Wiki's under this subject
It is worth mentioning that Unbound have been working on supporting Response policy zone (RPZ), and they have finally merged the work. See this PullRequest at GH.
According to there response on when they would like to release this, it should be witin February 2020.
Setup Response Policy Zone
The following setup guidance is based on doc/example.conf.in in the above PR on GH
# Response Policy Zones # RPZ policies. Applied in order of configuration. QNAME and Response IP # Address trigger are the only supported triggers. Supported actions are: # NXDOMAIN, NODATA, PASSTHRU, DROP and Local Data. Policies can be loaded from # file, using zone transfer, or using HTTP. The respip module needs to be added # to the module-config, e.g.: module-config: "respip validator iterator". rpz: name: "rpz.mypdns.cloud" zonefile: "rpz.mypdns.cloud" master: axfr.ipv4.mypdns.cloud@5353 # IPv4 master: axfr.mypdns.cloud # IPv6 allow-notify: 192.0.2.0/32 url: https://gitlab.com/my-privacy-dns/rpz-dns-firewall-tools/bind-9/raw/master/rpz_zones/rpz.mypdns.cloud.rpz rpz-action-override: NXDOMAIN rpz-cname-override: rpz.mypdns.cloud rpz-log: yes rpz-log-name: "example policy" tags: "example"
Now save this in your conf dir as
That should be about it :)