From 5d00ccaf6bccea0c5f657304d396ac159316408c Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Sun, 28 May 2023 10:36:52 +0300
Subject: [PATCH] unbound: add blocklist-tld.conf mainly for zip & mov

---
 etc/unbound/unbound.conf.d/blocklist-tld.conf | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 etc/unbound/unbound.conf.d/blocklist-tld.conf

diff --git a/etc/unbound/unbound.conf.d/blocklist-tld.conf b/etc/unbound/unbound.conf.d/blocklist-tld.conf
new file mode 100644
index 00000000..4f0e8710
--- /dev/null
+++ b/etc/unbound/unbound.conf.d/blocklist-tld.conf
@@ -0,0 +1,8 @@
+server:
+
+# Firefox automatic DoH to unfiltered DNS is especially unwanted in this case
+local-zone: "use-application-dns.net." always_nxdomain
+
+# Very high abuse potential
+local-zone: "zip." always_refuse
+local-zone: "mov." always_refuse