+# syw
+#access-control-view: 10.2.0.7/32 "youtube"
+# bow
+access-control-view: 10.2.0.29/32 "youtube"
+# samsungtab
+access-control-view: 10.2.0.32/32 "youtube"
+EOF
+ fi
+ } | cedit /etc/unbound/unbound_srv.conf || unbound_restart=true
+
+
+ # dns based blocking vs ip based. with ip, same
+ # server can have multiple domains. in dns,
+ # you have to make sure clients to use the local dns.
+ # https dns will need to be blocked by ip in
+ # order to be comprehensive
+
+ cedit /etc/unbound/unbound_ext.conf <<EOF || unbound_restart=true
+
+$(cat /root/ptr-data)
+
+local-data-ptr: "10.2.0.1 cmc.b8.nz"
+local-data-ptr: "10.2.0.4 wrt2.b8.nz"
+local-data-ptr: "10.2.0.6 x2w.b8.nz"
+local-data-ptr: "10.2.0.7 syw.b8.nz"
+local-data-ptr: "10.2.0.9 bb8.b8.nz"
+local-data-ptr: "10.2.0.14 wrt3.b8.nz"
+local-data-ptr: "10.2.0.17 x3w.b8.nz"
+local-data-ptr: "10.2.0.18 tp.b8.nz"
+local-data-ptr: "10.2.0.19 brother.b8.nz"
+local-data-ptr: "10.2.0.23 tpw.b8.nz"
+local-data-ptr: "10.2.0.24 one9p.b8.nz"
+local-data-ptr: "10.2.0.25 hp.b8.nz"
+local-data-ptr: "10.2.0.29 bow.b8.nz"
+local-data-ptr: "10.2.0.31 amazontab.b8.nz"
+local-data-ptr: "10.2.0.32 samsungtab.b8.nz"
+local-data-ptr: "10.2.0.38 x8.b8.nz"
+local-data-ptr: "10.2.0.48 bigs.b8.nz"
+local-data-ptr: "10.2.0.49 pi4.b8.nz"
+local-data-ptr: "10.2.0.50 pi4w.b8.nz"
+local-data-ptr: "10.2.0.52 s22.b8.nz"
+local-data-ptr: "10.2.0.53 cmcap.b8.nz"
+local-data-ptr: "10.2.0.88 demohost.b8.nz"
+local-data-ptr: "10.174.2.2 transmission.b8.nz"
+local-data-ptr: "10.173.8.1 defaultnn.b8.nz"
+local-data-ptr: "10.173.8.2 nn.b8.nz"
+
+forward-zone:
+ name: "."
+# forward-addr: 8.8.8.8
+# forward-addr: 8.8.8.8
+
+# ssl disabled due to this error:
+#Sat Dec 24 03:34:44 2022 daemon.err unbound: [6568:0] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
+#Sat Dec 24 03:34:44 2022 daemon.notice unbound: [6568:0] notice: ssl handshake failed 1.0.0.3 port 853
+# on OPENWRT_RELEASE="OpenWrt SNAPSHOT r18639-f5865452ac"
+# from about feb 2022
+
+# https://developers.cloudflare.com/1.1.1.1/1.1.1.1-for-families/setup-instructions/dns-over-https
+# forward-addr: 1.1.1.3@853#family.cloudflare-dns.com
+# forward-addr: 1.0.0.3@853#family.cloudflare-dns.com
+# forward-ssl-upstream: yes
+ forward-first: no
+ forward-addr: 1.1.1.3
+ forward-addr: 1.0.0.3
+
+view:
+ name: "youtube"
+ local-zone: "googlevideo.com." refuse
+ local-zone: "video.google.com." refuse
+ local-zone: "youtu.be." refuse
+ local-zone: "youtube-nocookie.com." refuse
+ local-zone: "youtube-ui.l.google.com." refuse
+ local-zone: "youtube.com." refuse
+ local-zone: "youtube.googleapis.com." refuse
+ local-zone: "youtubeeducation.com." refuse
+ local-zone: "youtubei.googleapis.com." refuse
+ local-zone: "yt3.ggpht.com." refuse
+ local-zone: "youtubekids.com." refuse
+ # try global if no match in view
+ view-first: yes
+EOF