From 623a9150fdd4552b9a2d04630eba24987c5ec023 Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Mon, 22 Apr 2024 07:10:18 +0300
Subject: [PATCH] unbound: merge 00-insecure-domains.conf into blocklist.conf

---
 .../unbound.conf.d/00-insecure-domains.conf   | 35 -------------------
 etc/unbound/unbound.conf.d/blocklist.conf     | 17 +++++++++
 2 files changed, 17 insertions(+), 35 deletions(-)
 delete mode 100644 etc/unbound/unbound.conf.d/00-insecure-domains.conf

diff --git a/etc/unbound/unbound.conf.d/00-insecure-domains.conf b/etc/unbound/unbound.conf.d/00-insecure-domains.conf
deleted file mode 100644
index 274e4fac..00000000
--- a/etc/unbound/unbound.conf.d/00-insecure-domains.conf
+++ /dev/null
@@ -1,35 +0,0 @@
-# Domains to be sent through plaintext DNS for getting hijacked by devices
-# that tend to cause headache.
-# Uses Google DNS, because I don't use it for anything else and don't plan
-# to for the foreseeable future, so it is easier to spot from logs.
-# Is it secure? Google likely also knows I have these devices on my network
-# thanks to Android.
-
-server:
-forward-zone:
-	name: "mywifiext.net"
-	forward-tls-upstream: no
-	forward-addr: 8.8.8.8
-
-forward-zone:
-	name: "tplinkrepeater.net"
-	forward-tls-upstream: no
-	forward-addr: 8.8.8.8
-
-forward-zone:
-	name: "router.asus.com"
-	forward-tls-upstream: no
-	forward-addr: 8.8.8.8
-
-forward-zone:
-	name: "norwegianwifi.com"
-	forward-tls-upstream: no
-	forward-addr: 8.8.8.8
-
-# Can I refer to subdomain as a zone?
-forward-zone:
-	name: "http.badssl.com"
-	forward-tls-upstream: no
-	forward-addr: 8.8.8.8
-
-# vim: filetype=unbound.conf
diff --git a/etc/unbound/unbound.conf.d/blocklist.conf b/etc/unbound/unbound.conf.d/blocklist.conf
index 5947e50e..05ffe3cd 100644
--- a/etc/unbound/unbound.conf.d/blocklist.conf
+++ b/etc/unbound/unbound.conf.d/blocklist.conf
@@ -17,5 +17,22 @@ local-zone: "matrix.to." always_refuse
 # in particular, likely websites too.
 local-zone: "graph.facebook.com." always_refuse
 
+## APPLIANCE/CAPTIVE PORTAL DOMAINS
+# Search these through host or dig to another server instead!
+
 # Fritz router/modem default search domain and control panel.
 local-zone: "fritz.box." always_refuse
+
+# Netgear
+local-zone: "mywifiext.net." always_refuse
+
+# TP-Link
+local-zone: "tplinkrepeater.net." always_refuse
+
+# ASUS
+local-zone: "router.asus.com." always_refuse
+
+# Norwegian planes
+local-zone: "norwegianwifi.com." always_refuse
+
+# vim: filetype=unbound.conf