[RFC,1/8] unbound: Add switch to enable Google Safe Search
Commit Message
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
src/initscripts/system/unbound | 215 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 215 insertions(+)
Comments
Hi,
Hm. Did I miss something?
Testing the Safesearch-Feature gives me:
"Hmm. We’re having trouble finding that site.
We can’t connect to the server at www.google.de."
=> I can't connect to ANY of the now "safe searching" search engines.
Only https://yandex.ru/ works...
Best,
Matthias
On 30.04.2019 18:16, Michael Tremer wrote:
> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
> ---
> src/initscripts/system/unbound | 215 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 215 insertions(+)
>
> diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
> index fbb096e0d..4ac8331dc 100644
> --- a/src/initscripts/system/unbound
> +++ b/src/initscripts/system/unbound
> @@ -14,6 +14,7 @@ TEST_DOMAIN_FAIL="dnssec-failed.org"
>
> INSECURE_ZONES=
> USE_FORWARDERS=1
> +ENABLE_SAFE_SEARCH=off
>
> # Cache any local zones for 60 seconds
> LOCAL_TTL=60
> @@ -21,6 +22,202 @@ LOCAL_TTL=60
> # EDNS buffer size
> EDNS_DEFAULT_BUFFER_SIZE=4096
>
> +GOOGLE_TLDS=(
> + google.ad
> + google.ae
> + google.al
> + google.am
> + google.as
> + google.at
> + google.az
> + google.ba
> + google.be
> + google.bf
> + google.bg
> + google.bi
> + google.bj
> + google.bs
> + google.bt
> + google.by
> + google.ca
> + google.cat
> + google.cd
> + google.cf
> + google.cg
> + google.ch
> + google.ci
> + google.cl
> + google.cm
> + google.cn
> + google.co.ao
> + google.co.bw
> + google.co.ck
> + google.co.cr
> + google.co.id
> + google.co.il
> + google.co.in
> + google.co.jp
> + google.co.ke
> + google.co.kr
> + google.co.ls
> + google.com
> + google.co.ma
> + google.com.af
> + google.com.ag
> + google.com.ai
> + google.com.ar
> + google.com.au
> + google.com.bd
> + google.com.bh
> + google.com.bn
> + google.com.bo
> + google.com.br
> + google.com.bz
> + google.com.co
> + google.com.cu
> + google.com.cy
> + google.com.do
> + google.com.ec
> + google.com.eg
> + google.com.et
> + google.com.fj
> + google.com.gh
> + google.com.gi
> + google.com.gt
> + google.com.hk
> + google.com.jm
> + google.com.kh
> + google.com.kw
> + google.com.lb
> + google.com.ly
> + google.com.mm
> + google.com.mt
> + google.com.mx
> + google.com.my
> + google.com.na
> + google.com.nf
> + google.com.ng
> + google.com.ni
> + google.com.np
> + google.com.om
> + google.com.pa
> + google.com.pe
> + google.com.pg
> + google.com.ph
> + google.com.pk
> + google.com.pr
> + google.com.py
> + google.com.qa
> + google.com.sa
> + google.com.sb
> + google.com.sg
> + google.com.sl
> + google.com.sv
> + google.com.tj
> + google.com.tr
> + google.com.tw
> + google.com.ua
> + google.com.uy
> + google.com.vc
> + google.com.vn
> + google.co.mz
> + google.co.nz
> + google.co.th
> + google.co.tz
> + google.co.ug
> + google.co.uk
> + google.co.uz
> + google.co.ve
> + google.co.vi
> + google.co.za
> + google.co.zm
> + google.co.zw
> + google.cv
> + google.cz
> + google.de
> + google.dj
> + google.dk
> + google.dm
> + google.dz
> + google.ee
> + google.es
> + google.fi
> + google.fm
> + google.fr
> + google.ga
> + google.ge
> + google.gg
> + google.gl
> + google.gm
> + google.gp
> + google.gr
> + google.gy
> + google.hn
> + google.hr
> + google.ht
> + google.hu
> + google.ie
> + google.im
> + google.iq
> + google.is
> + google.it
> + google.je
> + google.jo
> + google.kg
> + google.ki
> + google.kz
> + google.la
> + google.li
> + google.lk
> + google.lt
> + google.lu
> + google.lv
> + google.md
> + google.me
> + google.mg
> + google.mk
> + google.ml
> + google.mn
> + google.ms
> + google.mu
> + google.mv
> + google.mw
> + google.ne
> + google.nl
> + google.no
> + google.nr
> + google.nu
> + google.pl
> + google.pn
> + google.ps
> + google.pt
> + google.ro
> + google.rs
> + google.ru
> + google.rw
> + google.sc
> + google.se
> + google.sh
> + google.si
> + google.sk
> + google.sm
> + google.sn
> + google.so
> + google.sr
> + google.st
> + google.td
> + google.tg
> + google.tk
> + google.tl
> + google.tm
> + google.tn
> + google.to
> + google.tt
> + google.vg
> + google.vu
> + google.ws
> +)
> +
> # Load optional configuration
> [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
>
> @@ -481,6 +678,21 @@ fix_time_if_dns_fail() {
> fi
> }
>
> +# Sets up Safe Search for various search engines
> +setup_safe_search() {
> + # Nothing to do if safe search is not enabled
> + if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
> + return 0
> + fi
> +
> + local domain
> +
> + # Google
> + for domain in ${GOOGLE_TLDS[@]}; do
> + unbound-control local_data "${domain} CNAME forcesafesearch.google.com."
> + done
> +}
> +
> case "$1" in
> start)
> # Print a nicer messagen when unbound is already running
> @@ -501,6 +713,9 @@ case "$1" in
> # Make own hostname resolveable
> own_hostname
>
> + # Setup Safe Search
> + setup_safe_search
> +
> # Update any known forwarding name servers
> update_forwarders
>
>
Hi,
What happens when you run “dig google.com” on the console?
The zones should be transparent and resolve any names that are not overlayed by the user-data.
-Michael
> On 1 May 2019, at 15:11, Matthias Fischer <matthias.fischer@ipfire.org> wrote:
>
> Hi,
>
> Hm. Did I miss something?
>
> Testing the Safesearch-Feature gives me:
>
> "Hmm. We’re having trouble finding that site.
>
> We can’t connect to the server at www.google.de."
>
> => I can't connect to ANY of the now "safe searching" search engines.
>
> Only https://yandex.ru/ works...
>
> Best,
> Matthias
>
> On 30.04.2019 18:16, Michael Tremer wrote:
>> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
>> ---
>> src/initscripts/system/unbound | 215 +++++++++++++++++++++++++++++++++++++++++
>> 1 file changed, 215 insertions(+)
>>
>> diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
>> index fbb096e0d..4ac8331dc 100644
>> --- a/src/initscripts/system/unbound
>> +++ b/src/initscripts/system/unbound
>> @@ -14,6 +14,7 @@ TEST_DOMAIN_FAIL="dnssec-failed.org"
>>
>> INSECURE_ZONES=
>> USE_FORWARDERS=1
>> +ENABLE_SAFE_SEARCH=off
>>
>> # Cache any local zones for 60 seconds
>> LOCAL_TTL=60
>> @@ -21,6 +22,202 @@ LOCAL_TTL=60
>> # EDNS buffer size
>> EDNS_DEFAULT_BUFFER_SIZE=4096
>>
>> +GOOGLE_TLDS=(
>> + google.ad
>> + google.ae
>> + google.al
>> + google.am
>> + google.as
>> + google.at
>> + google.az
>> + google.ba
>> + google.be
>> + google.bf
>> + google.bg
>> + google.bi
>> + google.bj
>> + google.bs
>> + google.bt
>> + google.by
>> + google.ca
>> + google.cat
>> + google.cd
>> + google.cf
>> + google.cg
>> + google.ch
>> + google.ci
>> + google.cl
>> + google.cm
>> + google.cn
>> + google.co.ao
>> + google.co.bw
>> + google.co.ck
>> + google.co.cr
>> + google.co.id
>> + google.co.il
>> + google.co.in
>> + google.co.jp
>> + google.co.ke
>> + google.co.kr
>> + google.co.ls
>> + google.com
>> + google.co.ma
>> + google.com.af
>> + google.com.ag
>> + google.com.ai
>> + google.com.ar
>> + google.com.au
>> + google.com.bd
>> + google.com.bh
>> + google.com.bn
>> + google.com.bo
>> + google.com.br
>> + google.com.bz
>> + google.com.co
>> + google.com.cu
>> + google.com.cy
>> + google.com.do
>> + google.com.ec
>> + google.com.eg
>> + google.com.et
>> + google.com.fj
>> + google.com.gh
>> + google.com.gi
>> + google.com.gt
>> + google.com.hk
>> + google.com.jm
>> + google.com.kh
>> + google.com.kw
>> + google.com.lb
>> + google.com.ly
>> + google.com.mm
>> + google.com.mt
>> + google.com.mx
>> + google.com.my
>> + google.com.na
>> + google.com.nf
>> + google.com.ng
>> + google.com.ni
>> + google.com.np
>> + google.com.om
>> + google.com.pa
>> + google.com.pe
>> + google.com.pg
>> + google.com.ph
>> + google.com.pk
>> + google.com.pr
>> + google.com.py
>> + google.com.qa
>> + google.com.sa
>> + google.com.sb
>> + google.com.sg
>> + google.com.sl
>> + google.com.sv
>> + google.com.tj
>> + google.com.tr
>> + google.com.tw
>> + google.com.ua
>> + google.com.uy
>> + google.com.vc
>> + google.com.vn
>> + google.co.mz
>> + google.co.nz
>> + google.co.th
>> + google.co.tz
>> + google.co.ug
>> + google.co.uk
>> + google.co.uz
>> + google.co.ve
>> + google.co.vi
>> + google.co.za
>> + google.co.zm
>> + google.co.zw
>> + google.cv
>> + google.cz
>> + google.de
>> + google.dj
>> + google.dk
>> + google.dm
>> + google.dz
>> + google.ee
>> + google.es
>> + google.fi
>> + google.fm
>> + google.fr
>> + google.ga
>> + google.ge
>> + google.gg
>> + google.gl
>> + google.gm
>> + google.gp
>> + google.gr
>> + google.gy
>> + google.hn
>> + google.hr
>> + google.ht
>> + google.hu
>> + google.ie
>> + google.im
>> + google.iq
>> + google.is
>> + google.it
>> + google.je
>> + google.jo
>> + google.kg
>> + google.ki
>> + google.kz
>> + google.la
>> + google.li
>> + google.lk
>> + google.lt
>> + google.lu
>> + google.lv
>> + google.md
>> + google.me
>> + google.mg
>> + google.mk
>> + google.ml
>> + google.mn
>> + google.ms
>> + google.mu
>> + google.mv
>> + google.mw
>> + google.ne
>> + google.nl
>> + google.no
>> + google.nr
>> + google.nu
>> + google.pl
>> + google.pn
>> + google.ps
>> + google.pt
>> + google.ro
>> + google.rs
>> + google.ru
>> + google.rw
>> + google.sc
>> + google.se
>> + google.sh
>> + google.si
>> + google.sk
>> + google.sm
>> + google.sn
>> + google.so
>> + google.sr
>> + google.st
>> + google.td
>> + google.tg
>> + google.tk
>> + google.tl
>> + google.tm
>> + google.tn
>> + google.to
>> + google.tt
>> + google.vg
>> + google.vu
>> + google.ws
>> +)
>> +
>> # Load optional configuration
>> [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
>>
>> @@ -481,6 +678,21 @@ fix_time_if_dns_fail() {
>> fi
>> }
>>
>> +# Sets up Safe Search for various search engines
>> +setup_safe_search() {
>> + # Nothing to do if safe search is not enabled
>> + if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
>> + return 0
>> + fi
>> +
>> + local domain
>> +
>> + # Google
>> + for domain in ${GOOGLE_TLDS[@]}; do
>> + unbound-control local_data "${domain} CNAME forcesafesearch.google.com."
>> + done
>> +}
>> +
>> case "$1" in
>> start)
>> # Print a nicer messagen when unbound is already running
>> @@ -501,6 +713,9 @@ case "$1" in
>> # Make own hostname resolveable
>> own_hostname
>>
>> + # Setup Safe Search
>> + setup_safe_search
>> +
>> # Update any known forwarding name servers
>> update_forwarders
>>
>>
>
@@ -14,6 +14,7 @@ TEST_DOMAIN_FAIL="dnssec-failed.org"
INSECURE_ZONES=
USE_FORWARDERS=1
+ENABLE_SAFE_SEARCH=off
# Cache any local zones for 60 seconds
LOCAL_TTL=60
@@ -21,6 +22,202 @@ LOCAL_TTL=60
# EDNS buffer size
EDNS_DEFAULT_BUFFER_SIZE=4096
+GOOGLE_TLDS=(
+ google.ad
+ google.ae
+ google.al
+ google.am
+ google.as
+ google.at
+ google.az
+ google.ba
+ google.be
+ google.bf
+ google.bg
+ google.bi
+ google.bj
+ google.bs
+ google.bt
+ google.by
+ google.ca
+ google.cat
+ google.cd
+ google.cf
+ google.cg
+ google.ch
+ google.ci
+ google.cl
+ google.cm
+ google.cn
+ google.co.ao
+ google.co.bw
+ google.co.ck
+ google.co.cr
+ google.co.id
+ google.co.il
+ google.co.in
+ google.co.jp
+ google.co.ke
+ google.co.kr
+ google.co.ls
+ google.com
+ google.co.ma
+ google.com.af
+ google.com.ag
+ google.com.ai
+ google.com.ar
+ google.com.au
+ google.com.bd
+ google.com.bh
+ google.com.bn
+ google.com.bo
+ google.com.br
+ google.com.bz
+ google.com.co
+ google.com.cu
+ google.com.cy
+ google.com.do
+ google.com.ec
+ google.com.eg
+ google.com.et
+ google.com.fj
+ google.com.gh
+ google.com.gi
+ google.com.gt
+ google.com.hk
+ google.com.jm
+ google.com.kh
+ google.com.kw
+ google.com.lb
+ google.com.ly
+ google.com.mm
+ google.com.mt
+ google.com.mx
+ google.com.my
+ google.com.na
+ google.com.nf
+ google.com.ng
+ google.com.ni
+ google.com.np
+ google.com.om
+ google.com.pa
+ google.com.pe
+ google.com.pg
+ google.com.ph
+ google.com.pk
+ google.com.pr
+ google.com.py
+ google.com.qa
+ google.com.sa
+ google.com.sb
+ google.com.sg
+ google.com.sl
+ google.com.sv
+ google.com.tj
+ google.com.tr
+ google.com.tw
+ google.com.ua
+ google.com.uy
+ google.com.vc
+ google.com.vn
+ google.co.mz
+ google.co.nz
+ google.co.th
+ google.co.tz
+ google.co.ug
+ google.co.uk
+ google.co.uz
+ google.co.ve
+ google.co.vi
+ google.co.za
+ google.co.zm
+ google.co.zw
+ google.cv
+ google.cz
+ google.de
+ google.dj
+ google.dk
+ google.dm
+ google.dz
+ google.ee
+ google.es
+ google.fi
+ google.fm
+ google.fr
+ google.ga
+ google.ge
+ google.gg
+ google.gl
+ google.gm
+ google.gp
+ google.gr
+ google.gy
+ google.hn
+ google.hr
+ google.ht
+ google.hu
+ google.ie
+ google.im
+ google.iq
+ google.is
+ google.it
+ google.je
+ google.jo
+ google.kg
+ google.ki
+ google.kz
+ google.la
+ google.li
+ google.lk
+ google.lt
+ google.lu
+ google.lv
+ google.md
+ google.me
+ google.mg
+ google.mk
+ google.ml
+ google.mn
+ google.ms
+ google.mu
+ google.mv
+ google.mw
+ google.ne
+ google.nl
+ google.no
+ google.nr
+ google.nu
+ google.pl
+ google.pn
+ google.ps
+ google.pt
+ google.ro
+ google.rs
+ google.ru
+ google.rw
+ google.sc
+ google.se
+ google.sh
+ google.si
+ google.sk
+ google.sm
+ google.sn
+ google.so
+ google.sr
+ google.st
+ google.td
+ google.tg
+ google.tk
+ google.tl
+ google.tm
+ google.tn
+ google.to
+ google.tt
+ google.vg
+ google.vu
+ google.ws
+)
+
# Load optional configuration
[ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
@@ -481,6 +678,21 @@ fix_time_if_dns_fail() {
fi
}
+# Sets up Safe Search for various search engines
+setup_safe_search() {
+ # Nothing to do if safe search is not enabled
+ if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
+ return 0
+ fi
+
+ local domain
+
+ # Google
+ for domain in ${GOOGLE_TLDS[@]}; do
+ unbound-control local_data "${domain} CNAME forcesafesearch.google.com."
+ done
+}
+
case "$1" in
start)
# Print a nicer messagen when unbound is already running
@@ -501,6 +713,9 @@ case "$1" in
# Make own hostname resolveable
own_hostname
+ # Setup Safe Search
+ setup_safe_search
+
# Update any known forwarding name servers
update_forwarders