[RFC,4/8] unbound: Move Safe Search zone setup to configurationfile
Commit Message
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
config/unbound/unbound.conf | 3 +
src/initscripts/system/unbound | 431 +++++++++++++++++++++--------------------
2 files changed, 221 insertions(+), 213 deletions(-)
@@ -81,6 +81,9 @@ server:
# Include any forward zones
include: "/etc/unbound/forward.conf"
+ # Include safe search settings
+ include: "/etc/unbound/safe-search.conf"
+
remote-control:
control-enable: yes
control-use-cert: no
@@ -22,202 +22,6 @@ LOCAL_TTL=60
# EDNS buffer size
EDNS_DEFAULT_BUFFER_SIZE=4096
-GOOGLE_TLDS=(
- google.ad
- google.ae
- google.al
- google.am
- google.as
- google.at
- google.az
- google.ba
- google.be
- google.bf
- google.bg
- google.bi
- google.bj
- google.bs
- google.bt
- google.by
- google.ca
- google.cat
- google.cd
- google.cf
- google.cg
- google.ch
- google.ci
- google.cl
- google.cm
- google.cn
- google.co.ao
- google.co.bw
- google.co.ck
- google.co.cr
- google.co.id
- google.co.il
- google.co.in
- google.co.jp
- google.co.ke
- google.co.kr
- google.co.ls
- google.com
- google.co.ma
- google.com.af
- google.com.ag
- google.com.ai
- google.com.ar
- google.com.au
- google.com.bd
- google.com.bh
- google.com.bn
- google.com.bo
- google.com.br
- google.com.bz
- google.com.co
- google.com.cu
- google.com.cy
- google.com.do
- google.com.ec
- google.com.eg
- google.com.et
- google.com.fj
- google.com.gh
- google.com.gi
- google.com.gt
- google.com.hk
- google.com.jm
- google.com.kh
- google.com.kw
- google.com.lb
- google.com.ly
- google.com.mm
- google.com.mt
- google.com.mx
- google.com.my
- google.com.na
- google.com.nf
- google.com.ng
- google.com.ni
- google.com.np
- google.com.om
- google.com.pa
- google.com.pe
- google.com.pg
- google.com.ph
- google.com.pk
- google.com.pr
- google.com.py
- google.com.qa
- google.com.sa
- google.com.sb
- google.com.sg
- google.com.sl
- google.com.sv
- google.com.tj
- google.com.tr
- google.com.tw
- google.com.ua
- google.com.uy
- google.com.vc
- google.com.vn
- google.co.mz
- google.co.nz
- google.co.th
- google.co.tz
- google.co.ug
- google.co.uk
- google.co.uz
- google.co.ve
- google.co.vi
- google.co.za
- google.co.zm
- google.co.zw
- google.cv
- google.cz
- google.de
- google.dj
- google.dk
- google.dm
- google.dz
- google.ee
- google.es
- google.fi
- google.fm
- google.fr
- google.ga
- google.ge
- google.gg
- google.gl
- google.gm
- google.gp
- google.gr
- google.gy
- google.hn
- google.hr
- google.ht
- google.hu
- google.ie
- google.im
- google.iq
- google.is
- google.it
- google.je
- google.jo
- google.kg
- google.ki
- google.kz
- google.la
- google.li
- google.lk
- google.lt
- google.lu
- google.lv
- google.md
- google.me
- google.mg
- google.mk
- google.ml
- google.mn
- google.ms
- google.mu
- google.mv
- google.mw
- google.ne
- google.nl
- google.no
- google.nr
- google.nu
- google.pl
- google.pn
- google.ps
- google.pt
- google.ro
- google.rs
- google.ru
- google.rw
- google.sc
- google.se
- google.sh
- google.si
- google.sk
- google.sm
- google.sn
- google.so
- google.sr
- google.st
- google.td
- google.tg
- google.tk
- google.tl
- google.tm
- google.tn
- google.to
- google.tt
- google.vg
- google.vu
- google.ws
-)
-
# Load optional configuration
[ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
@@ -679,24 +483,227 @@ fix_time_if_dns_fail() {
}
# Sets up Safe Search for various search engines
-setup_safe_search() {
- # Nothing to do if safe search is not enabled
- if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
- return 0
- fi
+write_safe_search_conf() {
+ local google_tlds=(
+ google.ad
+ google.ae
+ google.al
+ google.am
+ google.as
+ google.at
+ google.az
+ google.ba
+ google.be
+ google.bf
+ google.bg
+ google.bi
+ google.bj
+ google.bs
+ google.bt
+ google.by
+ google.ca
+ google.cat
+ google.cd
+ google.cf
+ google.cg
+ google.ch
+ google.ci
+ google.cl
+ google.cm
+ google.cn
+ google.co.ao
+ google.co.bw
+ google.co.ck
+ google.co.cr
+ google.co.id
+ google.co.il
+ google.co.in
+ google.co.jp
+ google.co.ke
+ google.co.kr
+ google.co.ls
+ google.com
+ google.co.ma
+ google.com.af
+ google.com.ag
+ google.com.ai
+ google.com.ar
+ google.com.au
+ google.com.bd
+ google.com.bh
+ google.com.bn
+ google.com.bo
+ google.com.br
+ google.com.bz
+ google.com.co
+ google.com.cu
+ google.com.cy
+ google.com.do
+ google.com.ec
+ google.com.eg
+ google.com.et
+ google.com.fj
+ google.com.gh
+ google.com.gi
+ google.com.gt
+ google.com.hk
+ google.com.jm
+ google.com.kh
+ google.com.kw
+ google.com.lb
+ google.com.ly
+ google.com.mm
+ google.com.mt
+ google.com.mx
+ google.com.my
+ google.com.na
+ google.com.nf
+ google.com.ng
+ google.com.ni
+ google.com.np
+ google.com.om
+ google.com.pa
+ google.com.pe
+ google.com.pg
+ google.com.ph
+ google.com.pk
+ google.com.pr
+ google.com.py
+ google.com.qa
+ google.com.sa
+ google.com.sb
+ google.com.sg
+ google.com.sl
+ google.com.sv
+ google.com.tj
+ google.com.tr
+ google.com.tw
+ google.com.ua
+ google.com.uy
+ google.com.vc
+ google.com.vn
+ google.co.mz
+ google.co.nz
+ google.co.th
+ google.co.tz
+ google.co.ug
+ google.co.uk
+ google.co.uz
+ google.co.ve
+ google.co.vi
+ google.co.za
+ google.co.zm
+ google.co.zw
+ google.cv
+ google.cz
+ google.de
+ google.dj
+ google.dk
+ google.dm
+ google.dz
+ google.ee
+ google.es
+ google.fi
+ google.fm
+ google.fr
+ google.ga
+ google.ge
+ google.gg
+ google.gl
+ google.gm
+ google.gp
+ google.gr
+ google.gy
+ google.hn
+ google.hr
+ google.ht
+ google.hu
+ google.ie
+ google.im
+ google.iq
+ google.is
+ google.it
+ google.je
+ google.jo
+ google.kg
+ google.ki
+ google.kz
+ google.la
+ google.li
+ google.lk
+ google.lt
+ google.lu
+ google.lv
+ google.md
+ google.me
+ google.mg
+ google.mk
+ google.ml
+ google.mn
+ google.ms
+ google.mu
+ google.mv
+ google.mw
+ google.ne
+ google.nl
+ google.no
+ google.nr
+ google.nu
+ google.pl
+ google.pn
+ google.ps
+ google.pt
+ google.ro
+ google.rs
+ google.ru
+ google.rw
+ google.sc
+ google.se
+ google.sh
+ google.si
+ google.sk
+ google.sm
+ google.sn
+ google.so
+ google.sr
+ google.st
+ google.td
+ google.tg
+ google.tk
+ google.tl
+ google.tm
+ google.tn
+ google.to
+ google.tt
+ google.vg
+ google.vu
+ google.ws
+ )
+
+ (
+ # Nothing to do if safe search is not enabled
+ if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
+ exit 0
+ fi
- local domain
+ # This all belongs into the server: section
+ echo "server:"
- # Bing
- unbound-control local_data "bind.com CNAME strict.bing.com."
+ # Bing
+ echo " local-zone: bing.com transparent"
+ echo " local-data: \"bing.com CNAME strict.bing.com.\""
- # DuckDuckGo
- unbound-control local_data "duckduckgo.com CNAME safe.duckduckgo.com."
+ # DuckDuckGo
+ echo " local-zone: duckduckgo.com transparent"
+ echo " local-data: \"duckduckgo.com CNAME safe.duckduckgo.com.\""
- # Google
- for domain in ${GOOGLE_TLDS[@]}; do
- unbound-control local_data "${domain} CNAME forcesafesearch.google.com."
- done
+ # Google
+ local domain
+ for domain in ${google_tlds[@]}; do
+ echo " local-zone: ${domain} transparent"
+ echo " local-data: \"${domain} CNAME forcesafesearch.google.com.\""
+ done
+ ) > /etc/unbound/safe-search.conf
}
case "$1" in
@@ -712,6 +719,7 @@ case "$1" in
# Update configuration files
write_tuning_conf
write_forward_conf
+ write_safe_search_conf
boot_mesg "Starting Unbound DNS Proxy..."
loadproc /usr/sbin/unbound || exit $?
@@ -719,9 +727,6 @@ case "$1" in
# Make own hostname resolveable
own_hostname
- # Setup Safe Search
- setup_safe_search
-
# Update any known forwarding name servers
update_forwarders