Unbound DNS Blocklist reporting support for unbound rules

[mietzen]

Since oisd.nl announced that they will stop maintaining the domain list, I was wondering if it would be possible to use the unbound rules: https://raw.githubusercontent.com/sjhgvr/oisd/main/unbound_big.txt

like this: https://www.it-halbwissen.de/artikel/opnsense-oisd-unbound/ (sorry in german)

But still get the reporting and statistics.

[xPliZit_xs]

Hi,

i guess you can just use the alternate format list from the same site that works with unbound.
https://oisd.nl/setup

NEW below (seems to work with unbound):
https://big.oisd.nl/domainswild2 (domains wildcards, alternate syntax)

regards.

[senser]

Could those lists be candidates for the opnsense blocklist „preset list“?

[eagle6705]

So unbound is not doing any blocking.  POrt 80 is going now after a reboot BUT its getting a routing issue....(yes i did reboot prior not sure why it working, i'll follow up on a new post on how to move things over like certs, vpn, dhcp, Making rules would be simple as I only have one.)

Basically running tcpdump I see the following..it does look like a routing issue.  My external machine (its an IP from a DC I have access too for testing) can access my home network but it looks like route 80 just won't route.

verbose output suppressed, use -v[v]... for full protocol decode
listening on ens18, link-type EN10MB (Ethernet), snapshot length 262144 bytes
16:38:14.198359 IP 143.48.108.26.29113 > 192.168.3.95.80: Flags , seq 2689577625, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:38:14.198434 IP 192.168.3.95.80 > 143.48.108.26.29113: Flags [S.], seq 347498467, ack 2689577626, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:14.462209 IP 143.48.108.26.29114 > 192.168.3.95.80: Flags , seq 4238710311, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:38:14.462284 IP 192.168.3.95.80 > 143.48.108.26.29114: Flags [S.], seq 1577311852, ack 4238710312, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:15.204841 IP 143.48.108.26.29113 > 192.168.3.95.80: Flags , seq 2689577625, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:38:15.204902 IP 192.168.3.95.80 > 143.48.108.26.29113: Flags [S.], seq 347498467, ack 2689577626, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:15.477258 IP 192.168.3.95.80 > 143.48.108.26.29114: Flags [S.], seq 1577311852, ack 4238710312, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:15.488090 IP 143.48.108.26.29114 > 192.168.3.95.80: Flags , seq 4238710311, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:38:15.488149 IP 192.168.3.95.80 > 143.48.108.26.29114: Flags [S.], seq 1577311852, ack 4238710312, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:16.213146 IP 192.168.3.95.80 > 143.48.108.26.29113: Flags [S.], seq 347498467, ack 2689577626, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:17.211607 IP 143.48.108.26.29113 > 192.168.3.95.80: Flags , seq 2689577625, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:38:17.211667 IP 192.168.3.95.80 > 143.48.108.26.29113: Flags [S.], seq 347498467, ack 2689577626, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:17.474140 IP 143.48.108.26.29114 > 192.168.3.95.80: Flags , seq 4238710311, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:38:17.474199 IP 192.168.3.95.80 > 143.48.108.26.29114: Flags [S.], seq 1577311852, ack 4238710312, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:19.221166 IP 192.168.3.95.80 > 143.48.108.26.29113: Flags [S.], seq 347498467, ack 2689577626, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:19.477187 IP 192.168.3.95.80 > 143.48.108.26.29114: Flags [S.], seq 1577311852, ack 4238710312, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:21.225833 IP 143.48.108.26.29113 > 192.168.3.95.80: Flags , seq 2689577625, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:38:21.225892 IP 192.168.3.95.80 > 143.48.108.26.29113: Flags [S.], seq 347498467, ack 2689577626, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:21.485856 IP 143.48.108.26.29114 > 192.168.3.95.80: Flags , seq 4238710311, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:38:21.485913 IP 192.168.3.95.80 > 143.48.108.26.29114: Flags [S.], seq 1577311852, ack 4238710312, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:25.365192 IP 192.168.3.95.80 > 143.48.108.26.29113: Flags [S.], seq 347498467, ack 2689577626, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:25.621240 IP 192.168.3.95.80 > 143.48.108.26.29114: Flags [S.], seq 1577311852, ack 4238710312, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:29.229334 IP 143.48.108.26.29113 > 192.168.3.95.80: Flags , seq 2689577625, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:38:29.229413 IP 192.168.3.95.80 > 143.48.108.26.29113: Flags [S.], seq 347498467, ack 2689577626, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:29.493298 IP 143.48.108.26.29114 > 192.168.3.95.80: Flags , seq 4238710311, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:38:29.493379 IP 192.168.3.95.80 > 143.48.108.26.29114: Flags [S.], seq 1577311852, ack 4238710312, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:37.397362 IP 192.168.3.95.80 > 143.48.108.26.29113: Flags [S.], seq 347498467, ack 2689577626, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16:38:37.653298 IP 192.168.3.95.80 > 143.48.108.26.29114: Flags [S.], seq 1577311852, ack 4238710312, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0

Pastebnin info for the above...
https://pastebin.com/sA0jgzBu