The ultimate network adblocker!


Unbound-adblock is an easy to use network adblocker. It allows you to block online advertisements network wide and thus block ads on devices that otherwise don't support traditional browser-based adblockers such as uBlock Origin, Adblock Plus etc. I have found unbound-adblock to boost web browsing speed and increase battery life on mobile devices.

A nice side effect of the network adblocking is that there is no added CPU utilization on the client-side device for filtering out the ads, as all the heavy lifting is done by the DNS server. For devices with low resources, unbound-adblock can be a breath of fresh air.

Additionally, unbound-adblock blocks a large amount of online trackers, malware, fake sites, pop ups and other annoying garbage.

unbound-adblock works best when used in conjunction with pf-badhost

Download: link   |   See below for install instructions:

Version 0.3 Released!

Update March 2020:

To update unbound-adblock to the latest version:
click here for upgrade instructions

unbound-adblock version 0.3 has been released! It has a number of important improvements.


• Add support for adding additional block lists

• Improved error checking and robustness

• A number of correctness improvements

A number of people have contacted me asking about support for using additional blocklists, ask and thou shall receive.

Upgrade Quick Start:

If you already have unbound-adblock 0.2 installed correctly, you can just replace the script in /usr/local/bin with the latest (0.3) version.

Click Here to Download the Updated Script

Old version 0.2 release page: Link

Install Prerequisites:

This isn’t your first rodeo and you’re somewhat comfortable navigating your way around a Unix system. This guide is basically copy and paste. I will assume the reader knows how to set up an unbound(8) DNS server.
This OpenBSD FAQ page gives a list of easy instructions for doing just that.

Install Guide:

• Create a new user (we’ll call ours “_adblock”)

 # useradd -s /sbin/nologin _adblock 
• The user should be created with default shell of "nologin" and an empty password (disables password logins).

• Create blocklist file
# install -m 644 -o _adblock /dev/null /var/unbound/etc/adblock.conf

• Download and put unbound-adblock.sh into /usr/local/bin/

$ ftp https://www.geoghegan.ca/scripts/unbound-adblock.sh
# mv unbound-adblock.sh /usr/local/bin/ 
# chown root:bin /usr/local/bin/unbound-adblock.sh
• Add line to /var/unbound/etc/unbound.conf at the end of the “server:” config options

include: /var/unbound/etc/adblock.conf 

• Give _adblock strict doas permissions for the exact command it needs to run as superuser

# vi /etc/doas.conf
permit nopass _adblock cmd rcctl args reload unbound
• Edit _adblock’s crontab to run unbound-adblock.sh every night at midnight

 # crontab -u _adblock -e
      @midnight 		/bin/sh /usr/local/bin/unbound-adblock.sh

• Run script manually to parse and load the adblock ruleset
$ doas -u _adblock sh /usr/local/bin/unbound-adblock.sh 
• Restart unbound(8) for good measure
 # rcctl restart unbound 

• Additionally, adding a rule such as below to your router's pf.conf will help to block ads on Google devices such as Chromecasts and Youtube apps that are often hardcoded to use Google DNS

 # vi /etc/pf.conf
   pass in quick to {,} rdr-to $adblock_server

unbound-adblock should now be installed and blocking ads!