duplicate local-zone

Fong1 · June 1, 2018, 7:48pm

I've compiled a blacklist of adtracking sites that I'm trying to block by redirecting to 127.0.0.1. Some example entries:

local-zone: "0-act.channel.facebook.com" redirect
local-data: "0-act.channel.facebook.com A 127.0.0.1"
local-zone: "0-edge-chat.facebook.com" redirect
local-data: "0-edge-chat.facebook.com A 127.0.0.1"

I've included the file with an include: reference in unbound.conf. But if I run unbound-checkconf, I get warnings about duplicate local-zones, even though I have confirmed there are none in my file.

Stranger still, I get warned about a different line number every time I run unbound-checkconf, like so:

/usr/local/etc/unbound # unbound-checkconf [1527882258] unbound-checkconf[15369:0] warning: duplicate local-zone
[1527882258] unbound-checkconf[15369:0] error: could not enter zone sites redirect
[1527882258] unbound-checkconf[15369:0] fatal error: failed local-zone, local-data configuration
/usr/local/etc/unbound # unbound-checkconf
[1527882261] unbound-checkconf[15370:0] warning: duplicate local-zone
[1527882261] unbound-checkconf[15370:0] error: could not enter zone sites redirect
[1527882261] unbound-checkconf[15370:0] fatal error: failed local-zone, local-data configuration
/usr/local/etc/unbound # unbound-checkconf
[1527882263] unbound-checkconf[15371:0] warning: duplicate local-zone
[1527882263] unbound-checkconf[15371:0] error: could not enter zone sites redirect
[1527882263] unbound-checkconf[15371:0] fatal error: failed local-zone, local-data configuration

Any idea what is actually going on here?

TIA

FONG

Simon_Deziel · June 1, 2018, 8:05pm

Just putting the "local-data" line should automatically create the right
local-zone implicitly:

server:
local-data: "0-act.channel.facebook.com A 127.0.0.1"
local-data: "0-edge-chat.facebook.com A 127.0.0.1"

Maybe that will fix the dup zones problem, I don't know.

HTH,
Simon

Eric_Luehrsen · June 2, 2018, 4:44am

It could be other domains in your list not shown here. Redirect type works on the zone and its subdomains. If you have "local-zone: example.com redirect" and you also have "local-zone: adshare.example.com redirect", then specific zone is redundant to your more general zone entry. If you intend to pin-point specific servers instead of a whole domain range, then type static or type transparent with local-data: for each server may work better.

An example for a set of scripts that download from known block lists and write an unbound.conf insert can be found in OpenWrt "adblock." It uses OpenWrt UCI for configuration, but could easily be adapted.
https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md

good luck adblocking
Eric

Wouter · June 4, 2018, 8:51am

Hi,

I've compiled a blacklist of adtracking sites that I'm trying to block
by redirecting to 127.0.0.1. Some example entries:

local-zone: "0-act.channel.facebook.com" redirect
local-data: "0-act.channel.facebook.com A 127.0.0.1"
local-zone: "0-edge-chat.facebook.com" redirect
local-data: "0-edge-chat.facebook.com A 127.0.0.1"

I've included the file with an include: reference in unbound.conf. But
if I run unbound-checkconf, I get warnings about duplicate local-zones,
even though I have confirmed there are none in my file.

Stranger still, I get warned about a different line number every time I
run unbound-checkconf, like so:

Those numbers are the time and the process ID and not the line number.
The first number is a timestamp (in seconds). The 15369:0 is the
pid:tid of the process.

The 'sites' means the name 'sites' is in your config twice. The second
is of type 'redirect'. You could search for local-zone: "sites"
redirect in your config. And there should be another one local-zone:
"sites" <something>.

Best regards, Wouter