757711a6ad37f7a20612f5e39af7fe19348627 Mon Sep 17 00:00:00 2001
|From: Stephan de Wit <stephan.de.wit@deciso.com>
|Date: Mon, 2 Oct 2023 14:52:25 +0200
|Subject: [PATCH] unbound: add support for wildcard domain lists (#6905)
|
|Closes https://github.com/opnsense/core/issues/6888
|---
| .../mvc/app/models/OPNsense/Unbound/Unbound.xml        |  3 +++
| src/opnsense/scripts/unbound/blocklists/__init__.py    |  2 +-
| src/opnsense/scripts/unbound/blocklists/default_bl.py  | 10 +++++++---
| .../templates/OPNsense/Unbound/core/blocklists.conf    |  5 +++--
| 4 files changed, 14 insertions(+), 6 deletions(-)
|
|diff --git a/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml b/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
|index cd26120d51..18fffeb84d 100644
|--- a/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
|+++ b/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
--------------------------
Patching file opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml using Plan A...
Hunk #1 succeeded at 180.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|diff --git a/src/opnsense/scripts/unbound/blocklists/__init__.py b/src/opnsense/scripts/unbound/blocklists/__init__.py
|index dda249396b..a5a84c2bd4 100755
|--- a/src/opnsense/scripts/unbound/blocklists/__init__.py
|+++ b/src/opnsense/scripts/unbound/blocklists/__init__.py
--------------------------
Patching file opnsense/scripts/unbound/blocklists/__init__.py using Plan A...
Hunk #1 succeeded at 48.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|diff --git a/src/opnsense/scripts/unbound/blocklists/default_bl.py b/src/opnsense/scripts/unbound/blocklists/default_bl.py
|index 333172aa20..97045a3edc 100755
|--- a/src/opnsense/scripts/unbound/blocklists/default_bl.py
|+++ b/src/opnsense/scripts/unbound/blocklists/default_bl.py
--------------------------
Patching file opnsense/scripts/unbound/blocklists/default_bl.py using Plan A...
Hunk #1 succeeded at 51.
Hunk #2 succeeded at 65.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|diff --git a/src/opnsense/service/templates/OPNsense/Unbound/core/blocklists.conf b/src/opnsense/service/templates/OPNsense/Unbound/core/blocklists.conf
|index 80bd574465..addac2cf80 100644
|--- a/src/opnsense/service/templates/OPNsense/Unbound/core/blocklists.conf
|+++ b/src/opnsense/service/templates/OPNsense/Unbound/core/blocklists.conf
--------------------------
Patching file opnsense/service/templates/OPNsense/Unbound/core/blocklists.conf using Plan A...
Hunk #1 succeeded at 1.
Hunk #2 succeeded at 63.
done
All patches have been applied successfully.  Have a nice day.


[jmmartj]

Is there a chance that this could get implemented in the near future?  Thanks!

~jm

[dinguz]

You need the 'wildcard asterisk' blocklist type for this, not the 'wildcard domains'? Seems to work alright. Load times are a bit faster as well (1.19 vs 4.51s).