Using Unbound as an Ad-blocker: Difference between revisions

From Alpine Linux
(added heading)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Basic Components ==
This page documents the steps to use Unbound as an Ad-blocker by using a publicly available blacklist in '''hosts''' file format.


You should have {{Pkg|dnsmasq}} (or another DHCP server) and [[Setting_up_unbound_DNS_server|unbound]] both working on your network. 
== Prerequisites ==


== Setting up Unbound To Block/Refuse unwanted addresses ==
* You should have a {{Pkg|dnsmasq}} (or another DHCP server) and [[Setting_up_unbound_DNS_server|unbound]] both working on your network. 


There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default:
== Ad-blocker blacklists ==
 
There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default:
*https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
*https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
*https://sysctl.org/cameleon/hosts
*https://sysctl.org/cameleon/hosts
Line 11: Line 13:
*https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
*https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt


Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. There are various categories of lists there. The format of the file is a "host" (so you can put it in {{path|/etc/hosts}} and be done). We will use the hosts file format:
Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. There are various categories of lists there. The format of the file is a "host" (so you can put it in {{path|/etc/hosts}} and be done).  


unbound needs to include the <code>blacklists.conf</code> file into its main configuration. To do so, we need to create the include file in the following format:
== Configuration ==
 
There are few steps to setup Unbound to Block/Refuse unwanted addresses. In this guide, we will use the hosts file format from https://github.com/StevenBlack/hosts.  Unbound needs to include the <code>blacklists.conf</code> file into its main configuration. To do so, we need to create the include file in the following format:


{{Cat|/etc/unbound/blacklists.conf|server:
{{Cat|/etc/unbound/blacklists.conf|server:
Line 21: Line 25:
local-zone: "xyz.ads-r-us.com" refuse}}
local-zone: "xyz.ads-r-us.com" refuse}}


Here is an example shell script to download the
Here is an example shell script to download the [https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts StevenBlack] hosts file, and then format it for unbound:  
[https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts StevenBlack]
hosts file, and then format it for unbound:


<pre>
<pre>
Line 35: Line 37:
         >>/etc/unbound/blacklist.conf
         >>/etc/unbound/blacklist.conf
</pre>
</pre>


You can run this once, or as part of a periodic cron task.
You can run this once, or as part of a periodic cron task.


In the {{path|/etc/unbound/unbound.conf}}, add the following line somewhere in the config:
In the {{path|/etc/unbound/unbound.conf}}, add the following line somewhere in the config: {{Cat|/etc/unbound/unbound.conf|#include "/etc/unbound/blacklist.conf"}}
 
{{Cat|/etc/unbound/unbound.conf|#include "/etc/unbound/blacklist.conf"}}


Reload unbound, and verify the config loads.
Reload unbound, and verify the config loads.
Line 55: Line 54:
</pre>
</pre>


Enjoy Ad-Free browsing!


Enjoy Ad-Free browsing!
== See also ==
* [[Setting_up_unbound_DNS_server|unbound]]
* [[Using Pi-hole with Unbound]]


[[Category:Networking]]
[[Category:Networking]]

Latest revision as of 15:40, 6 November 2025

This page documents the steps to use Unbound as an Ad-blocker by using a publicly available blacklist in hosts file format.

Prerequisites

  • You should have a dnsmasq (or another DHCP server) and unbound both working on your network.

Ad-blocker blacklists

There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default:

Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. There are various categories of lists there. The format of the file is a "host" (so you can put it in /etc/hosts and be done).

Configuration

There are few steps to setup Unbound to Block/Refuse unwanted addresses. In this guide, we will use the hosts file format from https://github.com/StevenBlack/hosts. Unbound needs to include the blacklists.conf file into its main configuration. To do so, we need to create the include file in the following format:

Contents of /etc/unbound/blacklists.conf

server: local-zone: "bad-site.com" refuse local-zone: "bad-bad-site.com" refuse local-zone: "xyz.ads-r-us.com" refuse

Here is an example shell script to download the StevenBlack hosts file, and then format it for unbound: 

#!/bin/sh

echo "server:" >/etc/unbound/blacklist.conf
curl -s https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | \
        grep ^0.0.0.0 - | \
        sed 's/ #.*$//;
        s/^0.0.0.0 \(.*\)/local-zone: "\1" refuse/' \
        >>/etc/unbound/blacklist.conf

You can run this once, or as part of a periodic cron task.

In the /etc/unbound/unbound.conf, add the following line somewhere in the config:

Contents of /etc/unbound/unbound.conf

#include "/etc/unbound/blacklist.conf"

Reload unbound, and verify the config loads.

Dnsmasq configuration

Dnsmasq defaults to using the resolver in /etc/resolv.conf — if unbound is listening on 127.0.0.1, then have it use that as the resolver.

Alternatively, if unbound is running on another interface, or on a separate machine — use the dhcp-option configuration in dnsmasq: 

dhcp-option=6,[ip-of-unbound-server]

Enjoy Ad-Free browsing!

See also

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Using_Unbound_as_an_Ad-blocker&oldid=31416"