Figured it out
server:
module-config: "respip validator iterator"
rpz:
name: adguard-cname-cloak
zonefile: zonefiles/adguard-cname-cloak.zone
url: https://raw.githubusercontent.com/AdguardTeam/cname-trackers/master/combined_disguised_trackers_rpz.txt
rpz-action-override: nxdomain
rpz-log: yes
rpz-log-name: adguard-cname-cloak
Unbound now logging blocked domains
[34470:3] info: RPZ applied [adguard-cname-cloak] a8.looop-denki.com. nxdomain 10.0.0.2@42033 a8.looop-denki.com. A IN
dig reponse
; <<>> DiG 9.16.25 <<>> a8.looop-denki.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12872
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;a8.looop-denki.com. IN A