Using Unbound as an Ad-blocker: Difference between revisions
No edit summary |
|||
(4 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
== Basic Components == | == Basic Components == | ||
Line 14: | Line 6: | ||
There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default: | There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default: | ||
*https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | |||
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | *https://sysctl.org/cameleon/hosts | ||
https | *https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt | ||
*https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt | |||
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt | |||
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt | |||
Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. There are various categories of lists there. The format of the file is a "host" (so you can put it in | Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. There are various categories of lists there. The format of the file is a "host" (so you can put it in {{path|/etc/hosts}} and be done). We will use the hosts file format: | ||
unbound needs to include the <code>blacklists.conf</code> file into its main configuration. To do so, we need to create the include file in the following format: | unbound needs to include the <code>blacklists.conf</code> file into its main configuration. To do so, we need to create the include file in the following format: | ||
Line 51: | Line 39: | ||
You can run this once, or as part of a periodic cron task. | You can run this once, or as part of a periodic cron task. | ||
In the | In the {{path|/etc/unbound/unbound.conf}}, add the following line somewhere in the config: | ||
{{Cat|/etc/unbound/unbound.conf|#include "/etc/unbound/blacklist.conf"}} | {{Cat|/etc/unbound/unbound.conf|#include "/etc/unbound/blacklist.conf"}} | ||
Reload unbound, and verify the config loads. | Reload unbound, and verify the config loads. | ||
== Dnsmasq configuration == | == Dnsmasq configuration == | ||
Dnsmasq defaults to using the resolver in | Dnsmasq defaults to using the resolver in {{path|/etc/resolv.conf}} — if unbound is listening on <code>127.0.0.1</code>, then have it use that as the resolver. | ||
Alternatively, if unbound is running on another interface, or on a separate machine — use the dhcp-option configuration in dnsmasq: | Alternatively, if unbound is running on another interface, or on a separate machine — use the dhcp-option configuration in dnsmasq: |
Latest revision as of 03:46, 16 February 2024
Basic Components
You should have dnsmasq (or another DHCP server) and unbound both working on your network.
Setting up Unbound To Block/Refuse unwanted addresses
There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default:
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- https://sysctl.org/cameleon/hosts
- https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. There are various categories of lists there. The format of the file is a "host" (so you can put it in /etc/hosts and be done). We will use the hosts file format:
unbound needs to include the blacklists.conf
file into its main configuration. To do so, we need to create the include file in the following format:
Contents of /etc/unbound/blacklists.conf
Here is an example shell script to download the StevenBlack hosts file, and then format it for unbound:
#!/bin/sh echo "server:" >/etc/unbound/blacklist.conf curl -s https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | \ grep ^0.0.0.0 - | \ sed 's/ #.*$//; s/^0.0.0.0 \(.*\)/local-zone: "\1" refuse/' \ >>/etc/unbound/blacklist.conf
You can run this once, or as part of a periodic cron task.
In the /etc/unbound/unbound.conf, add the following line somewhere in the config:
Contents of /etc/unbound/unbound.conf
Reload unbound, and verify the config loads.
Dnsmasq configuration
Dnsmasq defaults to using the resolver in /etc/resolv.conf — if unbound is listening on 127.0.0.1
, then have it use that as the resolver.
Alternatively, if unbound is running on another interface, or on a separate machine — use the dhcp-option configuration in dnsmasq:
dhcp-option=6,[ip-of-unbound-server]
Enjoy Ad-Free browsing!