Menu
What's new
By:
Filters Better Search

Unbound SafeSearchEnforcement with unbound.

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.
L&LD

L&LD

Part of the Furniture
www.snbforums.com

Unbound - SafeSearchEnforcement with unbound.

For those who want to enforce safe search with unbound..... #!/bin/sh url="https://www.google.com/supported_domains" file="/etc/unbound/unbound.conf.d/safesearch.conf" #this can be where-ever your unbound config storage is. You will have to use include: option inside the main unbound.conf...
www.snbforums.com www.snbforums.com
 
S

SomeWhereOverTheRainBow

Very Senior Member
BreakingDad said:
Alternatively use pi hole https://github.com/jaykepeters/PSS

Or if someone can make this into an easy addon, I would be very interested. Imagine the glory you coders :)
Click to expand...
the problem with the pihole route is that it relies on persistent IP addresses and not ones that change or are different per geo-location such as the ones bing.com or duckduckgo use. The benefit of using the unbound route is that it relies strictly on redirecting the CNAME and unbound does the work of determining the IP. The draw back of relying on unbound to do this is this method is mainly only compatible if using unbound as a recursive resolver and not a forwarder to like google or cloudflare. Once unbound acts as a forwarder it sends the look ups to be handled else where.
 
BreakingDad

BreakingDad

Senior Member
SomeWhereOverTheRainBow said:
the problem with the pihole route is that it relies on persistent IP addresses and not ones that change or are different per geo-location such as the ones bing.com or duckduckgo use. The benefit of using the unbound route is that it relies strictly on redirecting the CNAME and unbound does the work of determining the IP. The draw back of relying on unbound to do this is this method is mainly only compatible if using unbound as a recursive resolver and not a forwarder to like google or cloudflare. Once unbound acts as a forwarder it sends the look ups to be handled else where.
Click to expand...
Another option is https://github.com/AdguardTeam/AdGuardHome , which is personally what I am using now on a pi3, very easy for noobies as you just tick a box to enforce safe search, you can also block many services by means of a tick, malicious and adult sites and add as many advert lists as you desire. The code is public and the privacy policy is open.
 
sturmstar

sturmstar

Occasional Visitor
BreakingDad said:
Another option is https://github.com/AdguardTeam/AdGuardHome , which is personally what I am using now on a pi3
Click to expand...

I used AdGuardHome - and I like it - but I had it on a separat device because I didn't knew how to combine it on asuswrt-merlin WITH unbound. I would like to use it directly on the router like:

DNS Query (Port 53) -> Asuswwrt-Merlin (dnsmasq) -> forward to AdguardHome (different port) -> forward to Unbound (to resolve)

Because if i advertise the router-ip to the clients - i can't specify a port - so dnsmasq should forward it to adguardhome instead to unbound and inside from adguardhome i can specify any port for unbound resolving (like 5353...)

Can you help me with that?
 
BreakingDad

BreakingDad

Senior Member
sturmstar said:
I used AdGuardHome - and I like it - but I had it on a separat device because I didn't knew how to combine it on asuswrt-merlin WITH unbound. I would like to use it directly on the router like:

DNS Query (Port 53) -> Asuswwrt-Merlin (dnsmasq) -> forward to AdguardHome (different port) -> forward to Unbound (to resolve)

Because if i advertise the router-ip to the clients - i can't specify a port - so dnsmasq should forward it to adguardhome instead to unbound and inside from adguardhome i can specify any port for unbound resolving (like 5353...)

Can you help me with that?
Click to expand...
As far as I am aware you cannot add Adguardhome easily to the router easily, sure it can probably be done, but I am not sure about space and cpu utilisation for it to run with everything else crammed on the router. I am aware diversion/unbound is another option but I don't want to cram more onto my already over loaded router (+ i like messing about with pi's)

The adblocking and safesearch that the clever people here seem to use is diversion and unbound with extras. I formerly used pi hole running off a raspberry pi, currently i use adguard on the same pi, as for me it is easier to configure the safe search than adding additonal scripts and code to pi hole, believe me I tried but I could not get safe search to work properly on pi-hole, wheras adblock it is so easy.

With adguard I point it to my ISP dns (so i get their family protection as well), in the router I have static ips, kid devices go to isp dns through adguard, everything else goes through quad 9.

Sorry this does not really answer your question but I am not that smart without doing a lot of research. I would assume theoretically being linux based it is possible however.
 
S

SomeWhereOverTheRainBow

Very Senior Member
BreakingDad said:
As far as I am aware you cannot add Adguardhome easily to the router easily, sure it can probably be done, but I am not sure about space and cpu utilisation for it to run with everything else crammed on the router. I am aware diversion/unbound is another option but I don't want to cram more onto my already over loaded router (+ i like messing about with pi's)

The adblocking and safesearch that the clever people here seem to use is diversion and unbound with extras. I formerly used pi hole running off a raspberry pi, currently i use adguard on the same pi, as for me it is easier to configure the safe search than adding additonal scripts and code to pi hole, believe me I tried but I could not get safe search to work properly on pi-hole, wheras adblock it is so easy.

With adguard I point it to my ISP dns (so i get their family protection as well), in the router I have static ips, kid devices go to isp dns through adguard, everything else goes through quad 9.

Sorry this does not really answer your question but I am not that smart without doing a lot of research. I would assume theoretically being linux based it is possible however.
Click to expand...
I run this script with my Pihole+Unbound configuration. I am also testing out the new Unbound Manager Beta.
 
U

ugandy

Very Senior Member
not sure if off topic, but are there other changes in beta 3.22 vs v3.21 ?
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
G Unbound Why Unbound works on router but not on Windows client? Asuswrt-Merlin AddOns 7
Slawek P Unbound unbound 1.12 appears not working with unbound_manager Asuswrt-Merlin AddOns 8
Daniel LaRusso Unbound Unbound Stats Tab (GUI) not showing? Asuswrt-Merlin AddOns 1
J Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server) - General questions / discussion thread 2 Asuswrt-Merlin AddOns 72
Z Unbound Unbound 1.12 Asuswrt-Merlin AddOns 14
S Unbound How to add local DNS entries when using unbound-manager Asuswrt-Merlin AddOns 2
S Unbound Unbound Selectively Kills WAN connections Asuswrt-Merlin AddOns 6
xendi Unbound Unbound + VPN Clients Asuswrt-Merlin AddOns 3
Slawek P Unbound How to reset unbound statistics page? Asuswrt-Merlin AddOns 2
M Unbound Unbound DNS VPN Client w/policy rules Asuswrt-Merlin AddOns 53

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

... and 9 more.
Total: 671 (members: 59, guests: 612)
Top