Using Unbound as an Ad-blocker

From Alpine Linux

Basic Components

You should have dnsmasq (or another DHCP server) and unbound both working on your network.

Setting up Unbound To Block/Refuse unwanted addresses

There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default:

Alternatively, there is a set of curated lists at There are various categories of lists there. The format of the file is a "host" (so you can put it in /etc/hosts and be done). We will use the hosts file format:

unbound needs to include the blacklists.conf file into its main configuration. To do so, we need to create the include file in the following format:

Contents of /etc/unbound/blacklists.conf

server: local-zone: "" refuse local-zone: "" refuse local-zone: "" refuse

Here is an example shell script to download the StevenBlack hosts file, and then format it for unbound:


echo "server:" >/etc/unbound/blacklist.conf
curl -s | \
        grep ^ - | \
        sed 's/ #.*$//;
        s/^ \(.*\)/local-zone: "\1" refuse/' \

You can run this once, or as part of a periodic cron task.

In the /etc/unbound/unbound.conf, add the following line somewhere in the config:

Contents of /etc/unbound/unbound.conf

#include "/etc/unbound/blacklist.conf"

Reload unbound, and verify the config loads.

Dnsmasq configuration

Dnsmasq defaults to using the resolver in /etc/resolv.conf — if unbound is listening on, then have it use that as the resolver.

Alternatively, if unbound is running on another interface, or on a separate machine — use the dhcp-option configuration in dnsmasq:


Enjoy Ad-Free browsing!