ansible-role-unbound aka. rls.unbound

Install unbound on debian based systems and extend it optionally by using one or more dnsbl lists.

unbound-dnsbl-updater.py

The script unbound-dnsbl-updater.py requires python >= 3.9

dnsbl lists

The script can handle lists in plain domain, wilrdcard domain or hosts/bind syntax.

Role Variables

defaults/main.yml

Example

undbound_config:
  server:
    interface-automatic: "yes"
    verbosity: 1
    log-queries: "yes"
    log-replies: "yes"
    log-local-actions: "yes"
    log-servfail: "yes"
    access-control: 0.0.0.0/0 allow
    # can be written too as
    # access-control:
    #   - 0.0.0.0/0 allow
    do-ip6: "no"
    do-udp: "yes"
    do-tcp: "yes"
    so-reuseport: "yes"
    module-config: iterator
    cache-max-ttl: 86400
    cache-min-ttl: 0
    serve-expired: "yes"
    outgoing-num-tcp: 10
    incoming-num-tcp: 10
    root-hints: /usr/share/dns/root.hints
    auto-trust-anchor-file: /usr/share/dns/root.key
    harden-glue: "yes"
    harden-dnssec-stripped: "yes"
    use-caps-for-id: "yes"
    prefetch: "yes"
    local-zone:
      - '"test.github.com" transparent'
    local-data:
      - "'test.github.com A 10.10.10.10'"
    domain-insecure:
      - test.github.com
    private-domain:
      - test.github.com
  forward-zone:
    name: github.com
    forward-addr:
      - 1.1.1.1
      - 9.9.9.9

dnsbl_lists:
  - https://blocklistproject.github.io/Lists/alt-version/abuse-nl.txt

Some Resources Related to DNSBL

• https://blocklistproject.github.io/Lists/#versions
• https://justdomains.github.io/blocklists/#using-with-pi-hole
• https://crazymax.dev/WindowsSpyBlocker/blocking-rules/
• https://github.com/StevenBlack/hosts
• https://github.com/AdAway/AdAway/wiki/HostsSources
• https://oisd.nl/