unbound: merge 00-insecure-domains.conf into blocklist.conf

2024-04-22 07:10:18 +03:00 · 2024-04-22 07:10:18 +03:00 · 623a9150fd
parent 892feb3c1b
commit 623a9150fd
2 changed files with 17 additions and 35 deletions
--- a/etc/unbound/unbound.conf.d/00-insecure-domains.conf
+++ b/etc/unbound/unbound.conf.d/00-insecure-domains.conf
@ -1,35 +0,0 @@
-# Domains to be sent through plaintext DNS for getting hijacked by devices
-# that tend to cause headache.
-# Uses Google DNS, because I don't use it for anything else and don't plan
-# to for the foreseeable future, so it is easier to spot from logs.
-# Is it secure? Google likely also knows I have these devices on my network
-# thanks to Android.
-
-server:
-forward-zone:
-	name: "mywifiext.net"
-	forward-tls-upstream: no
-	forward-addr: 8.8.8.8
-
-forward-zone:
-	name: "tplinkrepeater.net"
-	forward-tls-upstream: no
-	forward-addr: 8.8.8.8
-
-forward-zone:
-	name: "router.asus.com"
-	forward-tls-upstream: no
-	forward-addr: 8.8.8.8
-
-forward-zone:
-	name: "norwegianwifi.com"
-	forward-tls-upstream: no
-	forward-addr: 8.8.8.8
-
-# Can I refer to subdomain as a zone?
-forward-zone:
-	name: "http.badssl.com"
-	forward-tls-upstream: no
-	forward-addr: 8.8.8.8
-
-# vim: filetype=unbound.conf
--- a/etc/unbound/unbound.conf.d/blocklist.conf
+++ b/etc/unbound/unbound.conf.d/blocklist.conf
@ -17,5 +17,22 @@ local-zone: "matrix.to." always_refuse
 # in particular, likely websites too.
 local-zone: "graph.facebook.com." always_refuse

+## APPLIANCE/CAPTIVE PORTAL DOMAINS
+# Search these through host or dig to another server instead!
+
 # Fritz router/modem default search domain and control panel.
 local-zone: "fritz.box." always_refuse
+
+# Netgear
+local-zone: "mywifiext.net." always_refuse
+
+# TP-Link
+local-zone: "tplinkrepeater.net." always_refuse
+
+# ASUS
+local-zone: "router.asus.com." always_refuse
+
+# Norwegian planes
+local-zone: "norwegianwifi.com." always_refuse
+
+# vim: filetype=unbound.conf