Unbound is a validating, recursive, and caching DNS resolver. Which we will be using to host our own local DNS server with a blacklist from oisd.nl.
First make sure to install Unbound and other needed software with the command (only works on distros with apt):
sudo apt install unbound dnsutils curl
Next thing you do is create a configuration file in the /etc/unbound/unbound.config.d/ directory:
sudo nano /etc/unbound/unbound.conf.d/root.confPaste this into the configuration file:
server:
interface: 0.0.0.0 #listen on all interfaces
port: 53 #listen on port 53
do-ip4: yes
do-ip6: no #set to yes when you have and want ipv6
prefer-ip6: no #set to yes if you want to prefer ipv6 over ipv4
do-udp: yes
do-tcp: yes
verbosity: 0
access-control: 10.7.0.0/24 allow #replace with you lan + prefix
include: /etc/unbound/blacklist.conf #include blacklist Of course edit accordingly.
Next up create the script to generate the blacklist this will be run weekly:
sudo nano /etc/cron.weekly/genblacklistPaste this into the configuration file:
#!/bin/sh
echo "#Generated on $(date)" > /etc/unbound/blacklist.conf
curl https://dbl.oisd.nl/basic/ -s | awk 'NR>13 {print "local-zone: \""$1"\" always_refuse"}' >> /etc/unbound/blacklist.conf && systemctl reload unbound || rm /etc/unbound/blocklist.conf ; systemctl restart unboundMake it executable:
sudo chmod +x /etc/cron.weekly/genblacklistAnd run it:
/etc/cron.weekly/genblacklistAfter that run this command to check if generated:
head /etc/unbound/blacklist.confThen do a test request to your server:
dig kaizentom.xyz @127.0.0.1If it works correctly the output shoud look likes this:
; <<>> DiG 9.17.21-1-Debian <<>> kaizentom.xyz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40866
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;kaizentom.xyz. IN A
;; ANSWER SECTION:
kaizentom.xyz. 600 IN A 31.207.89.98
;; Query time: 284 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sat Jan 15 15:35:49 CET 2022
;; MSG SIZE rcvd: 58You are done, now head to your device and add your server as the DNS.