diff --git a/etc/unbound/unbound.conf.d/00-insecure-domains.conf b/etc/unbound/unbound.conf.d/00-insecure-domains.conf deleted file mode 100644 index 274e4fac..00000000 --- a/etc/unbound/unbound.conf.d/00-insecure-domains.conf +++ /dev/null @@ -1,35 +0,0 @@ -# Domains to be sent through plaintext DNS for getting hijacked by devices -# that tend to cause headache. -# Uses Google DNS, because I don't use it for anything else and don't plan -# to for the foreseeable future, so it is easier to spot from logs. -# Is it secure? Google likely also knows I have these devices on my network -# thanks to Android. - -server: -forward-zone: - name: "mywifiext.net" - forward-tls-upstream: no - forward-addr: 8.8.8.8 - -forward-zone: - name: "tplinkrepeater.net" - forward-tls-upstream: no - forward-addr: 8.8.8.8 - -forward-zone: - name: "router.asus.com" - forward-tls-upstream: no - forward-addr: 8.8.8.8 - -forward-zone: - name: "norwegianwifi.com" - forward-tls-upstream: no - forward-addr: 8.8.8.8 - -# Can I refer to subdomain as a zone? -forward-zone: - name: "http.badssl.com" - forward-tls-upstream: no - forward-addr: 8.8.8.8 - -# vim: filetype=unbound.conf diff --git a/etc/unbound/unbound.conf.d/blocklist.conf b/etc/unbound/unbound.conf.d/blocklist.conf index 5947e50e..05ffe3cd 100644 --- a/etc/unbound/unbound.conf.d/blocklist.conf +++ b/etc/unbound/unbound.conf.d/blocklist.conf @@ -17,5 +17,22 @@ local-zone: "matrix.to." always_refuse # in particular, likely websites too. local-zone: "graph.facebook.com." always_refuse +## APPLIANCE/CAPTIVE PORTAL DOMAINS +# Search these through host or dig to another server instead! + # Fritz router/modem default search domain and control panel. local-zone: "fritz.box." always_refuse + +# Netgear +local-zone: "mywifiext.net." always_refuse + +# TP-Link +local-zone: "tplinkrepeater.net." always_refuse + +# ASUS +local-zone: "router.asus.com." always_refuse + +# Norwegian planes +local-zone: "norwegianwifi.com." always_refuse + +# vim: filetype=unbound.conf