version=pmwiki-2.2.130 ordered=1 urlencoded=1 agent=Mozilla/5.0 (X11; Linux x86_64; OpenBSD amd64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.0 Safari/605.1.15 author=akoizumi charset=UTF-8 csum=add unwind ctime=1669497838 host=138.117.22.105 name=Unwind.Configure rev=1 targets= text=[@%0aunwind - validating DNS resolver%0a@]%0a%0a[@%0aunwind is a validating DNS resolver. It is intended to run on client%0amachines like workstations or laptops and only listens on localhost.%0aunwind sends DNS queries to nameservers to answer queries and switches to%0aresolvers learned from dhclient(8), dhcpleased(8) or slaacd(8) if it%0adetects that DNS queries are blocked by the local network. It%0aperiodically probes if DNS is no longer blocked and switches back to%0aquerying nameservers itself.%0a@]%0a%0aPutting that aside, we'll use the following configuration snippet.%0a%0a[@%0aforwarder { }%0ablock list "/etc/unwind.blacklist"%0a@]%0a%0aThe first line should have a list of DNS servers, you can fill those with OpenNIC's (see this [[http://wiki.ircnow.org/uploads/Unbound/unbound.txt | link]]).%0a%0aThe latter should have a list of domains to block from the resolver, you can use [[https://codeberg.org/unixsheikh/dnsblockbuster | dnsblockbuster ]] to generate one, but you need to run [@ sed 's/0.0.0.0 //g' dnsmasq-blocked-hosts.txt > unwind.blacklist @] in order to use it from unwind. %0a%0aAfter it's done, you can enable unwind with [@ # rcctl enable unwind @] and start it with [@ # rcctl start unwind @]. It'll be automatically detected by the running resolvd process and place it on resolv.conf. time=1669497838 author:1669497838=akoizumi csum:1669497838=add unwind diff:1669497838:1669497838:=1,26d0%0a%3c [@%0a%3c unwind - validating DNS resolver%0a%3c @]%0a%3c %0a%3c [@%0a%3c unwind is a validating DNS resolver. It is intended to run on client%0a%3c machines like workstations or laptops and only listens on localhost.%0a%3c unwind sends DNS queries to nameservers to answer queries and switches to%0a%3c resolvers learned from dhclient(8), dhcpleased(8) or slaacd(8) if it%0a%3c detects that DNS queries are blocked by the local network. It%0a%3c periodically probes if DNS is no longer blocked and switches back to%0a%3c querying nameservers itself.%0a%3c @]%0a%3c %0a%3c Putting that aside, we'll use the following configuration snippet.%0a%3c %0a%3c [@%0a%3c forwarder { }%0a%3c block list "/etc/unwind.blacklist"%0a%3c @]%0a%3c %0a%3c The first line should have a list of DNS servers, you can fill those with OpenNIC's (see this [[http://wiki.ircnow.org/uploads/Unbound/unbound.txt | link]]).%0a%3c %0a%3c The latter should have a list of domains to block from the resolver, you can use [[https://codeberg.org/unixsheikh/dnsblockbuster | dnsblockbuster ]] to generate one, but you need to run [@ sed 's/0.0.0.0 //g' dnsmasq-blocked-hosts.txt > unwind.blacklist @] in order to use it from unwind. %0a%3c %0a%3c After it's done, you can enable unwind with [@ # rcctl enable unwind @] and start it with [@ # rcctl start unwind @]. It'll be automatically detected by the running resolvd process and place it on resolv.conf.%0a\ No newline at end of file%0a host:1669497838=138.117.22.105