Using Unbound as an Ad-blocker
Basic Components
You should have dnsmasq (or another DHCP server) and unbound both working on your network.
Setting up Unbound To Block/Refuse unwanted addresses
There are a number of freely available blacklists on the net. The installer mentioned above uses these lists by default:
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- https://sysctl.org/cameleon/hosts
- https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
Alternatively, there is a set of curated lists at https://github.com/StevenBlack/hosts. There are various categories of lists there. The format of the file is a "host" (so you can put it in /etc/hosts and be done). We will use the hosts file format:
unbound needs to include the blacklists.conf file into its main configuration. To do so, we need to create the include file in the following format:
Contents of /etc/unbound/blacklists.conf
Here is an example shell script to download the StevenBlack hosts file, and then format it for unbound:
#!/bin/sh
echo "server:" >/etc/unbound/blacklist.conf
curl -s https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | \
grep ^0.0.0.0 - | \
sed 's/ #.*$//;
s/^0.0.0.0 \(.*\)/local-zone: "\1" refuse/' \
>>/etc/unbound/blacklist.conf
You can run this once, or as part of a periodic cron task.
In the /etc/unbound/unbound.conf, add the following line somewhere in the config:
Contents of /etc/unbound/unbound.conf
Reload unbound, and verify the config loads.
Dnsmasq configuration
Dnsmasq defaults to using the resolver in /etc/resolv.conf — if unbound is listening on 127.0.0.1, then have it use that as the resolver.
Alternatively, if unbound is running on another interface, or on a separate machine — use the dhcp-option configuration in dnsmasq:
dhcp-option=6,[ip-of-unbound-server]
Enjoy Ad-Free browsing!