diff --git a/etc/unbound/unbound.conf.d/blocklist.conf b/etc/unbound/unbound.conf.d/blocklist.conf
index 062c2ac1..4a120c0b 100644
--- a/etc/unbound/unbound.conf.d/blocklist.conf
+++ b/etc/unbound/unbound.conf.d/blocklist.conf
@@ -9,10 +9,12 @@ local-zone: "use-application-dns.net." always_nxdomain
 # I have something very aggressively attempting to resolve Google Analytics
 # and errorring on DNSSEC due to upstream resolver blocking them.
 local-zone: "google-analytics.com." always_refuse
-local-zone: "ssl.google-analytics.com." always_refuse
-local-zone: "www.google-analytics.com." always_refuse
 
 # Theoretically breaks nothing as clients should handle it.
 # https://aminda.eu/matrix/#why-do-you-use-matrix-uri-scheme-instead-of-matrixto
 # https://matrix.to/#/!KMbEUhVQHLwZHmwzKX:matrix.org/$jvB1PAivkIzRKQdlU_KFAtyPW_8Gv9o5tygud_09CRY?via=pikaviestin.fi&via=grin.hu&via=tchncs.de
 local-zone: "matrix.to." always_refuse
+
+# A lot of apps integrating Facebook in any form on mobile call this domain
+# in particular, likely websites too.
+local-zone: "graph.facebook.com." always_refuse