Using Unbound as an Ad-blocker: Difference between revisions

From Alpine Linux
(changed headings and minor rewording with introduction)
Line 1: Line 1:
== Basic Components ==
This page documents the steps to use Unbound as an Ad-blocker by using a publicly available blacklist in '''hosts''' file format.


You should have {{Pkg|dnsmasq}} (or another DHCP server) and [[Setting_up_unbound_DNS_server|unbound]] both working on your network. 
== Prerequisites ==


== Setting up Unbound To Block/Refuse unwanted addresses ==
* You should have a {{Pkg|dnsmasq}} (or another DHCP server) and [[Setting_up_unbound_DNS_server|unbound]] both working on your network. 


There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default:
== Configuration ==
 
There are few steps to setup Unbound to Block/Refuse unwanted addresses. There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default:
*https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
*https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
*https://sysctl.org/cameleon/hosts
*https://sysctl.org/cameleon/hosts
Line 11: Line 13:
*https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
*https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt


Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. There are various categories of lists there. The format of the file is a "host" (so you can put it in {{path|/etc/hosts}} and be done). We will use the hosts file format:
Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. There are various categories of lists there. The format of the file is a "host" (so you can put it in {{path|/etc/hosts}} and be done).  


unbound needs to include the <code>blacklists.conf</code> file into its main configuration. To do so, we need to create the include file in the following format:
In this guide, we will use the hosts file format.  Unbound needs to include the <code>blacklists.conf</code> file into its main configuration. To do so, we need to create the include file in the following format:


{{Cat|/etc/unbound/blacklists.conf|server:
{{Cat|/etc/unbound/blacklists.conf|server:
Line 21: Line 23:
local-zone: "xyz.ads-r-us.com" refuse}}
local-zone: "xyz.ads-r-us.com" refuse}}


Here is an example shell script to download the
Here is an example shell script to download the [https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts StevenBlack] hosts file, and then format it for unbound:  
[https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts StevenBlack]
hosts file, and then format it for unbound:


<pre>
<pre>
Line 35: Line 35:
         >>/etc/unbound/blacklist.conf
         >>/etc/unbound/blacklist.conf
</pre>
</pre>


You can run this once, or as part of a periodic cron task.
You can run this once, or as part of a periodic cron task.


In the {{path|/etc/unbound/unbound.conf}}, add the following line somewhere in the config:
In the {{path|/etc/unbound/unbound.conf}}, add the following line somewhere in the config: {{Cat|/etc/unbound/unbound.conf|#include "/etc/unbound/blacklist.conf"}}
 
{{Cat|/etc/unbound/unbound.conf|#include "/etc/unbound/blacklist.conf"}}


Reload unbound, and verify the config loads.
Reload unbound, and verify the config loads.
Line 54: Line 51:
dhcp-option=6,[ip-of-unbound-server]
dhcp-option=6,[ip-of-unbound-server]
</pre>
</pre>


Enjoy Ad-Free browsing!
Enjoy Ad-Free browsing!


== See also ==
[[Setting_up_unbound_DNS_server|unbound]]
[[Category:Networking]]
[[Category:Networking]]

Revision as of 05:52, 3 November 2025

This page documents the steps to use Unbound as an Ad-blocker by using a publicly available blacklist in hosts file format.

Prerequisites

  • You should have a dnsmasq (or another DHCP server) and unbound both working on your network.

Configuration

There are few steps to setup Unbound to Block/Refuse unwanted addresses. There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default:

Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. There are various categories of lists there. The format of the file is a "host" (so you can put it in /etc/hosts and be done).

In this guide, we will use the hosts file format. Unbound needs to include the blacklists.conf file into its main configuration. To do so, we need to create the include file in the following format:

Contents of /etc/unbound/blacklists.conf

server: local-zone: "bad-site.com" refuse local-zone: "bad-bad-site.com" refuse local-zone: "xyz.ads-r-us.com" refuse

Here is an example shell script to download the StevenBlack hosts file, and then format it for unbound: 

#!/bin/sh

echo "server:" >/etc/unbound/blacklist.conf
curl -s https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | \
        grep ^0.0.0.0 - | \
        sed 's/ #.*$//;
        s/^0.0.0.0 \(.*\)/local-zone: "\1" refuse/' \
        >>/etc/unbound/blacklist.conf

You can run this once, or as part of a periodic cron task.

In the /etc/unbound/unbound.conf, add the following line somewhere in the config:

Contents of /etc/unbound/unbound.conf

#include "/etc/unbound/blacklist.conf"

Reload unbound, and verify the config loads.

Dnsmasq configuration

Dnsmasq defaults to using the resolver in /etc/resolv.conf — if unbound is listening on 127.0.0.1, then have it use that as the resolver.

Alternatively, if unbound is running on another interface, or on a separate machine — use the dhcp-option configuration in dnsmasq: 

dhcp-option=6,[ip-of-unbound-server]

Enjoy Ad-Free browsing!

See also

unbound

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Using_Unbound_as_an_Ad-blocker&oldid=31367"