Proper DNSBLs for Unbound

Started by OPNenthu, Today at 02:36:56 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 02:36:56 AM
I'm a bit ignorant still on advanced DNS topics.  Please be patient :)

This thread is in response to the discussion on page 1, specifically posts #5-8, here: https://forum.opnsense.org/index.php?topic=50857.0

I didn't want to further derail the IPFire topic so am posting separately to better understand this.

---

I feel that some of the DNS hosts lists that we use in Unbound are not specifically written for it and result in incomplete blocking because Unbound uses exact matching, whereas other engines may treat them as zones and automatically block subdomains.

For reference here are the built-in DNSBLs in OPNsense for Unbound.

It appears the hagezi lists, for example, are wildcarded but many of the others (e.g. AdGuard) are not and those could (depending how they're written) be less reliable in Unbound.

Is that a fair assessment and is there RPZ support in the roadmap for the Unbound UI?  Would that solve this, and is there even a gap or am I off with this assessment?

Thanks.  This has long been one of my nagging unresolved questions.
N5105 | 8/250GB | 4xi226-V | Community
Print
Go Up Pages1
User actions