On Sat, Nov 16, 2024 at 11:23:59PM +0000, ckeader wrote: > > > I guess you're using local zones for this - I would look into using RPZ > > instead. I haven't tried it myself but hopefully this will get you started: > > > > https://blog.nlnetlabs.nl/response-policy-zones-in-unbound/ > > Thanks, Stuart. I can see the advantage of this approach and it looks like > someone has already done the work, > > https://www.geoghegan.ca/unbound-adblock.html
There are also other sources of RPZs for various purposes, e.g. https://ioc2rpz.net. They make the rPZ availabe through DNS zone transfer. I never used them with unbound, but I did use them with PowerDNS Recursor. One of the nice things about the RPZ approach is that it is vendor independent. -Otto
