Using Unbound as an Ad-blocker: Difference between revisions
(How to do pi-hole without pi-hole) |
|||
| (6 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
== Basic Components == | == Basic Components == | ||
You should have dnsmasq (or another DHCP server) and [ | You should have {{Pkg|dnsmasq}} (or another DHCP server) and [[Setting_up_unbound_DNS_server|unbound]] both working on your network. | ||
== Setting up Unbound To Block/Refuse unwanted addresses == | == Setting up Unbound To Block/Refuse unwanted addresses == | ||
There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default: | There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default: | ||
*https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | |||
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | *https://sysctl.org/cameleon/hosts | ||
https | *https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt | ||
*https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt | |||
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt | |||
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt | |||
Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. | Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. There are various categories of lists there. The format of the file is a "host" (so you can put it in {{path|/etc/hosts}} and be done). We will use the hosts file format: | ||
unbound needs to include the | unbound needs to include the <code>blacklists.conf</code> file into its main configuration. To do so, we need to create the include file in the following format: | ||
{{Cat|/etc/unbound/blacklists.conf|server: | |||
server: | |||
local-zone: "bad-site.com" refuse | local-zone: "bad-site.com" refuse | ||
local-zone: "bad-bad-site.com" refuse | local-zone: "bad-bad-site.com" refuse | ||
local-zone: "xyz.ads-r-us.com" refuse | local-zone: "xyz.ads-r-us.com" refuse}} | ||
Here is an example shell script to download the | |||
[https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts StevenBlack] | |||
hosts file, and then format it for unbound: | |||
<pre> | <pre> | ||
| Line 53: | Line 39: | ||
You can run this once, or as part of a periodic cron task. | You can run this once, or as part of a periodic cron task. | ||
In the /etc/unbound/unbound.conf, add the following line somewhere in the config: | In the {{path|/etc/unbound/unbound.conf}}, add the following line somewhere in the config: | ||
{{Cat|/etc/unbound/unbound.conf|#include "/etc/unbound/blacklist.conf"}} | |||
Reload unbound, and verify the config loads. | Reload unbound, and verify the config loads. | ||
== Dnsmasq configuration == | == Dnsmasq configuration == | ||
Dnsmasq defaults to using the resolver in /etc/resolv.conf | Dnsmasq defaults to using the resolver in {{path|/etc/resolv.conf}} — if unbound is listening on <code>127.0.0.1</code>, then have it use that as the resolver. | ||
Alternatively, if unbound is running on another interface, or on a separate machine | Alternatively, if unbound is running on another interface, or on a separate machine — use the dhcp-option configuration in dnsmasq: | ||
<pre> | <pre> | ||
| Line 75: | Line 57: | ||
Enjoy Ad-Free browsing! | Enjoy Ad-Free browsing! | ||
[[Category:Networking]] | |||
Latest revision as of 03:46, 16 February 2024
Basic Components
You should have dnsmasq (or another DHCP server) and unbound both working on your network.
Setting up Unbound To Block/Refuse unwanted addresses
There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default:
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- https://sysctl.org/cameleon/hosts
- https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. There are various categories of lists there. The format of the file is a "host" (so you can put it in /etc/hosts and be done). We will use the hosts file format:
unbound needs to include the blacklists.conf file into its main configuration. To do so, we need to create the include file in the following format:
Contents of /etc/unbound/blacklists.conf
server:
local-zone: "bad-site.com" refuse
local-zone: "bad-bad-site.com" refuse
local-zone: "xyz.ads-r-us.com" refuse
Here is an example shell script to download the StevenBlack hosts file, and then format it for unbound:
#!/bin/sh
echo "server:" >/etc/unbound/blacklist.conf
curl -s https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | \
grep ^0.0.0.0 - | \
sed 's/ #.*$//;
s/^0.0.0.0 \(.*\)/local-zone: "\1" refuse/' \
>>/etc/unbound/blacklist.conf
You can run this once, or as part of a periodic cron task.
In the /etc/unbound/unbound.conf, add the following line somewhere in the config:
Contents of /etc/unbound/unbound.conf
#include "/etc/unbound/blacklist.conf"
Reload unbound, and verify the config loads.
Dnsmasq configuration
Dnsmasq defaults to using the resolver in /etc/resolv.conf — if unbound is listening on 127.0.0.1, then have it use that as the resolver.
Alternatively, if unbound is running on another interface, or on a separate machine — use the dhcp-option configuration in dnsmasq:
dhcp-option=6,[ip-of-unbound-server]
Enjoy Ad-Free browsing!