Recommended approach to host / domain blocking?


Active Member

Reaction score: 8
Messages: 118

I'm currently using hblock with Arch Linux on my laptop:

This POSIX-compliant shell script, designed for Unix-like systems, gets a list of domains that serve ads, tracking scripts and malware from multiple sources and creates a hosts file (alternative formats are also supported) that prevents your system from connecting to them.
and now I'm wondering what the recommended approach for something like this could be when using FreeBSD.

What comes to mind:


Well-Known Member

Reaction score: 143
Messages: 425

For a standalone machine, I would say if the first option works for you, stick with it. It's nice and simple, nothing much to go wrong and easy to debug/restore, etc.


Active Member

Reaction score: 8
Messages: 118

That's a nice solution, which gives real meaning to the use of local_unbound.

For a standalone machine, I would say if the first option works for you, stick with it. It's nice and simple, nothing much to go wrong and easy to debug/restore, etc.
That makes me wonder if it's unreasonable to use local_unbound mainly for that purpose on a desktop or laptop instead in terms of resource usage and maintenance.



Reaction score: 671
Messages: 1,089

I have running local_unbond on my FreeBSD home server which is also the gateway into the internet for all devices in our house. Obviously, the Hosts file approach is not useful in this case. The server is setup on a >10 years old Intel Atom D510@1.66GHz system and local-unbound is not consuming much resources, here the respective top output after apprx. 1 h when I restarted the machine:
32900 unbound       1  20    0    38M    24M select   3   0:02   0.00% local-unbound
In that time, my son was heavily playing on Trove and Roblox while talking with his friends over Discord and my wife watched a movie on Netflix, and I visited various sites in the internet. Unbound on this low end machine serves perfectly well for all of our needs at the same time and does not impose a notable load on the CPU.

BTW, it is setup as a recursive caching resolver and not as a forwarder. The fist lookup for a zone takes a bit longer, but consequent lookups of domains in already cached zones are responded in no time, though.

The imported void-zones list consist of 45566 zones (resolving to NXDOMAIN) which were consolidated from 55817 hosts.

The Hosts method on the other hand would work only for your local machine, and the complete list of hosts is needed. Also, the Hosts file would resolve domains to an IP address, usually or The benefit of having a NXDOMAIN response instead of a somehow invalid IP address is, that the client won’t even try to open a connection to a non-existing IP. So even if the Hosts file would consume less system resources, the clients which would be forced to look at or for the ads to be blocked would indeed consume more resources.

Setting up dns/void-zones-tools is a matter of minutes. Maintenance is a matter of putting the update script into a monthly cron job and then forget it. I didn’t had a closer look for several months now, and I looked at it now only because of your question.


New Member

Messages: 11

You can also use Unbound with adblock-unbound
I'm currently using Adguard. By the way, good application to stop advertising on the Internet. Many friends use it, but I know that there are other applications no less good than that. There is a lot of information about this on the Internet. I recently read an article about adblock for chrome, I didn't know that it is a rating of the best AdBlock that exists. I was surprised to see Adguard in the first place, so this is also the most popular. But I think that over time such applications will become more and more efficient and will completely stop advertising.
Last edited: