Unbound: DNSBL: Anything is whitelisted if there is a Source Net(s) Entry in Config

[docsteel]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug
Unbound DNSBL whitelists anything if there is a Entry under "Source Net(s)" in the Blacklist Config.

To Reproduce

Steps to reproduce the behavior:

1. Install OPNsense 25.7.11
2. Install Unbound Service
3. Enable DNSBL Feature in Unbound
4. Add Blocklists and maybe custom Black- or Whitelisted Custom Domains
5. Add a Network Entry (e.g. 185.235.84.0/22) under "Source Net(s) in the DNSBL Config
6. Click Apply and restart Service
7. Check your DNS, anything that should be blacklisted are resolved correctly to IP Addresses

Expected behavior
Blacklisted Domains should be resolve to 0.0.0.0 if there is an Entry under "Source Net(s)" in the Config.

Describe alternatives you considered

Deleting Network Entry solved the Problem. Maybe a Regex Problem in unbound?

Screenshots
Failed DNSBL if there is a Source Net(s) entry:

Check via DNS Resolver, DNSBL is whitelisting anything:

Delete Source Net(s) Entry in DNSBL Config:

Check via DNS Resolver, DNSBL is working:

Relevant log files
See Screenshots

Additional context
Problem popped up with Version OPNsense 25.7.11. With OPNsense 25.7.10 or older anything was working.

Environment
OPNsense 25.7.11_2-amd64
FreeBSD 14.3-RELEASE-p7
OpenSSL 3.0.18
OPNsense Hardware Appliance DEC2750

[docsteel]

Looks like the Field "Source Net(s)" was recycled during Version Bump of Unbound. In prior Version this Field was for IP bound Blocking. Or the Field was not interpreted correctly before.
Configuration was automatically migrated during Update to Version 25.7.11.