unboundでWindows Update テレメトリー通信阻止

「がとらぼ」ではこれまで勝手なWindows Updateや知らないところでのテレメトリ収集を阻止したいとローテク技で頑張ってきているが、今回はLAN内のWindows PC全部を対象とした名前解決による方法。
LANとインターネットの境にあるルーターやファイアウォールにDNSリゾルバを置いて、LAN内のPCの名前解決はそのDNSリゾルバを使うことにする。この記事ではDNSリゾルバとして設定が簡単なunboundを使う。

unboundのインストール。FreeBSDではportsやpkgで簡単にインストールできる。

# cd /usr/ports/dns/unbound
# make install

/etc/rc.confに1行追記
unbound_enable="YES"

unboundの設定ファイルの例
/usr/local/etc/unbound/unbound.conf
server:
	verbosity: 1
	interface:127.0.0.1
	interface: ::0
	interface: 0.0.0.0 # or Unbound IPv4 Address exp:192.168.0.1
	interface: 2001:xxxx:xxxx:xxxx::1000 #Unbound IPv6 address

	access-control: 0.0.0.0/0 refuse  #IPv4全拒否
	access-control: ::0/0 refuse      #IPv6全拒否
	access-control: 127.0.0.0/8 allow #許可(以下3行も)
	access-control: ::1 allow
	access-control: 192.168.0.0/24 allow  #IPv4 LAN
	access-control: 2001:xxxx:xxxx:xxxx/64 allow  # IPv6 LAN

	# Windows Update  2016/10/20
	local-data: "b1.download.windowsupdate.com. IN A 0.0.0.0"
	local-data: "ctldl.windowsupdate.com. IN A 0.0.0.0"
	local-data: "emdl.ws.microsoft.com. IN A 0.0.0.0"
	local-data: "fe1.update.microsoft.com. IN A 0.0.0.0"
	local-data: "fe2.update.microsoft.com. IN A 0.0.0.0"
	local-data: "fe3.delivery.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "fg.v4.download.windowsupdate.com. IN A 0.0.0.0"
	local-data: "insiderservice.microsoft.com. IN A 0.0.0.0"
	local-data: "sls.update.microsoft.com. IN A 0.0.0.0"
	local-data: "update.microsoft.com. IN A 0.0.0.0"
	local-data: "v4.download.windowsupdate.com. IN A 0.0.0.0"
	local-data: "v10.vortex-win.data.microsoft.com. IN A 0.0.0.0"
	local-data: "win10.ipv6.microsoft.com. IN A 0.0.0.0"
	local-data: "windowsupdate.microsoft.com. IN A 0.0.0.0"

	# Windows Update IPv6
	local-data: "b1.download.windowsupdate.com. IN AAAA ::"
	local-data: "ctldl.windowsupdate.com. IN AAAA ::"
	local-data: "emdl.ws.microsoft.com. IN AAAA ::"
	local-data: "fe1.update.microsoft.com. IN AAAA ::"
	local-data: "fe2.update.microsoft.com. IN AAAA ::"
	local-data: "fe3.delivery.mp.microsoft.com. IN AAAA ::"
	local-data: "fg.v4.download.windowsupdate.com. IN AAAA ::"
	local-data: "insiderservice.microsoft.com. IN AAAA ::"
	local-data: "sls.update.microsoft.com. IN AAAA ::"
	local-data: "update.microsoft.com. IN AAAA ::"
	local-data: "v4.download.windowsupdate.com. IN AAAA ::"
	local-data: "v10.vortex-win.data.microsoft.com. IN AAAA ::"
	local-data: "win10.ipv6.microsoft.com. IN AAAA ::"
	local-data: "windowsupdate.microsoft.com. IN AAAA ::"

	# Windows Telemetry  2016/10/20
	local-data: "a-0001.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0002.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0003.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0004.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0005.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0006.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0007.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0008.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0009.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0010.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0011.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0012.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0013.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0014.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0015.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0016.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0017.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0018.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0019.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0020.a-msedge.net. IN A 0.0.0.0"
	local-data: "a-0021.a-msedge.net. IN A 0.0.0.0"
	local-data: "a.config.skype.com. IN A 0.0.0.0"
	local-data: "api.mcr.skype.com. IN A 0.0.0.0"
	local-data: "array101-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "array102-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "array103-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "array104-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "array201-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "array202-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "array203-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "array204-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "array301-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "array302-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "array303-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "array304-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "b.config.skype.com. IN A 0.0.0.0"
	local-data: "choice.microsoft.com. IN A 0.0.0.0"
	local-data: "choice.microsoft.com.nstac.net. IN A 0.0.0.0"
	local-data: "client-s.gateway.messenger.live.com. IN A 0.0.0.0"
	local-data: "client.wns.windows.com. IN A 0.0.0.0"
	local-data: "config.edge.skype.com. IN A 0.0.0.0"
	local-data: "config.skype.com. IN A 0.0.0.0"
	local-data: "corp.sts.microsoft.com. IN A 0.0.0.0"
	local-data: "cp101-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "cp201-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "cp301-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "cp401-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "cs1.wpc.v0cdn.net. IN A 0.0.0.0"
	local-data: "df.telemetry.microsoft.com. IN A 0.0.0.0"
	local-data: "diagnostics.support.microsoft.com. IN A 0.0.0.0"
	local-data: "disc101-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "disc201-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "disc301-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "disc401-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "dsn1.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn2.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn3.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn4.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn5.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn6.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn7.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn8.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn9.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn10.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn11.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn12.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn13.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn14.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn15.d.skype.net. IN A 0.0.0.0"
	local-data: "dsn16.d.skype.net. IN A 0.0.0.0"
	local-data: "feedback.microsoft-hohm.com. IN A 0.0.0.0"
	local-data: "feedback.search.microsoft.com. IN A 0.0.0.0"
	local-data: "feedback.windows.com. IN A 0.0.0.0"
	local-data: "geo.gateway.messenger.live.com. IN A 0.0.0.0"
	local-data: "geo-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "geo-prod.dodsp.mp.microsoft.com.nsatc.net. IN A 0.0.0.0"
	local-data: "geover-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "geover-prod.dodsp.mp.microsoft.com.nsatc.net. IN A 0.0.0.0"
	local-data: "i1.services.social.microsoft.com. IN A 0.0.0.0"
	local-data: "i1.services.social.microsoft.com.nsatc.net. IN A 0.0.0.0"
	local-data: "kv101-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "kv201-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "kv301-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "kv401-prod.do.dsp.mp.microsoft.com. IN A 0.0.0.0"
#	local-data: "login.live.com. IN A 0.0.0.0"
	local-data: "m.hotmail.com. IN A 0.0.0.0"
	local-data: "mobile.pipe.aria.microsoft.com. IN A 0.0.0.0"
	local-data: "nexus.officeapps.live.com. IN A 0.0.0.0"
	local-data: "oca.telemetry.microsoft.com. IN A 0.0.0.0"
	local-data: "oca.telemetry.microsoft.com.nsatc.net. IN A 0.0.0.0"
	local-data: "purchase.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "prod.do.dsp.mp.microsoft.com.edgekey.net. IN A 0.0.0.0"
	local-data: "prod.registrar.skype.com. IN A 0.0.0.0"
	local-data: "purchase.mp.microsoft.com. IN A 0.0.0.0"
	local-data: "redir.metaservices.microsoft.com. IN A 0.0.0.0"
	local-data: "reports.wes.df.telemetry.microsoft.com. IN A 0.0.0.0"
	local-data: "s.gateway.messenger.live.com. IN A 0.0.0.0"
	local-data: "services.wes.df.telemetry.microsoft.com. IN A 0.0.0.0"
	local-data: "settings-sandbox.data.microsoft.com. IN A 0.0.0.0"
	local-data: "settings-win.data.microsoft.com. IN A 0.0.0.0"
	local-data: "skyapi.live.net. IN A 0.0.0.0"
	local-data: "spynet2.microsoft.com. IN A 0.0.0.0"
	local-data: "spynetalt.microsoft.com. IN A 0.0.0.0"
	local-data: "sqm.df.telemetry.microsoft.com. IN A 0.0.0.0"
	local-data: "sqm.telemetry.microsoft.com. IN A 0.0.0.0"
	local-data: "sqm.telemetry.microsoft.com.nsatc.net. IN A 0.0.0.0"
	local-data: "ssw.live.com. IN A 0.0.0.0"
	local-data: "statsfe1.ws.microsoft.com. IN A 0.0.0.0"
	local-data: "statsfe2.update.microsoft.com.akadns.net. IN A 0.0.0.0"
	local-data: "statsfe2.ws.microsoft.com. IN A 0.0.0.0"
	local-data: "survey.watson.microsoft.com. IN A 0.0.0.0"
	local-data: "telecommand.telemetry.microsoft.com. IN A 0.0.0.0"
	local-data: "telecommand.telemetry.microsoft.com.nsatc.net. IN A 0.0.0.0"
	local-data: "telemetry.appex.bing.net. IN A 0.0.0.0"
	local-data: "telemetry.microsoft.com. IN A 0.0.0.0"
	local-data: "telemetry.urs.microsoft.com. IN A 0.0.0.0"
	local-data: "vortex-bn2.metron.live.com.nsatc.net. IN A 0.0.0.0"
	local-data: "vortex-cy2.metron.live.com.nsatc.net. IN A 0.0.0.0"
	local-data: "vortex-sandbox.data.microsoft.com. IN A 0.0.0.0"
	local-data: "vortex-win.data.microsoft.com. IN A 0.0.0.0"
	local-data: "vortex.data.microsoft.com. IN A 0.0.0.0"
	local-data: "watson.live.com. IN A 0.0.0.0"
	local-data: "watson.microsoft.com. IN A 0.0.0.0"
	local-data: "watson.ppe.telemetry.microsoft.com. IN A 0.0.0.0"
	local-data: "watson.telemetry.microsoft.com. IN A 0.0.0.0"
	local-data: "watson.telemetry.microsoft.com.nsatc.net. IN A 0.0.0.0"
	local-data: "wdcp.microsoft.com. IN A 0.0.0.0"
	local-data: "wdcpalt.microsoft.com. IN A 0.0.0.0"
	local-data: "wes.df.telemetry.microsoft.com. IN A 0.0.0.0"

	# Windows Telemetry IPv6
	local-data: "a-0001.a-msedge.net. IN AAAA ::"
	local-data: "a-0002.a-msedge.net. IN AAAA ::"
	local-data: "a-0003.a-msedge.net. IN AAAA ::"
	local-data: "a-0004.a-msedge.net. IN AAAA ::"
	local-data: "a-0005.a-msedge.net. IN AAAA ::"
	local-data: "a-0006.a-msedge.net. IN AAAA ::"
	local-data: "a-0007.a-msedge.net. IN AAAA ::"
	local-data: "a-0008.a-msedge.net. IN AAAA ::"
	local-data: "a-0009.a-msedge.net. IN AAAA ::"
	local-data: "a-0010.a-msedge.net. IN AAAA ::"
	local-data: "a-0011.a-msedge.net. IN AAAA ::"
	local-data: "a-0012.a-msedge.net. IN AAAA ::"
	local-data: "a-0013.a-msedge.net. IN AAAA ::"
	local-data: "a-0014.a-msedge.net. IN AAAA ::"
	local-data: "a-0015.a-msedge.net. IN AAAA ::"
	local-data: "a-0016.a-msedge.net. IN AAAA ::"
	local-data: "a-0017.a-msedge.net. IN AAAA ::"
	local-data: "a-0018.a-msedge.net. IN AAAA ::"
	local-data: "a-0019.a-msedge.net. IN AAAA ::"
	local-data: "a-0020.a-msedge.net. IN AAAA ::"
	local-data: "a-0021.a-msedge.net. IN AAAA ::"
	local-data: "a.config.skype.com. IN AAAA ::"
	local-data: "api.mcr.skype.com. IN AAAA ::"
	local-data: "array101-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "array102-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "array103-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "array104-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "array201-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "array202-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "array203-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "array204-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "array301-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "array302-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "array303-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "array304-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "b.config.skype.com. IN AAAA ::"
	local-data: "choice.microsoft.com. IN AAAA ::"
	local-data: "choice.microsoft.com.nstac.net. IN AAAA ::"
	local-data: "client-s.gateway.messenger.live.com. IN AAAA ::"
	local-data: "client.wns.windows.com. IN AAAA ::"
	local-data: "config.edge.skype.com. IN AAAA ::"
	local-data: "config.skype.com. IN AAAA ::"
	local-data: "corp.sts.microsoft.com. IN AAAA ::"
	local-data: "cp101-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "cp201-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "cp301-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "cp401-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "cs1.wpc.v0cdn.net. IN AAAA ::"
	local-data: "df.telemetry.microsoft.com. IN AAAA ::"
	local-data: "diagnostics.support.microsoft.com. IN AAAA ::"
	local-data: "disc101-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "disc201-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "disc301-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "disc401-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "dsn1.d.skype.net. IN AAAA ::"
	local-data: "dsn2.d.skype.net. IN AAAA ::"
	local-data: "dsn3.d.skype.net. IN AAAA ::"
	local-data: "dsn4.d.skype.net. IN AAAA ::"
	local-data: "dsn5.d.skype.net. IN AAAA ::"
	local-data: "dsn6.d.skype.net. IN AAAA ::"
	local-data: "dsn7.d.skype.net. IN AAAA ::"
	local-data: "dsn8.d.skype.net. IN AAAA ::"
	local-data: "dsn9.d.skype.net. IN AAAA ::"
	local-data: "dsn10.d.skype.net. IN AAAA ::"
	local-data: "dsn11.d.skype.net. IN AAAA ::"
	local-data: "dsn12.d.skype.net. IN AAAA ::"
	local-data: "dsn13.d.skype.net. IN AAAA ::"
	local-data: "dsn14.d.skype.net. IN AAAA ::"
	local-data: "dsn15.d.skype.net. IN AAAA ::"
	local-data: "dsn16.d.skype.net. IN AAAA ::"
	local-data: "feedback.microsoft-hohm.com. IN AAAA ::"
	local-data: "feedback.search.microsoft.com. IN AAAA ::"
	local-data: "feedback.windows.com. IN AAAA ::"
	local-data: "geo.gateway.messenger.live.com. IN AAAA ::"
	local-data: "geo-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "geo-prod.dodsp.mp.microsoft.com.nsatc.net. IN AAAA ::"
	local-data: "geover-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "geover-prod.dodsp.mp.microsoft.com.nsatc.net. IN AAAA ::"
	local-data: "i1.services.social.microsoft.com. IN AAAA ::"
	local-data: "i1.services.social.microsoft.com.nsatc.net. IN AAAA ::"
	local-data: "kv101-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "kv201-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "kv301-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
	local-data: "kv401-prod.do.dsp.mp.microsoft.com. IN AAAA ::"
#	local-data: "login.live.com. IN AAAA ::"
	local-data: "m.hotmail.com. IN AAAA ::"
	local-data: "mobile.pipe.aria.microsoft.com. IN AAAA ::"
	local-data: "nexus.officeapps.live.com. IN AAAA ::"
	local-data: "oca.telemetry.microsoft.com. IN AAAA ::"
	local-data: "oca.telemetry.microsoft.com.nsatc.net. IN AAAA ::"
	local-data: "prod.do.dsp.mp.microsoft.com.edgekey.net. IN AAAA ::"
	local-data: "prod.registrar.skype.com. IN AAAA ::"
	local-data: "purchase.mp.microsoft.com. IN AAAA ::"
	local-data: "redir.metaservices.microsoft.com. IN AAAA ::"
	local-data: "reports.wes.df.telemetry.microsoft.com. IN AAAA ::"
	local-data: "s.gateway.messenger.live.com. IN AAAA ::"
	local-data: "services.wes.df.telemetry.microsoft.com. IN AAAA ::"
	local-data: "settings-sandbox.data.microsoft.com. IN AAAA ::"
	local-data: "settings-win.data.microsoft.com. IN AAAA ::"
	local-data: "skyapi.live.net. IN AAAA ::"
	local-data: "spynet2.microsoft.com. IN AAAA ::"
	local-data: "spynetalt.microsoft.com. IN AAAA ::"
	local-data: "sqm.df.telemetry.microsoft.com. IN AAAA ::"
	local-data: "sqm.telemetry.microsoft.com. IN AAAA ::"
	local-data: "sqm.telemetry.microsoft.com.nsatc.net. IN AAAA ::"
	local-data: "ssw.live.com. IN AAAA ::"
	local-data: "statsfe1.ws.microsoft.com. IN AAAA ::"
	local-data: "statsfe2.update.microsoft.com.akadns.net. IN AAAA ::"
	local-data: "statsfe2.ws.microsoft.com. IN AAAA ::"
	local-data: "survey.watson.microsoft.com. IN AAAA ::"
	local-data: "telecommand.telemetry.microsoft.com. IN AAAA ::"
	local-data: "telecommand.telemetry.microsoft.com.nsatc.net. IN AAAA ::"
	local-data: "telemetry.appex.bing.net. IN AAAA ::"
	local-data: "telemetry.microsoft.com. IN AAAA ::"
	local-data: "telemetry.urs.microsoft.com. IN AAAA ::"
	local-data: "vortex-bn2.metron.live.com.nsatc.net. IN AAAA ::"
	local-data: "vortex-cy2.metron.live.com.nsatc.net. IN AAAA ::"
	local-data: "vortex-sandbox.data.microsoft.com. IN AAAA ::"
	local-data: "vortex-win.data.microsoft.com. IN AAAA ::"
	local-data: "vortex.data.microsoft.com. IN AAAA ::"
	local-data: "watson.live.com. IN AAAA ::"
	local-data: "watson.microsoft.com. IN AAAA ::"
	local-data: "watson.ppe.telemetry.microsoft.com. IN AAAA ::"
	local-data: "watson.telemetry.microsoft.com. IN AAAA ::"
	local-data: "watson.telemetry.microsoft.com.nsatc.net. IN AAAA ::"
	local-data: "wdcp.microsoft.com. IN AAAA ::"
	local-data: "wdcpalt.microsoft.com. IN AAAA ::"
	local-data: "wes.df.telemetry.microsoft.com. IN AAAA ::"

forward-zone:
	name: "."
	forward-addr: 8.8.8.8  #or 1st DNS@Your ISP
	forward-addr: 8.8.4.4 #or 2nd DNS@Your ISP
	forward-addr: 2001:4860:4860::8888 #Google Public DNS #1
	forward-addr: 2001:4860:4860::8844 #Google Public DNS #2

local-data: "hostname IN A 0.0.0.0"の塊部分だけを別ファイルにしてinclude: "local-data.conf" のようにすると管理が少し楽になるかも。

unboundの起動・設定変更後再読込・停止

# /usr/local/etc/rc.d/unbound start      #起動
# /usr/local/etc/rc.d/unbound reload     #設定変更後再読込
# /usr/local/etc/rc.d/unbound stop       #停止

最初の方にも書いたが、LAN内のWindows PCがunboundの動いているサーバで名前解決をしないと意味がない。つまりWindows PCのDNSサーバ指定(変更)を行うこと。
または、DHCPサーバでDNSサーバを指定しているならDHCPサーバの設定1,2行を変更する。なお、Windows PCがDHCPサーバの新しい設定を読み込むまでラグが発生する。
急ぐならDHCPサーバの設定変更後はWindows PCを再起動するか管理者権限のコマンドプロンプトでipconfig /renewしてから、ipconfig /flushdnsでDNSキャッシュを削除する。 DNSサーバが切り替わったことの確認はコマンドプロンプトならnslookup -v www.example.comで行うと分かりやすい。リモートで全台一括ドンって方法は知らない。スンマセン

一応、ファイアウォールに設定を追加して他所で名前解決できないようにしておく方が良いかも。