Unbound file configuration and some others tweaks

🎯 This repository hosts a version of Unbound server for OpenBSD with some tweaks cleaning your web experience.

📝 Here the man for unbound configuration file.
📝 Here the documentation to optimize your Unbound with your ressources.
📝 Here the Response Policy Zones (RPZ) documentation.

🛡️ Secure your external DNS request with DNS over TLS, configure RPZ option and build lists for a better and more efficient (reducing your carbon impact) web experience.

Prerequisites

You need to have an account with doas set correctly.
Unbound enable and start:
- rcctl enable unbound
- rcctl start unbound
Activate modules here below in your configuration file unbound.conf:
- module-config: "respip validator iterator"
Check your configuration file before reload:
- unbound-checkconf /var/unbound/etc/unbound.conf
- rcctl reload unbound

Usage

For unbound.conf change these values:

access-control: your_network_here/CIDR_prefix allow
interface: your_ip_here
private-address: your_network_here/CIDR_prefix

For unbound-ph15h1n9-001.sh update the backup path:

filebkp01="your_backup_path/2pz-l1s7-ph15h1n9-001.bkp"

Depend of the context but sometimes we need to play with redirect or with RPZ.

Redirect is used when you want to block all subdomains under a TLD, including those which do not yet exist.
RPZ in more fine tuning you can apply policy for eachs records, compare to redirect, if a record is not under RPZ policy, resolution is provided❗️

Redirect (2d2)

2d2-l1s7-8l4ckh4t-001
This list is a redirect receiving all TLD known as bad.
2d2-l1s7-ph15h1n9-003.txt
This list is a redirect receiving all TLD coming from 🇫🇷 SMS services not listed in the list 2d2-l1s7-ph15h1n9-001.txt.

RPZ (2pz)

2pz-l1s7-71k70k-001.txt
This list is a RPZ disabling all T1kT0k.
2pz-l1s7-8l4ckh4t-001.txt
This list is a RPZ with sources not in the RPZ malware.
2pz-l1s7-d0h-001.txt
This list is a RPZ with "famous" DoH.

Script

unbound-2d2-l1s7-ph15h1n9-001.sh
This script download and format redirect file coming from Red Flag Domains.
💡Crontab @daily is quite enough.
unbound-2pz-l1s7-48u53-001.sh
This script download and format RPZ file coming from Abuse.
💡Crontab @daily is quite enough.

Blueteam - Check new settings

You can test your Unbound server configuration here:

1.1.1.1

🐡 Have fun!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Unbound file configuration and some others tweaks

Prerequisites

Usage

Redirect (2d2)

RPZ (2pz)

Script

Blueteam - Check new settings

About

Releases

Packages

Languages

Name		Name	Last commit message	Last commit date
Latest commit History 76 Commits
2d2-l1s7-8l4ckh4t-001.txt		2d2-l1s7-8l4ckh4t-001.txt
2d2-l1s7-ph15h1n9-003.txt		2d2-l1s7-ph15h1n9-003.txt
2pz-l1s7-71k70k-001.txt		2pz-l1s7-71k70k-001.txt
2pz-l1s7-8l4ckh4t-001.txt		2pz-l1s7-8l4ckh4t-001.txt
2pz-l1s7-d0h-001.txt		2pz-l1s7-d0h-001.txt
LICENSE		LICENSE
README.md		README.md
unbound-2d2-l1s7-ph15h1n9-001.sh		unbound-2d2-l1s7-ph15h1n9-001.sh
unbound-2pz-l1s7-48u53-001.sh		unbound-2pz-l1s7-48u53-001.sh
unbound.conf		unbound.conf

License

seheyah/unbound

Folders and files

Latest commit

History

Repository files navigation

Unbound file configuration and some others tweaks

Prerequisites

Usage

Redirect (2d2)

RPZ (2pz)

Script

Blueteam - Check new settings

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages