DNS: Make YouTube configurable for Safe Search

Message ID 20201107125908.1078-1-michael.tremer@ipfire.org
State New
Headers show
Series DNS: Make YouTube configurable for Safe Search | expand

Commit Message

Michael Tremer Nov. 7, 2020, 12:59 p.m. UTC
When safe search is enabled, it is being enabled on YouTube, too.

This creates problems in some scenarios like schools where politics
is being tought as well as other subjects that might be censored by
YouTube (i.e. election TV spots).

Therefore it is now possible to exclude YouTube from Safe Search
but keep it enabled for the search engines.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 doc/language_issues.en         |  1 +
 doc/language_issues.es         |  1 +
 doc/language_issues.fr         |  1 +
 doc/language_issues.it         |  1 +
 doc/language_issues.nl         |  1 +
 doc/language_issues.pl         |  1 +
 doc/language_issues.ru         |  1 +
 doc/language_issues.tr         |  1 +
 doc/language_missings          |  7 ++++
 html/cgi-bin/dns.cgi           | 19 ++++++++++
 langs/de/cgi-bin/de.pl         |  1 +
 langs/en/cgi-bin/en.pl         |  1 +
 src/initscripts/system/unbound | 69 +++++++++++++++++-----------------
 13 files changed, 70 insertions(+), 35 deletions(-)

Patch

diff --git a/doc/language_issues.en b/doc/language_issues.en
index 9efb56a39..6ee7ac034 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -601,6 +601,7 @@  WARNING: untranslated string: dns check failed = DNS check failed
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
diff --git a/doc/language_issues.es b/doc/language_issues.es
index e01f5aa98..a68e232d8 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -897,6 +897,7 @@  WARNING: untranslated string: dns = unknown string
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index b98154eca..60db5a967 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -879,6 +879,7 @@  WARNING: translation string unused: zoneconf val ppp assignment error
 WARNING: translation string unused: zoneconf val vlan amount assignment error
 WARNING: translation string unused: zoneconf val vlan tag assignment error
 WARNING: translation string unused: zoneconf val zoneslave amount error
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
 WARNING: untranslated string: guardian block a host = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 2f41213a8..414adbb9f 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -923,6 +923,7 @@  WARNING: untranslated string: dns = unknown string
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index d486349bc..03ae8d242 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -923,6 +923,7 @@  WARNING: untranslated string: dns = unknown string
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index e01f5aa98..a68e232d8 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -897,6 +897,7 @@  WARNING: untranslated string: dns = unknown string
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index cc2fe7489..26595d1d9 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -901,6 +901,7 @@  WARNING: untranslated string: dns = unknown string
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 99ead4c4a..3b1c99d97 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -900,6 +900,7 @@  WARNING: untranslated string: dns = unknown string
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server
diff --git a/doc/language_missings b/doc/language_missings
index 90f4c2926..2dfa3665f 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -239,6 +239,7 @@ 
 < dns configuration
 < dns could not add server
 < dns enable safe-search
+< dns enable safe-search youtube
 < dnsforward
 < dnsforward add a new entry
 < dnsforward configuration
@@ -950,6 +951,7 @@ 
 < ansi t1.483
 < bewan adsl pci st
 < bewan adsl usb
+< dns enable safe-search youtube
 < g.dtm
 < g.lite
 < upload fcdsl.o
@@ -1052,6 +1054,7 @@ 
 < dns configuration
 < dns could not add server
 < dns enable safe-search
+< dns enable safe-search youtube
 < dns forward disable dnssec
 < dnsforward dnssec disabled
 < dnsforward forward_servers
@@ -1431,6 +1434,7 @@ 
 < dns configuration
 < dns could not add server
 < dns enable safe-search
+< dns enable safe-search youtube
 < dns forward disable dnssec
 < dnsforward dnssec disabled
 < dnsforward forward_servers
@@ -1923,6 +1927,7 @@ 
 < dns configuration
 < dns could not add server
 < dns enable safe-search
+< dns enable safe-search youtube
 < dnsforward
 < dnsforward add a new entry
 < dnsforward configuration
@@ -2792,6 +2797,7 @@ 
 < dns configuration
 < dns could not add server
 < dns enable safe-search
+< dns enable safe-search youtube
 < dnsforward
 < dnsforward add a new entry
 < dnsforward configuration
@@ -3516,6 +3522,7 @@ 
 < dns configuration
 < dns could not add server
 < dns enable safe-search
+< dns enable safe-search youtube
 < dns forward disable dnssec
 < dnsforward dnssec disabled
 < dnsforward forward_servers
diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi
index 0a097e2c0..e406f2b9e 100755
--- a/html/cgi-bin/dns.cgi
+++ b/html/cgi-bin/dns.cgi
@@ -87,6 +87,10 @@  if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
 		$cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
 	}
 
+	if ($cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} ne "on") {
+		$cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} = "off";
+	}
+
 	# Check if using ISP nameservers and TLS is enabled at the same time.
 	if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) {
 		$errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'}
@@ -259,6 +263,7 @@  if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L
 
 # Hash to store the generic DNS settings.
 my %settings = ();
+$settings{"ENABLE_SAFE_SEARCH_YOUTUBE"} = "on";
 
 # Read-in general DNS settings.
 &General::readhash("$settings_file", \%settings);
@@ -313,6 +318,10 @@  $checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
 $checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
 $checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
 
+$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'off'} = '';
+$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'} = '';
+$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{$settings{'ENABLE_SAFE_SEARCH_YOUTUBE'}} = "checked='checked'";
+
 $selected{'PROTO'}{'UDP'} = '';
 $selected{'PROTO'}{'TLS'} = '';
 $selected{'PROTO'}{'TCP'} = '';
@@ -384,6 +393,16 @@  sub show_general_dns_configuration () {
 				</td>
 			</tr>
 
+			<tr>
+				<td width="33%">
+					&raquo; $Lang::tr{'dns enable safe-search youtube'}
+				</td>
+
+				<td>
+					<input type="checkbox" name="ENABLE_SAFE_SEARCH_YOUTUBE" $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'}>
+				</td>
+			</tr>
+
 			<tr>
 				<td colspan="2">
 					<br>
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 6ad0e02c5..016c92be9 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -829,6 +829,7 @@ 
 'dns configuration' => 'DNS-Konfiguration',
 'dns desc' => 'Wenn auf Schnittstelle red0 die IP-Adressinformationen über DHCP vom Provider kommen, werden automatisch die DNS-Server-Adressen des Providers gesetzt. Hier können Sie nun diese mit den eigenen DNS-Server-IP-Adressen überschreiben.',
 'dns enable safe-search' => 'Safe Search via DNS aktivieren',
+'dns enable safe-search youtube' => 'YouTube in Safe Search einbeziehen',
 'dns error 0' => 'Die IP Adresse vom <strong>primären</strong> DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!<br />Die eingegebene <strong>sekundären</strong> DNS Server Adresse ist jedoch gültig.<br />',
 'dns error 01' => 'Die eingegebene IP Adresse des <strong>primären</strong> wie auch des <strong>sekundären</strong> DNS-Servers sind nicht gültig, bitte überprüfen Sie Ihre Eingaben!',
 'dns error 1' => 'Die IP Adresse vom <strong>sekundären</strong> DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!<br />Die eingegebene <strong>primäre</strong> DNS Server Adresse ist jedoch gültig.',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index d00de3d03..b190190d8 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -851,6 +851,7 @@ 
 'dns could not add server' => 'Could not add server - Reason:',
 'dns desc' => 'If the red0 interface gets the IP address information via DHCP from the provider, the DNS server addresses will be set automatically. Now here you are able to change these DNS server IP addresses with your own ones.',
 'dns enable safe-search' => 'Enable Safe Search',
+'dns enable safe-search youtube' => 'Include YouTube in Safe Search',
 'dns error 0' => 'The IP address of the <strong>primary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>secondary</strong> DNS server address is valid.',
 'dns error 01' => 'The entered IP address of the <strong>primary</strong> and <strong>secondary</strong> DNS server are not valid, please check your entries!',
 'dns error 1' => 'The IP address of the <strong>secondary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>primary</strong> DNS server address is valid.',
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index acbf6f5b5..5c5d2e3f4 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -502,45 +502,44 @@  update_safe_search() {
 		unbound-control local_zone_remove "${domain}"
 	done >/dev/null
 
-	# Nothing to do if safe search is not enabled
-	if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
-		return 0
-	fi
-
-	# Bing
-	unbound-control bing.com transparent >/dev/null
-	for address in $(resolve "strict.bing.com"); do
-		unbound-control local_data "www.bing.com ${LOCAL_TTL} IN A ${address}"
-	done >/dev/null
-
-	# DuckDuckGo
-	unbound-control local_zone duckduckgo.com typetransparent >/dev/null
-	for address in $(resolve "safe.duckduckgo.com"); do
-		unbound-control local_data "duckduckgo.com ${LOCAL_TTL} IN A ${address}"
-	done >/dev/null
-
-	# Google
-	local addresses="$(resolve "forcesafesearch.google.com")"
-	for domain in ${google_tlds[@]}; do
-		unbound-control local_zone "${domain}" transparent >/dev/null
-		for address in ${addresses}; do
-			unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}"
+	if [ "${ENABLE_SAFE_SEARCH}" = "on" ]; then
+		# Bing
+		unbound-control bing.com transparent >/dev/null
+		for address in $(resolve "strict.bing.com"); do
+			unbound-control local_data "www.bing.com ${LOCAL_TTL} IN A ${address}"
 		done >/dev/null
-	done
 
-	# Yandex
-	for domain in yandex.com yandex.ru; do
-		unbound-control local_zone "${domain}" typetransparent >/dev/null
-		for address in $(resolve "familysearch.${domain}"); do
-			unbound-control local_data "${domain} ${LOCAL_TTL} IN A ${address}"
+		# DuckDuckGo
+		unbound-control local_zone duckduckgo.com typetransparent >/dev/null
+		for address in $(resolve "safe.duckduckgo.com"); do
+			unbound-control local_data "duckduckgo.com ${LOCAL_TTL} IN A ${address}"
 		done >/dev/null
-	done
 
-	# YouTube
-	unbound-control local_zone youtube.com transparent >/dev/null
-	for address in $(resolve "restrictmoderate.youtube.com"); do
-		unbound-control local_data "www.youtube.com ${LOCAL_TTL} IN A ${address}"
-	done >/dev/null
+		# Google
+		local addresses="$(resolve "forcesafesearch.google.com")"
+		for domain in ${google_tlds[@]}; do
+			unbound-control local_zone "${domain}" transparent >/dev/null
+			for address in ${addresses}; do
+				unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}"
+			done >/dev/null
+		done
+
+		# Yandex
+		for domain in yandex.com yandex.ru; do
+			unbound-control local_zone "${domain}" typetransparent >/dev/null
+			for address in $(resolve "familysearch.${domain}"); do
+				unbound-control local_data "${domain} ${LOCAL_TTL} IN A ${address}"
+			done >/dev/null
+		done
+
+		# YouTube
+		if [ "${ENABLE_SAFE_SEARCH_YOUTUBE}" = "on" ]; then
+			unbound-control local_zone youtube.com transparent >/dev/null
+			for address in $(resolve "restrictmoderate.youtube.com"); do
+				unbound-control local_data "www.youtube.com ${LOCAL_TTL} IN A ${address}"
+			done >/dev/null
+		fi
+	fi
 
 	return 0
 }