From 623a9150fdd4552b9a2d04630eba24987c5ec023 Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Mon, 22 Apr 2024 07:10:18 +0300 Subject: [PATCH] unbound: merge 00-insecure-domains.conf into blocklist.conf --- .../unbound.conf.d/00-insecure-domains.conf | 35 ------------------- etc/unbound/unbound.conf.d/blocklist.conf | 17 +++++++++ 2 files changed, 17 insertions(+), 35 deletions(-) delete mode 100644 etc/unbound/unbound.conf.d/00-insecure-domains.conf diff --git a/etc/unbound/unbound.conf.d/00-insecure-domains.conf b/etc/unbound/unbound.conf.d/00-insecure-domains.conf deleted file mode 100644 index 274e4fac..00000000 --- a/etc/unbound/unbound.conf.d/00-insecure-domains.conf +++ /dev/null @@ -1,35 +0,0 @@ -# Domains to be sent through plaintext DNS for getting hijacked by devices -# that tend to cause headache. -# Uses Google DNS, because I don't use it for anything else and don't plan -# to for the foreseeable future, so it is easier to spot from logs. -# Is it secure? Google likely also knows I have these devices on my network -# thanks to Android. - -server: -forward-zone: - name: "mywifiext.net" - forward-tls-upstream: no - forward-addr: 8.8.8.8 - -forward-zone: - name: "tplinkrepeater.net" - forward-tls-upstream: no - forward-addr: 8.8.8.8 - -forward-zone: - name: "router.asus.com" - forward-tls-upstream: no - forward-addr: 8.8.8.8 - -forward-zone: - name: "norwegianwifi.com" - forward-tls-upstream: no - forward-addr: 8.8.8.8 - -# Can I refer to subdomain as a zone? -forward-zone: - name: "http.badssl.com" - forward-tls-upstream: no - forward-addr: 8.8.8.8 - -# vim: filetype=unbound.conf diff --git a/etc/unbound/unbound.conf.d/blocklist.conf b/etc/unbound/unbound.conf.d/blocklist.conf index 5947e50e..05ffe3cd 100644 --- a/etc/unbound/unbound.conf.d/blocklist.conf +++ b/etc/unbound/unbound.conf.d/blocklist.conf @@ -17,5 +17,22 @@ local-zone: "matrix.to." always_refuse # in particular, likely websites too. local-zone: "graph.facebook.com." always_refuse +## APPLIANCE/CAPTIVE PORTAL DOMAINS +# Search these through host or dig to another server instead! + # Fritz router/modem default search domain and control panel. local-zone: "fritz.box." always_refuse + +# Netgear +local-zone: "mywifiext.net." always_refuse + +# TP-Link +local-zone: "tplinkrepeater.net." always_refuse + +# ASUS +local-zone: "router.asus.com." always_refuse + +# Norwegian planes +local-zone: "norwegianwifi.com." always_refuse + +# vim: filetype=unbound.conf