Hi,
Are use a script to integrate in unbound directly Filter list for different categories.
with regards to DNSSEC, you want to avoid this since there is no way of telling (from
the clitent’s perspective) whether the DNS resolver tampers with certain queries or an
attacker is modifying them.
DNS-based filtering is what PiHole does - it works, it sells (unfortunately), but it really is not sexy.
Forcing clients to use IPFire’s proxy works - I run several IPFire machines for several
years using this setup -, except for (mobile or proprietary) applications which are not
capable of using HTTP proxies.
Thanks, and best regards,
Peter Müller