| | | | | |

How to Block Ads with Unbound DNS Server

Unbound is a DNS server that’s normally used in more complex environments than PiHole. If you use Linux, you may see it’s even required by many packages. Many companies use it for their own DNS servers, and it makes up much of the internet’s actual DNS infrastructure. Unbound supports complex things like DNS over TLS, encrypting your DNS traffic so people can’t snoop, and runs on nearly every Operating System. Reasons to Block Ads with Unbound instead of PiHole may be:

  1. You are on an Operating System where you just can’t use PiHole
  2. You need something more anonymous than PiHole
  3. You want to make your DNS open to WAN, exposing it to possible security flaws and generally requiring DNS over TLS
  4. You can’t dedicate port 80 on your device to PiHole

We also recommend checking out our other article on blocking trackers systemwide, instead of network-wide: How to Stop Tracking Systemwide

How to Install Unbound DNS Server

Package managers vary, but this tutorial is universal. Look for “unbound” in your package manager.

Use this command to install unbound to block ads and trackers on Debian-based Linux:

Install unbound with apt

Use this command to install on FreeBSD:

install unbound to block ads and trackers on freebsd

The package is generally just called “unbound” on most systems.

Unbound is also available at: https://www.nlnetlabs.nl/projects/unbound/about/

How to configure Unbound DNS Server to Block Ads

First, you need your main config. Create the main config in unbound.conf:

sudo vim /etc/unbound.conf
# vim /usr/local/etc/unbound.conf

Then append the following:

configure unbound to block ads and trackers

If you’re unfamilar with Vim, check out How to Write in Vim on Linux or other OSes (Tutorial)

See also  How to Back up ZFS and Restore Data on FreeBSD

Configure the ad-block

If you’re subscribed to a premium version of Info Toast Tools, feel free to skip this step, and change the bottom two lines of the initial config to, which will block ads and trackers with our unbound setup on your own DNS server:

forward-addr: <ip address known to premium subscribers>

Otherwise, type the following to get the config:

curl -o block.conf https://infotoast.org/Downloads/hosts/unbound.php
Then on Linux:
cp block.conf /etc/unbound/unbound.conf.d/
And on BSD:
cp block.conf /usr/local/etc/unbound/unbound.conf.d/

Start and Enable Unbound

To enable Unbound on Startup:

Then to start:


The DNS over TLS port is 853. Make sure you forward that port on your router if you want it to be public. Now, you can block ads and trackers with unbound instead of PiHole!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *