shell-things/etc/unbound/unbound.conf.d/blocklist.conf
Mikaela Suomalainen e9aefd711b
blocklist.conf: refuse blocked instead of nxdomain
Only the Firefox DoH needs to be NXDOMAIN while REFUSE may be more
accurate for the rest.
2020-11-21 12:13:55 +02:00

17 lines
704 B
Plaintext

server:
# Tell Firefox to not automagically send traffic to Cloudflare as there is
# this Unbound using DNS-over-TLS / DNSCrypt without the need for it to use
# separate DNS.
local-zone: "use-application-dns.net." always_nxdomain
# I have something very aggressively attempting to resolve Google Analytics
# and errorring on DNSSEC due to upstream resolver blocking them.
local-zone: "google-analytics.com." always_refuse
local-zone: "ssl.google-analytics.com." always_refuse
local-zone: "www.google-analytics.com." always_refuse
# On top NextDNS blocks after Google Analytics, while I am not entirely sure
# blocking it is in my interests.
local-zone: "incoming.telemetry.mozilla.org." always_refuse