Using Unbound as an Ad-blocker

From Alpine Linux

Basic Components

You should have dnsmasq (or another DHCP server) and unbound both working on your network.

Setting up Unbound To Block/Refuse unwanted addresses

There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default:

Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. There are various categories of lists there. The format of the file is a "host" (so you can put it in /etc/hosts and be done). We will use the hosts file format:

unbound needs to include the blacklists.conf file into its main configuration. To do so, we need to create the include file in the following format:

Contents of /etc/unbound/blacklists.conf

server: local-zone: "bad-site.com" refuse local-zone: "bad-bad-site.com" refuse local-zone: "xyz.ads-r-us.com" refuse

Here is an example shell script to download the StevenBlack hosts file, and then format it for unbound:

#!/bin/sh

echo "server:" >/etc/unbound/blacklist.conf
curl -s https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | \
        grep ^0.0.0.0 - | \
        sed 's/ #.*$//;
        s/^0.0.0.0 \(.*\)/local-zone: "\1" refuse/' \
        >>/etc/unbound/blacklist.conf


You can run this once, or as part of a periodic cron task.

In the /etc/unbound/unbound.conf, add the following line somewhere in the config:

Contents of /etc/unbound/unbound.conf

#include "/etc/unbound/blacklist.conf"

Reload unbound, and verify the config loads.

Dnsmasq configuration

Dnsmasq defaults to using the resolver in /etc/resolv.conf — if unbound is listening on 127.0.0.1, then have it use that as the resolver.

Alternatively, if unbound is running on another interface, or on a separate machine — use the dhcp-option configuration in dnsmasq:

dhcp-option=6,[ip-of-unbound-server]


Enjoy Ad-Free browsing!