From fe8ac1bbb799fd0beaac35553bd400431bc25513 Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Thu, 15 Feb 2024 20:47:34 +0200
Subject: [PATCH] unbound: remove blocklists, deprecated by Browser Policy

---
 etc/unbound/unbound.conf.d/blocklist-tld.conf |  8 -------
 etc/unbound/unbound.conf.d/blocklist.conf     | 24 -------------------
 2 files changed, 32 deletions(-)
 delete mode 100644 etc/unbound/unbound.conf.d/blocklist-tld.conf
 delete mode 100644 etc/unbound/unbound.conf.d/blocklist.conf

diff --git a/etc/unbound/unbound.conf.d/blocklist-tld.conf b/etc/unbound/unbound.conf.d/blocklist-tld.conf
deleted file mode 100644
index 4f0e8710..00000000
--- a/etc/unbound/unbound.conf.d/blocklist-tld.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-server:
-
-# Firefox automatic DoH to unfiltered DNS is especially unwanted in this case
-local-zone: "use-application-dns.net." always_nxdomain
-
-# Very high abuse potential
-local-zone: "zip." always_refuse
-local-zone: "mov." always_refuse
diff --git a/etc/unbound/unbound.conf.d/blocklist.conf b/etc/unbound/unbound.conf.d/blocklist.conf
deleted file mode 100644
index 0adb01c4..00000000
--- a/etc/unbound/unbound.conf.d/blocklist.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-server:
-
-# Tell Firefox to not automagically send traffic to Cloudflare as there is
-# this Unbound using DNS-over-TLS / DNSCrypt without the need for it to use
-# separate DNS. Encrypted client hello requiring DoH is a separate issue
-# for somewhere else.
-local-zone: "use-application-dns.net." always_nxdomain
-
-# I have something very aggressively attempting to resolve Google Analytics
-# and errorring on DNSSEC due to upstream resolver blocking them.
-local-zone: "google-analytics.com." always_refuse
-
-# Theoretically breaks nothing as clients should handle it.
-# https://aminda.eu/matrix/#why-do-you-use-matrix-uri-scheme-instead-of-matrixto
-# https://matrix.to/#/!KMbEUhVQHLwZHmwzKX:matrix.org/$jvB1PAivkIzRKQdlU_KFAtyPW_8Gv9o5tygud_09CRY?via=pikaviestin.fi&via=grin.hu&via=tchncs.de
-local-zone: "matrix.to." always_refuse
-
-# A lot of apps integrating Facebook in any form on mobile call this domain
-# in particular, likely websites too.
-local-zone: "graph.facebook.com." always_refuse
-
-# Protesting the API pricing
-local-zone: "reddit.com." always_refuse
-local-zone: "twitter.com." always_refuse