Hi, i’ve tried adding host entries for use-application-dns.net (https://support.mozilla.org/en-US/kb/canary-domain-use-application-dnsnet) and that didn’t fix the problem … dooh! of course it wouldn’t, with 2 secs thought.
I believe I can add non-resolvable domains to the DNS proxy command line … can you advise what to add where?
Thanks David
apologies for the noise. Some searching found the answer:
create a file /etc/unbound/local.d/block_bad.conf with: local-zone: "use-application-dns.net" always_nxdomain You can also add: harden-below-nxdomain: yes
/etc/unbound/local.d/block_bad.conf
local-zone: "use-application-dns.net" always_nxdomain
harden-below-nxdomain: yes
if you want belt-and-braces.
save that and restart unbound.