juliendkim/Install unbound dns cache on Mac.sh

## Install unbound dns cache on Mac.sh
$ brew install unbound
$ unbound-anchor -a /usr/local/etc/unbound/root.key
$ unbound-control-setup -d /usr/local/etc/unbound
$ unbound-checkconf /usr/local/etc/unbound/unbound.conf
$ sudo brew services start unbound

## unbound.conf
server:
    # interface: 2001:DB8::5
    interface: 127.0.0.1
    access-control: 127.0.0.0/8 allow
    # access-control: ::1 allow
    chroot: "/usr/local/etc/unbound"
    username: "USER_ACCOUNT_NAME"
    directory: "/usr/local/etc/unbound"

    private-address: 10.0.0.0/8
    private-address: 172.16.0.0/12
    private-address: 192.168.0.0/16
    private-address: 169.254.0.0/16
    private-address: fd00::/8
    private-address: fe80::/10
    private-address: ::ffff:0:0/96
    # private-domain: "example.com"

    do-not-query-localhost: no
    auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
    local-zone: "criteo.com" redirect
    local-data: "criteo.com A 127.0.0.1"
    local-zone: "tinypic.com" redirect
    local-data: "tinypic.com A 127.0.0.1"
    local-zone: "cloudinary.com" redirect
    local-data: "cloudinary.com A 127.0.0.1"
    local-zone: "double-click.net" redirect
    local-data: "double-click.net A 127.0.0.1"
    local-zone: "doubleclick.net" redirect
    local-data: "doubleclick.net A 127.0.0.1"
    local-zone: "googlesyndication.com" redirect
    local-data: "googlesyndication.com A 127.0.0.1"
    local-zone: "googleadservices.com" redirect
    local-data: "googleadservices.com A 127.0.0.1"
    local-zone: "google-analytics.com" redirect
    local-data: "google-analytics.com A 127.0.0.1"
    local-zone: "ads.youtube.com" redirect
    local-data: "ads.youtube.com A 127.0.0.1"
    local-zone: "adserver.yahoo.com" redirect
    local-data: "adserver.yahoo.com A 127.0.0.1"

python:

remote-control:
    control-enable: yes
    control-interface: 127.0.0.1
    # control-interface: ::1
    server-key-file: "/usr/local/etc/unbound/unbound_server.key"
    server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
    control-key-file: "/usr/local/etc/unbound/unbound_control.key"
    control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"

forward-zone:
    name: "."
    forward-addr: 1.1.1.1        # opendns
    forward-addr: 1.0.0.1        # opendns
    forward-addr: 8.8.4.4        # Google
    forward-addr: 8.8.8.8        # Google
    forward-addr: 37.235.1.174   # FreeDNS
    forward-addr: 37.235.1.177   # FreeDNS
    forward-addr: 50.116.23.211  # OpenNIC
    forward-addr: 64.6.64.6      # Verisign
    forward-addr: 64.6.65.6      # Verisign
    forward-addr: 74.82.42.42    # Hurricane Electric
    forward-addr: 84.200.69.80   # DNS Watch
    forward-addr: 84.200.70.40   # DNS Watch
    forward-addr: 91.239.100.100 # censurfridns.dk
    forward-addr: 109.69.8.51    # puntCAT
    forward-addr: 216.146.35.35  # Dyn Public
    forward-addr: 216.146.36.36  # Dyn Public
	$ brew install unbound
	$ unbound-anchor -a /usr/local/etc/unbound/root.key
	$ unbound-control-setup -d /usr/local/etc/unbound
	$ unbound-checkconf /usr/local/etc/unbound/unbound.conf
	$ sudo brew services start unbound
	server:
	# interface: 2001:DB8::5
	interface: 127.0.0.1
	access-control: 127.0.0.0/8 allow
	# access-control: ::1 allow
	chroot: "/usr/local/etc/unbound"
	username: "USER_ACCOUNT_NAME"
	directory: "/usr/local/etc/unbound"

	private-address: 10.0.0.0/8
	private-address: 172.16.0.0/12
	private-address: 192.168.0.0/16
	private-address: 169.254.0.0/16
	private-address: fd00::/8
	private-address: fe80::/10
	private-address: ::ffff:0:0/96
	# private-domain: "example.com"

	do-not-query-localhost: no
	auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
	local-zone: "criteo.com" redirect
	local-data: "criteo.com A 127.0.0.1"
	local-zone: "tinypic.com" redirect
	local-data: "tinypic.com A 127.0.0.1"
	local-zone: "cloudinary.com" redirect
	local-data: "cloudinary.com A 127.0.0.1"
	local-zone: "double-click.net" redirect
	local-data: "double-click.net A 127.0.0.1"
	local-zone: "doubleclick.net" redirect
	local-data: "doubleclick.net A 127.0.0.1"
	local-zone: "googlesyndication.com" redirect
	local-data: "googlesyndication.com A 127.0.0.1"
	local-zone: "googleadservices.com" redirect
	local-data: "googleadservices.com A 127.0.0.1"
	local-zone: "google-analytics.com" redirect
	local-data: "google-analytics.com A 127.0.0.1"
	local-zone: "ads.youtube.com" redirect
	local-data: "ads.youtube.com A 127.0.0.1"
	local-zone: "adserver.yahoo.com" redirect
	local-data: "adserver.yahoo.com A 127.0.0.1"

	python:

	remote-control:
	control-enable: yes
	control-interface: 127.0.0.1
	# control-interface: ::1
	server-key-file: "/usr/local/etc/unbound/unbound_server.key"
	server-cert-file: "/usr/local/etc/unbound/unbound_server.pem"
	control-key-file: "/usr/local/etc/unbound/unbound_control.key"
	control-cert-file: "/usr/local/etc/unbound/unbound_control.pem"

	forward-zone:
	name: "."
	forward-addr: 1.1.1.1 # opendns
	forward-addr: 1.0.0.1 # opendns
	forward-addr: 8.8.4.4 # Google
	forward-addr: 8.8.8.8 # Google
	forward-addr: 37.235.1.174 # FreeDNS
	forward-addr: 37.235.1.177 # FreeDNS
	forward-addr: 50.116.23.211 # OpenNIC
	forward-addr: 64.6.64.6 # Verisign
	forward-addr: 64.6.65.6 # Verisign
	forward-addr: 74.82.42.42 # Hurricane Electric
	forward-addr: 84.200.69.80 # DNS Watch
	forward-addr: 84.200.70.40 # DNS Watch
	forward-addr: 91.239.100.100 # censurfridns.dk
	forward-addr: 109.69.8.51 # puntCAT
	forward-addr: 216.146.35.35 # Dyn Public
	forward-addr: 216.146.36.36 # Dyn Public