Enable youtube restrict mode for some users using DNS Resolver?

aGeekhere

I am trying to have some users use restrictmoderate.youtube.com in the DNS Resolver
So far i have tried

# Access control view definitions:
# These rules assign client IP addresses to specific views.
# Clients matching these IPs will use the "unrestricted-youtube" view.
# All other clients will fall into the default view, which we'll configure as "restricted-youtube".
access-control-view: 192.168.1.100/32 unrestricted-youtube  # Example: Single IP (e.g., your admin PC)

server:
    # Global server options (from default config)
    local-zone: "use-application-dns.net" always_nxdomain
    include: /var/unbound/pfb_dnsbl.*conf

    # Define the 'restricted-youtube' view
    # This view will be the default for clients not explicitly assigned to 'unrestricted-youtube'.
    view: "restricted-youtube"
        # Force YouTube Restricted Mode (Moderate) for these clients
        # Pointing YouTube domains directly to the restrictmoderate.youtube.com IP (216.239.38.119)
        local-data: "youtube.com A 216.239.38.119"
        local-data: "www.youtube.com A 216.239.38.119"
        local-data: "m.youtube.com A 216.239.38.119"
        local-data: "youtubekids.com A 216.239.38.119"
        local-data: "youtubego.com A 216.239.38.119"
        local-data: "ytimg.com A 216.239.38.119"
        local-data: "youtu.be A 216.239.38.119"
        # Additional domains for comprehensive coverage
        local-data: "youtubei.googleapis.com A 216.239.38.119"
        local-data: "youtube.googleapis.com A 216.239.38.119"
        local-data: "www.youtube-nocookie.com A 216.239.38.119"

    # Define the 'unrestricted-youtube' view
    # Clients assigned to this view will have normal (unfiltered) YouTube access.
    view: "unrestricted-youtube"
        # No local-data for YouTube domains here, so they will resolve normally via upstream DNS.
        # This view inherits all global server settings not explicitly overridden here.

and

access-control-view: 192.168.1.100/32 unrestricted_youtube
access-control-view: 0.0.0.0/0 restricted_youtube

view:
    name: restricted_youtube
    view-first: yes
    local-zone: "use-application-dns.net" always_nxdomain
    local-data: "youtube.com A 216.239.38.119"
    local-data: "www.youtube.com A 216.239.38.119"
    local-data: "m.youtube.com A 216.239.38.119"
    local-data: "youtubekids.com A 216.239.38.119"
    local-data: "youtubego.com A 216.239.38.119"
    local-data: "ytimg.com A 216.239.38.119"
    local-data: "youtu.be A 216.239.38.119"
    local-data: "youtubei.googleapis.com A 216.239.38.119"
    local-data: "youtube.googleapis.com A 216.239.38.119"
    local-data: "www.youtube-nocookie.com A 216.239.38.119"

view:
    name: unrestricted_youtube
    view-first: yes
    local-zone: "use-application-dns.net" always_nxdomain

With issues as i am not sure if view is fully supported.

I do not want to bypass the DNS Resolver as i have other host overrides i want users to use.

Am i close ?

Gertjan

@aGeekhere

When I read several "unbound access-control-view" I'm pretty certain that "access-control-view:" needs to be placed in a server: block :

server:
     access-control-view: 192.168.1.100/32 unrestricted_youtube
     access-control-view: 0.0.0.0/0 restricted_youtube
....

What I'm not sure about : you use IPs fro youtube resources.
This :

local-data: "youtube.com A 216.239.38.119"

might be true for one moment, and the next moment it's another IP, as Youtube uses many (like : a lot) of IPs so they can do load sharing, prtect against DOS, update/upgrade their servers in real time.
And : protect themselves against people that try to limit the access to their services ^^