I first tried to use UnboundDNS, but it seemed unreliable once modified for adblocking. I later discovered that dnsmasq does everything I expected from Unbound, but with the familiar configuration interface. It’s been battle-tested for adblocking, and so as a pre-requisite, enable and configure that.
Once you’re done, enable SSH and connect to your OPNsense box.
I used my
phosphor user’s home directory to store my adblock files. Replace my username with yours where applicable
Steven Black maintains a nice hosts file that blocks a lot of things. We will download that and strip out the comments (dnsmasq requires this when loading extra hosts files).
Next go to your OPNsense Web GUi and navigate to Services -> Dnsmasq DNS -> Settings
In the Advanced section add the following, replacing my username with yours, or wherever you put your hosts file:
You can add multiple hosts files this way if you wish. Finally click Save and then Apply Configuration.
Now you can test the adblock. You may need to reset your DNS cache on the clients you are testing. I like to use this site to test:
So dnsmasq can also log queries if you add
log-queries to the advanced configuration section. Then, the opnsense dnsmasq logs will show queries.