I run my OpenWRT without dnsmasq; using unbound for DNS and full odhcpd. It is setup with native UCI configuration as documented in the "Unbound and odhcpd" section:
The following one-liner will create static entries for domain domains in the tmp unbound_srv.conf file, causing it to return NXDOMAIN:
(
cat /etc/unbound/unbound_srv.conf>/tmp/lib/unbound/unbound_srv.conf;
hosts=`curl -s https://v.firebog.net/hosts/lists.php?type=tick`;
for url in $hosts; do curl -s $url | \
awk '/^\w/&&match($0,/([a-zA-Z0-9_-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z-]{2,63}\.?/){print tolower(substr($0,RSTART,RLENGTH))}';
done | sort -u | xargs -n1 printf 'local-zone:"%s"static\n'>>/tmp/lib/unbound/unbound_srv.conf;
unbound-control reload;
}&
This is a simple lean setup, without extra packages, for folks that don't mind scripting and don't want extra packages installed. I stuck that script into /etc/rc.local and run it weekly. Note that files inside "/tmp/lib/unbound/*" are re-created if unbound is restarted (not reloaded).
If you like to main you own blacklist, you can simply replace that second "hosts" line with your own lists in this manner:
hosts="
http://someonewhocares.org/hosts/hosts
http://sysctl.org/cameleon/hosts
http://winhelp2002.mvps.org/hosts.txt
";
If you're using dnsmasq, it will read any hosts file stored inside /tmp/hosts/* (if I remembered correct). So the script can be modified to create v4 and v6 hosts files in that folder this way:
(
hosts=`curl -s https://v.firebog.net/hosts/lists.php?type=tick`;
for url in $hosts; do curl -s $url | \
awk '/^\w/&&match($0,/([a-zA-Z0-9_-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z-]{2,63}\.?/){print tolower(substr($0,RSTART,RLENGTH))}';
done | sort -u | xargs -n2 printf '%s 0.0.0.0\n%s ::\n'>/tmp/hosts/blocked.hosts;
/etc/init.d/dnsmasq restart;
}&