with adblocking functionality

To install unbound on on Ubuntu run this:

apt update && apt install unbound

After it finished installing open the unbound resolve conf nano /etc/unbound/unbound.conf and paste this:

# Unbound configuration file for Debian. # # See the unbound.conf(5) man page. # # See /usr/share/doc/unbound/examples/unbound.conf for a # commented reference config file. server: # Use the root servers key for DNSSEC auto-trust-anchor-file: "/var/lib/unbound/root.key" # Respond to DNS requests on all interfaces interface: 0.0.0.0 interface: ::0 # DNS request port, IP and protocol port: 53 do-ip4: yes do-ip6: yes do-udp: yes do-tcp: yes # Authorized IPs to access the DNS Server (use you local subnet) access-control: #127.0.0.0/8 allow access-control: 192.168.1.0/24 allow access-control: 192.168.0.1/24 allow access-control: fe80::/10 allow # Root servers information (To download here: # ftp://ftp.internic.net/domain/named.cache) root-hints: "/var/lib/unbound/root.hints" # Hide DNS Server info hide-identity: yes hide-version: yes # Improve the security of your DNS Server (Limit DNS Fraud and # use DNSSEC) harden-glue: yes harden-dnssec-stripped: yes # Rewrite URLs written in CAPS use-caps-for-id: yes # TTL Min (Seconds) cache-min-ttl: 3600 # TTL Max (Seconds) cache-max-ttl: 86400 # Enable the prefetch prefetch: yes # Number of maximum threads to use num-threads: 2 ### Tweaks and optimizations # Number of slabs to use (Must be a multiple of num-threads # value) msg-cache-slabs: 8 rrset-cache-slabs: 8 infra-cache-slabs: 8 key-cache-slabs: 8 # Cache and buffer size (in mb) rrset-cache-size: 51m msg-cache-size: 25m so-rcvbuf: 1m # Make sure your DNS Server treat your local network requests private-address: 10.0.0.0/8 private-address: 172.16.0.0/12 private-address: 192.168.0.0/16 private-address: 169.254.0.0/16 private-address: fd00::/8 private-address: fe80::/10 private-address: 127.0.0.0/8 private-address: ::ffff:0:0/96 # Add an unwanted reply threshold to clean the cache and avoid # when possible a DNS Poisoning unwanted-reply-threshold: 10000 # Authorize or not the localhost requests do-not-query-localhost: no # Use the root.key file for DNSSEC auto-trust-anchor-file: #"/var/lib/unbound/root.key" val-clean-additional: yes # Block popular advertising companies include: /etc/unbound/ads.conf

Then populate the anchor for DNSSEC:

unbound-anchor -a /var/lib/unbound/root.key

and populate the root-hints:

wget ftp://FTP.INTERNIC.NET/domain/named.cache -O /var/lib/unbound/root.hints

After that you set up unbound control with unbound-control-setup .

Then you set up the AdBlock script in /opt/dns (or whatever directory you want to):

mkdir -p /opt/dns/backup

cd /opt/dns

touch script.sh && touch whitelist

nano script.sh

And paste this:

#!/bin/bash #set dir containing script and "mkdir backup && touch whitelist" in it DIR="/opt/dns" #set dir for the unbound adblock config and add this to the unbound config: "include: /etc/unbound/ads.conf" UNBOUND="/etc/unbound/ads.conf" #download the hostfiles echo downloading and formatting... (curl --silent https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/ hosts | grep '^0\.0\.0\.0' | sort) | awk '{print "local-zone: \""$2"\" always_nxdomain"}' > $DIR/list #removing lines containing domains from whitelist echo including whitelist... grep -Fvf $DIR/whitelist $DIR/list > $UNBOUND #dump dns-cache echo dumping dns cache... unbound-control dump_cache > $DIR/cache #backup cache echo backing up the dns cache... cat cache > $DIR/backup/cache$(date +%Y-%m-%d).bak #restart the server (start stop worked better for me than restart) echo stopping unbound... service unbound stop echo starting unbound... service unbound start #load dns-cache after restart echo loading dns cache... cat $DIR/cache | unbound-control load_cache echo done!

After that run bash /opt/dns/script.sh .

This will download the hostlist and format it so unbound can read it. Then the whitelist file will be read and domains contained in the whitelist will be removed from the formatted list. This file will be copied to ' /etc/unbound/ads.conf '.

Unbound will cache requests to deliver them faster, but when you restart unbound the cache gets deleted. The script will dump the cache to the cache file and an backup with the date in the filename to backup/cache[date].

Then unbound gets restartet to read the ads.conf and block the domains in it. After the restart the cache gets loaded back from the cache file.

If you want to load the backup cache you can run cat /opt/dns/backup/[cache backup you want to load] | unbound-control load_cache