mpalmer/unbound.conf

## unbound.conf
server:
  # ...
  include /var/lib/unbound/unbound-adhosts.conf

## update-unbound-adhosts
#!/bin/bash
#
# Using blacklist from pi-hole project https://github.com/pi-hole/
# to enable AD blocking in unbound(8)
#
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"

set -e

# Available blocklists - comment line to disable blocklist
disconad="https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
discontrack="https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt"
hostfiles="https://hosts-file.net/ad_servers.txt"
malwaredom="https://mirror1.malwaredomains.com/files/justdomains"
stevenblack="https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"

unboundconf="/var/lib/unbound/unbound-adhosts.conf"

tmpfile="$(mktemp)"

filter_comments() {
        sed -e 's/#.*$//' -e '/^[[:space:]]*$/d'
}

for list in $malwaredom $zeustracker $disconad $discontrack; do
        wget -O - -q $list | filter_comments >> "$tmpfile"
done

# StevenBlack is a slightly different format
if [ -n "$stevenblack" ]; then
        wget -O - -q $stevenblack \
        | sed -n '/Start/,$p' \
        | filter_comments \
        | sed -e 's/#.*$//' -e '/^[[:space:]]*$/d' \
        | awk '/^0.0.0.0/ { print $2 }' \
        >> $tmpfile
fi

# hpHosts is another oddity
if [ -n "${hostfiles}" ]; then
        wget -O - -q $hostfiles \
        | sed -n '/START/,$p' \
        | tr -d '\015$' \
        | filter_comments \
        | awk '/^127.0.0.1/ { print $2 }' \
        >> $tmpfile
fi

# Create unbound(8) local zone file
sort -fu $tmpfile | grep -v "^[[:space:]]*$" | \
awk '{
  print "local-zone: \"" $1 "\" redirect"
  print "local-data: \"" $1 " A 0.0.0.0\""
  print "local-data: \"" $1 " AAAA ::\""
}' > $unboundconf && rm -f $tmpfile

# Reload unbound(8) blocklist
service unbound reload >/dev/null
	#!/bin/bash
	#
	# Using blacklist from pi-hole project https://github.com/pi-hole/
	# to enable AD blocking in unbound(8)
	#
	PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"

	set -e

	# Available blocklists - comment line to disable blocklist
	disconad="https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
	discontrack="https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt"
	hostfiles="https://hosts-file.net/ad_servers.txt"
	malwaredom="https://mirror1.malwaredomains.com/files/justdomains"
	stevenblack="https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"

	unboundconf="/var/lib/unbound/unbound-adhosts.conf"

	tmpfile="$(mktemp)"

	filter_comments() {
	sed -e 's/#.$//' -e '/^[[:space:]]$/d'
	}

	for list in $malwaredom $zeustracker $disconad $discontrack; do
	wget -O - -q $list \| filter_comments >> "$tmpfile"
	done

	# StevenBlack is a slightly different format
	if [ -n "$stevenblack" ]; then
	wget -O - -q $stevenblack \
	\| sed -n '/Start/,$p' \
	\| filter_comments \
	\| sed -e 's/#.$//' -e '/^[[:space:]]$/d' \
	\| awk '/^0.0.0.0/ { print $2 }' \
	>> $tmpfile
	fi

	# hpHosts is another oddity
	if [ -n "${hostfiles}" ]; then
	wget -O - -q $hostfiles \
	\| sed -n '/START/,$p' \
	\| tr -d '\015$' \
	\| filter_comments \
	\| awk '/^127.0.0.1/ { print $2 }' \
	>> $tmpfile
	fi

	# Create unbound(8) local zone file
	sort -fu $tmpfile \| grep -v "^[[:space:]]*$" \| \
	awk '{
	print "local-zone: \"" $1 "\" redirect"
	print "local-data: \"" $1 " A 0.0.0.0\""
	print "local-data: \"" $1 " AAAA ::\""
	}' > $unboundconf && rm -f $tmpfile

	# Reload unbound(8) blocklist
	service unbound reload >/dev/null