Block DNS using Unbound and Tags

Hello,

I wanted to reach out to the forum to see if anyone knows why when I attempt to setup domain tags in unbound. I get unbound-control error connecting: connection refused for 127.0.0.1 port 8963. Has anyone been able to successfully get this to work? I would like to create domain filters based on source IP addresses. It looks like I have all the domain tag information correct but no matter what I try it blocks the control port which seems very strange why a domain tag would do anything with the control plane.

Hello Tyson,
Maybe you want try the following steps to solve your issue:

• Create file ‘include.conf’ in ‘/etc/unbound/local.d’.
• Create directory ‘blocklists’ in ‘/etc/unbound/local.d’.
• Create file ‘blocklist.conf’ in ‘/etc/unbound/local.d/blocklists’.
• Run ‘nano /etc/unbound/local.d/include.conf’ and enter the following line:

include: /etc/unbound/local.d/blocklists/blocklist.conf

• Save and close the file.
• Run ‘nano /etc/unbound/local.d/blocklists/blocklist.conf’, enter and adapt the following lines to your needs:

server:
access-control-view: 192.168.1.0/24 blocklist_a
access-control-view: 192.168.2.0/24 blocklist_a
access-control-view: 192.168.3.0/24 blocklist_a
access-control-view: 192.168.4.5 blocklist_b
access-control-view: 192.168.4.6 blocklist_b
access-control-view: 192.168.4.7 blocklist_b
view:
name: blocklist_a
local-zone: “example0.domain” always_nxdomain
local-zone: “example1.domain” always_nxdomain
view:
name: blocklist_b
local-zone: “example2.domain” always_nxdomain
local-zone: “example3.domain” always_nxdomain
local-zone: “example4.domain” always_nxdomain

• Save and close the file.
• Run ‘/etc/init.d/unbound restart’.