Unbound SafeSearchEnforcement with unbound.

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

L&LD

Part of the Furniture
 

SomeWhereOverTheRainBow

Very Senior Member
Alternatively use pi hole https://github.com/jaykepeters/PSS

Or if someone can make this into an easy addon, I would be very interested. Imagine the glory you coders :)
the problem with the pihole route is that it relies on persistent IP addresses and not ones that change or are different per geo-location such as the ones bing.com or duckduckgo use. The benefit of using the unbound route is that it relies strictly on redirecting the CNAME and unbound does the work of determining the IP. The draw back of relying on unbound to do this is this method is mainly only compatible if using unbound as a recursive resolver and not a forwarder to like google or cloudflare. Once unbound acts as a forwarder it sends the look ups to be handled else where.
 

BreakingDad

Senior Member
the problem with the pihole route is that it relies on persistent IP addresses and not ones that change or are different per geo-location such as the ones bing.com or duckduckgo use. The benefit of using the unbound route is that it relies strictly on redirecting the CNAME and unbound does the work of determining the IP. The draw back of relying on unbound to do this is this method is mainly only compatible if using unbound as a recursive resolver and not a forwarder to like google or cloudflare. Once unbound acts as a forwarder it sends the look ups to be handled else where.
Another option is https://github.com/AdguardTeam/AdGuardHome , which is personally what I am using now on a pi3, very easy for noobies as you just tick a box to enforce safe search, you can also block many services by means of a tick, malicious and adult sites and add as many advert lists as you desire. The code is public and the privacy policy is open.
 

sturmstar

Occasional Visitor
Another option is https://github.com/AdguardTeam/AdGuardHome , which is personally what I am using now on a pi3

I used AdGuardHome - and I like it - but I had it on a separat device because I didn't knew how to combine it on asuswrt-merlin WITH unbound. I would like to use it directly on the router like:

DNS Query (Port 53) -> Asuswwrt-Merlin (dnsmasq) -> forward to AdguardHome (different port) -> forward to Unbound (to resolve)

Because if i advertise the router-ip to the clients - i can't specify a port - so dnsmasq should forward it to adguardhome instead to unbound and inside from adguardhome i can specify any port for unbound resolving (like 5353...)

Can you help me with that?
 

BreakingDad

Senior Member
I used AdGuardHome - and I like it - but I had it on a separat device because I didn't knew how to combine it on asuswrt-merlin WITH unbound. I would like to use it directly on the router like:

DNS Query (Port 53) -> Asuswwrt-Merlin (dnsmasq) -> forward to AdguardHome (different port) -> forward to Unbound (to resolve)

Because if i advertise the router-ip to the clients - i can't specify a port - so dnsmasq should forward it to adguardhome instead to unbound and inside from adguardhome i can specify any port for unbound resolving (like 5353...)

Can you help me with that?
As far as I am aware you cannot add Adguardhome easily to the router easily, sure it can probably be done, but I am not sure about space and cpu utilisation for it to run with everything else crammed on the router. I am aware diversion/unbound is another option but I don't want to cram more onto my already over loaded router (+ i like messing about with pi's)

The adblocking and safesearch that the clever people here seem to use is diversion and unbound with extras. I formerly used pi hole running off a raspberry pi, currently i use adguard on the same pi, as for me it is easier to configure the safe search than adding additonal scripts and code to pi hole, believe me I tried but I could not get safe search to work properly on pi-hole, wheras adblock it is so easy.

With adguard I point it to my ISP dns (so i get their family protection as well), in the router I have static ips, kid devices go to isp dns through adguard, everything else goes through quad 9.

Sorry this does not really answer your question but I am not that smart without doing a lot of research. I would assume theoretically being linux based it is possible however.
 

SomeWhereOverTheRainBow

Very Senior Member
As far as I am aware you cannot add Adguardhome easily to the router easily, sure it can probably be done, but I am not sure about space and cpu utilisation for it to run with everything else crammed on the router. I am aware diversion/unbound is another option but I don't want to cram more onto my already over loaded router (+ i like messing about with pi's)

The adblocking and safesearch that the clever people here seem to use is diversion and unbound with extras. I formerly used pi hole running off a raspberry pi, currently i use adguard on the same pi, as for me it is easier to configure the safe search than adding additonal scripts and code to pi hole, believe me I tried but I could not get safe search to work properly on pi-hole, wheras adblock it is so easy.

With adguard I point it to my ISP dns (so i get their family protection as well), in the router I have static ips, kid devices go to isp dns through adguard, everything else goes through quad 9.

Sorry this does not really answer your question but I am not that smart without doing a lot of research. I would assume theoretically being linux based it is possible however.
I run this script with my Pihole+Unbound configuration. I am also testing out the new Unbound Manager Beta.
 

ugandy

Very Senior Member
not sure if off topic, but are there other changes in beta 3.22 vs v3.21 ?
 
Top