I apologize in advance for the disclaimer that gets attached to my outbound email..
:P tl;dr: Unbound is fine, it's Sophos.. We also have Sophos here, and sophos does a txt lookup for each url your users are visiting. It's some sort of 'web filter' option on Sophos.. my 0.02 I find Sophos to be a terrible product for us.. I can't recall it actually stopping anything or being able to clean anything.. This is how I dealt with that.. local-zone: "sophosxl.net" refuse local-data: 'sophosxl.net. TXT "Served from 10.20.8.29"' https://glot.io/snippets/ffx5lfimnp unbound logs @glot host -t txt 3.1o19sr00n1360n34p37499pqr8o552qs855pq81p68713n35r649770nq4qp5n2.116p5r741p936393648s247p01n84noqq0oq6s5r26o4r40022qs29603rro0n7.r9074nqr24s1qo654o3pp76q82922p07np.nr1p4618o93s63o3or8r812008np292oqr505169.i.00.s.sophosxl.net. 9.9.9.9 gives an answer.. "x c" ymmv -- This message may contain confidential information and is intended only for the individual(s) named. If you are not an intended recipient you are not authorized to disseminate, distribute or copy this e-mail. Please notify the sender immediately if you have received this e-mail by mistake and delete this e-mail from your system.
