Navigate to Services → DNS Resolver.
Add the following to the Custom Options.
server:
access-control-view: 192.168.10.0/24 bypass
access-control-view: 192.168.20.0/24 dnsbl
view:
name: "bypass"
view-first: yes
view:
name: "dnsbl"
view-first: yes
include: /var/unbound/pfb_dnsbl.*conf
local-data: "www.google.com 60 IN A 216.239.38.120"
local-data: "www.youtube.com 60 IN A 216.239.38.119"
local-data: "www.bing.com 60 IN A 204.79.197.220"
local-data: "duckduckgo.com 60 IN A 107.20.240.232"
NOTE: The entries added in the dnsbl view force all clients in this group (192.168.20.x) to the SafeSearch address for each of the four services included.
We have to add them here as adding them as a Host Override on the DNS Resolver configuration page would enforce them for all clients.
Add the following entries in the section Host Overrides below: