Talk:Using Unbound as an Ad-blocker

From Alpine Linux

Mention of modern browsers' attempts to bypass DNS blocking of ad servers

The article could also use an entire section explaining how modern browsers, especially Chrome, attempt to use DNS over HTTPS to bypass the system configured DNS server under the guise of privacy (but lets face it, Google has financial incentive to prevent people from blocking ad.doubleclick.com)... An unbound configuration that prevents bootstrapping of popular DoH servers could help. Something like: 

server:
#These three domains require special handling
local-zone: "resolver.arpa" redirect
local-zone: "doh.dns.apple.com" redirect
local-zone: "use-application-dns.net" always_nxdomain
local-zone: "cloudflare-dns.com" static
local-zone: "dns-tunnel-check.googlezip.net" always_refuse
#All other domains, lie and provide our own IP
local-data: "doh.dns.apple.com.v.aaplimg.com. 120 IN A 192.168.0.1"
local-data: "doh.42l.fr. 120 IN A 192.168.0.1"
local-data: "i.233py.com. 120 IN A 192.168.0.1"
local-data: "i.233py.com.a.bdydns.com. 120 IN A 192.168.0.1"
local-data: "opencdn.jomodns.com. 120 IN A 192.168.0.1"
local-data: "dns.233py.com. 120 IN A 192.168.0.1"
local-data: "dns.233py.com.cdn.cloudflare.net. 120 IN A 192.168.0.1"
local-data: "edns.233py.com. 120 IN A 192.168.0.1"
local-data: "ndns.233py.com. 120 IN A 192.168.0.1"
local-data: "sdns.233py.com. 120 IN A 192.168.0.1"
local-data: "wdns.233py.com. 120 IN A 192.168.0.1"
local-data: "dns-gcp.aaflalo.me. 120 IN A 192.168.0.1"
local-data: "dns-nyc.aaflalo.me. 120 IN A 192.168.0.1"
local-data: "dns.aaflalo.me. 120 IN A 192.168.0.1"
local-data: "doh.abmb.win. 120 IN A 192.168.0.1"
local-data: "doh2.abmb.win. 120 IN A 192.168.0.1"
local-data: "dns.adguard.com. 120 IN A 192.168.0.1"
local-data: "dns-family.adguard.com. 120 IN A 192.168.0.1"
local-data: "dns-unfiltered.adguard.com. 120 IN A 192.168.0.1"
local-data: "dns.adguard-dns.com. 120 IN A 192.168.0.1"
local-data: "family.adguard-dns.com. 120 IN A 192.168.0.1"
local-data: "unfiltered.adguard-dns.com. 120 IN A 192.168.0.1"
local-data: "doh.nl.ahadns.net. 120 IN A 192.168.0.1"
local-data: "doh.in.ahadns.net. 120 IN A 192.168.0.1"
local-data: "doh.la.ahadns.net. 120 IN A 192.168.0.1"
local-data: "doh.ny.ahadns.net. 120 IN A 192.168.0.1"
local-data: "doh.pl.ahadns.net. 120 IN A 192.168.0.1"
local-data: "doh.it.ahadns.net. 120 IN A 192.168.0.1"
local-data: "doh.es.ahadns.net. 120 IN A 192.168.0.1"
local-data: "doh.no.ahadns.net. 120 IN A 192.168.0.1"
local-data: "doh.chi.ahadns.net. 120 IN A 192.168.0.1"
local-data: "doh.au.ahadns.net. 120 IN A 192.168.0.1"
local-data: "dot.nl.ahadns.net. 120 IN A 192.168.0.1"
local-data: "dot.in.ahadns.net. 120 IN A 192.168.0.1"
local-data: "dot.la.ahadns.net. 120 IN A 192.168.0.1"
local-data: "dot.ny.ahadns.net. 120 IN A 192.168.0.1"
local-data: "dot.pl.ahadns.net. 120 IN A 192.168.0.1"
local-data: "dot.it.ahadns.net. 120 IN A 192.168.0.1"
local-data: "dot.es.ahadns.net. 120 IN A 192.168.0.1"
local-data: "dot.no.ahadns.net. 120 IN A 192.168.0.1"
local-data: "dot.chi.ahadns.net. 120 IN A 192.168.0.1"
local-data: "dot.au.ahadns.net. 120 IN A 192.168.0.1"
local-data: "dnses.alekberg.net. 120 IN A 192.168.0.1"
local-data: "dnsnl.alekberg.net. 120 IN A 192.168.0.1"
local-data: "dnsse.alekberg.net. 120 IN A 192.168.0.1"
local-data: "dns.alidns.com. 120 IN A 192.168.0.1"
local-data: "doh.appliedprivacy.net. 120 IN A 192.168.0.1"
local-data: "doh.applied-privacy.net. 120 IN A 192.168.0.1"
local-data: "dot1.applied-privacy.net. 120 IN A 192.168.0.1"
local-data: "doh.armadillodns.net. 120 IN A 192.168.0.1"
local-data: "dohtrial.att.net. 120 IN A 192.168.0.1"
local-data: "doh1.blahdns.com. 120 IN A 192.168.0.1"
local-data: "doh1.b-cdn.net. 120 IN A 192.168.0.1"
local-data: "doh2.blahdns.com. 120 IN A 192.168.0.1"
local-data: "doh2.b-cdn.net. 120 IN A 192.168.0.1"
local-data: "dot-ch.blahdns.com. 120 IN A 192.168.0.1"
local-data: "doh-ch.blahdns.com. 120 IN A 192.168.0.1"
local-data: "dot-fi.blahdns.com. 120 IN A 192.168.0.1"
local-data: "doh-fi.blahdns.com. 120 IN A 192.168.0.1"
local-data: "dot-de.blahdns.com. 120 IN A 192.168.0.1"
local-data: "doh-de.blahdns.com. 120 IN A 192.168.0.1"
local-data: "dot-jp.blahdns.com. 120 IN A 192.168.0.1"
local-data: "doh-jp.blahdns.com. 120 IN A 192.168.0.1"
local-data: "dot-sg.blahdns.com. 120 IN A 192.168.0.1"
local-data: "doh-sg.blahdns.com. 120 IN A 192.168.0.1"
local-data: "doh.blockerdns.com. 120 IN A 192.168.0.1"
local-data: "doh.bortzmeyer.fr. 120 IN A 192.168.0.1"
local-data: "dns.brahma.world. 120 IN A 192.168.0.1"
local-data: "bravedns.com. 120 IN A 192.168.0.1"
local-data: "doh.captnemo.in. 120 IN A 192.168.0.1"
local-data: "ibuki.cgnat.net. 120 IN A 192.168.0.1"
local-data: "canadianshield.cira.ca. 120 IN A 192.168.0.1"
local-data: "dns.cloudflare.com. 120 IN A 192.168.0.1"
local-data: "one.one.one.one. 120 IN A 192.168.0.1"
local-data: "cloudflare-gateway.com. 120 IN A 192.168.0.1"
local-data: "doh.cleanbrowsing.org. 120 IN A 192.168.0.1"
local-data: "security-filter-dns.cleanbrowsing.org. 120 IN A 192.168.0.1"
local-data: "adult-filter-dns.cleanbrowsing.org. 120 IN A 192.168.0.1"
local-data: "family-filter-dns.cleanbrowsing.org. 120 IN A 192.168.0.1"
local-data: "dns.cmrg.net. 120 IN A 192.168.0.1"
local-data: "commons.host. 120 IN A 192.168.0.1"
local-data: "dns.containerpi.com. 120 IN A 192.168.0.1"
local-data: "dohdot.coxlab.net. 120 IN A 192.168.0.1"
local-data: "doh.crypto.sx. 120 IN A 192.168.0.1"
local-data: "jit.ddns.net. 120 IN A 192.168.0.1"
local-data: "dns.decloudus.com. 120 IN A 192.168.0.1"
local-data: "doh.defaultroutes.de. 120 IN A 192.168.0.1"
local-data: "dns.developer.li. 120 IN A 192.168.0.1"
local-data: "dns2.developer.li. 120 IN A 192.168.0.1"
local-data: "dns.digitale-gesellschaft.ch. 120 IN A 192.168.0.1"
local-data: "dns1.digitale-gesellschaft.ch. 120 IN A 192.168.0.1"
local-data: "dns2.digitale-gesellschaft.ch. 120 IN A 192.168.0.1"
local-data: "doh.disconnect.app. 120 IN A 192.168.0.1"
local-data: "ns1.recursive.dnsbycomodo.com. 120 IN A 192.168.0.1"
local-data: "ns2.recursive.dnsbycomodo.com. 120 IN A 192.168.0.1"
local-data: "dnsforge.de. 120 IN A 192.168.0.1"
local-data: "dns.google. 120 IN A 192.168.0.1"
local-data: "dns.dnshome.de. 120 IN A 192.168.0.1"
local-data: "dns1.dnscrypt.ca. 120 IN A 192.168.0.1"
local-data: "dns2.dnscrypt.ca. 120 IN A 192.168.0.1"
local-data: "doh.dnslify.com. 120 IN A 192.168.0.1"
local-data: "a.ns.dnslify.com. 120 IN A 192.168.0.1"
local-data: "b.ns.dnslify.com. 120 IN A 192.168.0.1"
local-data: "a.safe.ns.dnslify.com. 120 IN A 192.168.0.1"
local-data: "b.safe.ns.dnslify.com. 120 IN A 192.168.0.1"
local-data: "a.family.ns.dnslify.com. 120 IN A 192.168.0.1"
local-data: "b.family.ns.dnslify.com. 120 IN A 192.168.0.1"
local-data: "dns.dnsoverhttps.net. 120 IN A 192.168.0.1"
local-data: "dns.dns-over-https.com. 120 IN A 192.168.0.1"
local-data: "adblock-dot.dnswarden.com. 120 IN A 192.168.0.1"
local-data: "adult-filter-dot.dnswarden.com. 120 IN A 192.168.0.1"
local-data: "doh.dnswarden.com. 120 IN A 192.168.0.1"
local-data: "ecs-doh.dnswarden.com. 120 IN A 192.168.0.1"
local-data: "uncensored-dot.dnswarden.com. 120 IN A 192.168.0.1"
local-data: "doh.li. 120 IN A 192.168.0.1"
local-data: "doh.ffmuc.net. 120 IN A 192.168.0.1"
local-data: "dot.ffmuc.net. 120 IN A 192.168.0.1"
local-data: "rdns.faelix.net. 120 IN A 192.168.0.1"
local-data: "pdns.faelix.net. 120 IN A 192.168.0.1"
local-data: "dns.flatuslifir.is. 120 IN A 192.168.0.1"
local-data: "dns.google.com. 120 IN A 192.168.0.1"
local-data: "google-public-dns-a.google.com. 120 IN A 192.168.0.1"
local-data: "google-public-dns-b.google.com. 120 IN A 192.168.0.1"
local-data: "query.hdns.io. 120 IN A 192.168.0.1"
local-data: "ordns.he.net. 120 IN A 192.168.0.1"
local-data: "dns.hostux.net. 120 IN A 192.168.0.1"
local-data: "opennic.i2pd.xyz. 120 IN A 192.168.0.1"
local-data: "public.dns.iij.jp. 120 IN A 192.168.0.1"
local-data: "jcdns.fun. 120 IN A 192.168.0.1"
local-data: "us1.dns.lavate.ch. 120 IN A 192.168.0.1"
local-data: "eu1.dns.lavate.ch. 120 IN A 192.168.0.1"
local-data: "resolver-eu.lelux.fi. 120 IN A 192.168.0.1"
local-data: "doh.libredns.org. 120 IN A 192.168.0.1"
local-data: "dot.libredns.gr.com. 120 IN A 192.168.0.1"
local-data: "dot.libredns.gr. 120 IN A 192.168.0.1"
local-data: "doh.libredns.gr. 120 IN A 192.168.0.1"
local-data: "jarjar.meganerd.nl. 120 IN A 192.168.0.1"
local-data: "dns.mrkaran.dev. 120 IN A 192.168.0.1"
local-data: "adblock.mydns.network. 120 IN A 192.168.0.1"
local-data: "dns.neutopia.org. 120 IN A 192.168.0.1"
local-data: "dns.aa.net.uk. 120 IN A 192.168.0.1"
local-data: "doh.netweaver.uk. 120 IN A 192.168.0.1"
local-data: "dns.nextdns.io. 120 IN A 192.168.0.1"
local-data: "dns1.nextdns.io. 120 IN A 192.168.0.1"
local-data: "dns2.nextdns.io. 120 IN A 192.168.0.1"
local-data: "odvr.nic.cz. 120 IN A 192.168.0.1"
local-data: "dns.nixnet.xyz. 120 IN A 192.168.0.1"
local-data: "lv1.nixnet.xyz. 120 IN A 192.168.0.1"
local-data: "ny1.nixnet.xyz. 120 IN A 192.168.0.1"
local-data: "lux1.nixnet.xyz. 120 IN A 192.168.0.1"
local-data: "dns.njal.la. 120 IN A 192.168.0.1"
local-data: "doh.opendns.com. 120 IN A 192.168.0.1"
local-data: "doh.familyshield.opendns.com. 120 IN A 192.168.0.1"
local-data: "doh.sandbox.opendns.com. 120 IN A 192.168.0.1"
local-data: "resolver1.opendns.com. 120 IN A 192.168.0.1"
local-data: "resolver2.opendns.com. 120 IN A 192.168.0.1"
local-data: "resolver1-fs.opendns.com. 120 IN A 192.168.0.1"
local-data: "resolver2-fs.opendns.com. 120 IN A 192.168.0.1"
local-data: "dns.oszx.co. 120 IN A 192.168.0.1"
local-data: "a.passcloud.xyz. 120 IN A 192.168.0.1"
local-data: "i.passcloud.xyz. 120 IN A 192.168.0.1"
local-data: "doh.post-factum.tk. 120 IN A 192.168.0.1"
local-data: "doh.powerdns.org. 120 IN A 192.168.0.1"
local-data: "rpz-public-resolver1.rrdns.pch.net. 120 IN A 192.168.0.1"
local-data: "dns.pumplex.com. 120 IN A 192.168.0.1"
local-data: "dns.quad9.net. 120 IN A 192.168.0.1"
local-data: "dns9.quad9.net. 120 IN A 192.168.0.1"
local-data: "dns10.quad9.net. 120 IN A 192.168.0.1"
local-data: "dns11.quad9.net. 120 IN A 192.168.0.1"
local-data: "dns12.quad9.net. 120 IN A 192.168.0.1"
local-data: "dns13.quad9.net. 120 IN A 192.168.0.1"
local-data: "dns-nosec.quad9.net. 120 IN A 192.168.0.1"
local-data: "dns.rubyfish.cn. 120 IN A 192.168.0.1"
local-data: "ea-dns.rubyfish.cn. 120 IN A 192.168.0.1"
local-data: "uw-dns.rubyfish.cn. 120 IN A 192.168.0.1"
local-data: "rumpelsepp.org. 120 IN A 192.168.0.1"
local-data: "dns1.ryan-palmer.com. 120 IN A 192.168.0.1"
local-data: "doh.securedns.eu. 120 IN A 192.168.0.1"
local-data: "ads-doh.securedns.eu. 120 IN A 192.168.0.1"
local-data: "dot.securedns.eu. 120 IN A 192.168.0.1"
local-data: "doh.seby.io. 120 IN A 192.168.0.1"
local-data: "doh-2.seby.io. 120 IN A 192.168.0.1"
local-data: "dot.seby.io. 120 IN A 192.168.0.1"
local-data: "2.dnscrypt-cert.dns.seby.io. 120 IN A 192.168.0.1"
local-data: "dnsovertls.sinodun.com. 120 IN A 192.168.0.1"
local-data: "dnsovertls1.sinodun.com. 120 IN A 192.168.0.1"
local-data: "dnsovertls2.sinodun.com. 120 IN A 192.168.0.1"
local-data: "dnsovertls3.sinodun.com. 120 IN A 192.168.0.1"
local-data: "fi.doh.dns.snopyta.org. 120 IN A 192.168.0.1"
local-data: "fi.dot.dns.snopyta.org. 120 IN A 192.168.0.1"
local-data: "dns.switch.ch. 120 IN A 192.168.0.1"
local-data: "ibksturm.synology.me. 120 IN A 192.168.0.1"
local-data: "dns.t53.de. 120 IN A 192.168.0.1"
local-data: "dns.therifleman.name. 120 IN A 192.168.0.1"
local-data: "doh.tiar.app. 120 IN A 192.168.0.1"
local-data: "dot.tiar.app. 120 IN A 192.168.0.1"
local-data: "doh.tiarap.org. 120 IN A 192.168.0.1"
local-data: "jp.tiar.app. 120 IN A 192.168.0.1"
local-data: "jp.tiarap.org. 120 IN A 192.168.0.1"
local-data: "dns.twnic.tw. 120 IN A 192.168.0.1"
local-data: "doh.this.web.id. 120 IN A 192.168.0.1"
local-data: "dns.wugui.zone. 120 IN A 192.168.0.1"
local-data: "dns-asia.wugui.zone. 120 IN A 192.168.0.1"
local-data: "adfree.usableprivacy.net. 120 IN A 192.168.0.1"
local-data: "doh.xfinity.com. 120 IN A 192.168.0.1"
local-data: "doh.gslb2.xfinity.com. 120 IN A 192.168.0.1"
local-data: "fdns1.dismail.de. 120 IN A 192.168.0.1"
local-data: "fdns2.dismail.de. 120 IN A 192.168.0.1"
local-data: "anycast.censurfridns.dk. 120 IN A 192.168.0.1"
local-data: "unicast.censurfridns.dk. 120 IN A 192.168.0.1"
local-data: "anycast.uncensoreddns.org. 120 IN A 192.168.0.1"
local-data: "unicast.uncensoreddns.org. 120 IN A 192.168.0.1"
local-data: "dns.comss.one. 120 IN A 192.168.0.1"
local-data: "dns.east.comss.one. 120 IN A 192.168.0.1"
local-data: "dns-doh.dnsforfamily.com. 120 IN A 192.168.0.1"
local-data: "dns-dot.dnsforfamily.com. 120 IN A 192.168.0.1"
local-data: "dns.cfiec.net. 120 IN A 192.168.0.1"
local-data: "asia.dnscepat.id. 120 IN A 192.168.0.1"
local-data: "eropa.dnscepat.id. 120 IN A 192.168.0.1"
local-data: "doh.360.cn. 120 IN A 192.168.0.1"
local-data: "dot.360.cn. 120 IN A 192.168.0.1"
local-data: "doh.pub. 120 IN A 192.168.0.1"
local-data: "dns.pub. 120 IN A 192.168.0.1"
local-data: "dot.pub. 120 IN A 192.168.0.1"
local-data: "kaitain.restena.lu. 120 IN A 192.168.0.1"
local-data: "getdnsapi.net. 120 IN A 192.168.0.1"
local-data: "dns.larsdebruin.net. 120 IN A 192.168.0.1"
local-data: "dns-tls.bitwiseshift.net. 120 IN A 192.168.0.1"
local-data: "ns1.dnsprivacy.at. 120 IN A 192.168.0.1"
local-data: "ns2.dnsprivacy.at. 120 IN A 192.168.0.1"
local-data: "dns.bitgeek.in. 120 IN A 192.168.0.1"
local-data: "privacydns.go6lab.si. 120 IN A 192.168.0.1"
local-data: "dnsotls.lab.nic.cl. 120 IN A 192.168.0.1"
local-data: "tls-dns-u.odvr.dns-oarc.net. 120 IN A 192.168.0.1"
local-data: "doh.centraleu.pi-dns.com. 120 IN A 192.168.0.1"
local-data: "dot.centraleu.pi-dns.com. 120 IN A 192.168.0.1"
local-data: "doh.northeu.pi-dns.com. 120 IN A 192.168.0.1"
local-data: "dot.northeu.pi-dns.com. 120 IN A 192.168.0.1"
local-data: "doh.westus.pi-dns.com. 120 IN A 192.168.0.1"
local-data: "dot.westus.pi-dns.com. 120 IN A 192.168.0.1"
local-data: "doh.eastus.pi-dns.com. 120 IN A 192.168.0.1"
local-data: "dot.eastus.pi-dns.com. 120 IN A 192.168.0.1"
local-data: "doh.eastau.pi-dns.com. 120 IN A 192.168.0.1"
local-data: "dot.eastau.pi-dns.com. 120 IN A 192.168.0.1"
local-data: "doh.eastas.pi-dns.com. 120 IN A 192.168.0.1"
local-data: "dot.eastas.pi-dns.com. 120 IN A 192.168.0.1"
local-data: "doh.pi-dns.com. 120 IN A 192.168.0.1"
local-data: "freedns.controld.com. 120 IN A 192.168.0.1"
local-data: "doh.mullvad.net. 120 IN A 192.168.0.1"
local-data: "dns.arapurayil.com. 120 IN A 192.168.0.1"
local-data: "dot.xfinity.com. 120 IN A 192.168.0.1"
local-data: "dot.cox.net. 120 IN A 192.168.0.1"
local-data: "doh.cox.net. 120 IN A 192.168.0.1"
local-data: "dns.sb. 120 IN A 192.168.0.1"
local-data: "8888.google. 120 IN A 192.168.0.1"
local-data: "doh.quickline.ch. 120 IN A 192.168.0.1"
local-data: "doh-02.spectrum.com. 120 IN A 192.168.0.1"
local-data: "doh-01.spectrum.com. 120 IN A 192.168.0.1"
local-data: "mask.icloud.com. 120 IN A 192.168.0.1"
local-data: "mask-h2.icloud.com. 120 IN A 192.168.0.1"
local-data: "dandelionsprout.asuscomm.com. 120 IN A 192.168.0.1"
local-data: "basic.rethinkdns.com. 120 IN A 192.168.0.1"
local-data: "max.rethinkdns.com. 120 IN A 192.168.0.1"
local-data: "dns.levonet.sk. 120 IN A 192.168.0.1"
local-data: "chromium.dns.nextdns.io. 120 IN A 192.168.0.1"
local-data: "dot.quickline.ch. 120 IN A 192.168.0.1"
local-data: "doh.quickline.ch. 120 IN A 192.168.0.1"

zcrayfish (talkcontribssend email) 06:51, 15 February 2024 (UTC)

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Talk:Using_Unbound_as_an_Ad-blocker&oldid=26400"