From patchwork Sat Nov 7 12:59:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 3646 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CSy515d5Jz3wlL for ; Sat, 7 Nov 2020 12:59:17 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CSy506JYCz18q; Sat, 7 Nov 2020 12:59:16 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CSy504xwhz2xnn; Sat, 7 Nov 2020 12:59:16 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CSy500ZSNz2xbY for ; Sat, 7 Nov 2020 12:59:16 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CSy4y60SCzfk; Sat, 7 Nov 2020 12:59:14 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1604753954; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GleSOWeDkjuir6LhGVJeCKwchXUwLOjwMUgyt33lz1A=; b=cb9/aLunBkVqVJbo01jUSUXrV1pVaUIiW7Rubb/45KCX34+jtno/bcfftN1aEuDx329lo+ GlhywYiVlcNJ7tDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1604753954; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GleSOWeDkjuir6LhGVJeCKwchXUwLOjwMUgyt33lz1A=; b=uF2BqFRJScbsg68PWVf4Sr4XBETwzGHfc2O1UrJFclEyTM+W7kKn8oBkFDG3TSVTA/c6pM SDENUPwHyhF3YxR3E8mKXZDbvZqHB2XzPn1RPmbiMTAKF0/g5vohNBG29b15L0skdn6IIQ iGBL5O+PVwy3HR0yzcw4aA83vSCsvJITE8JG2Se/mcIw61GCY2JWr3NhALt15t0M4ILhgs S06kDrtLLaxTZYHu+aVqWEIDQXXdnO6B0aC+EYoRP4LKDWus6clootcnnxeL3dRSi8f/Ll 9XO4m336fHNfcYyg0WcflfQEkUPkiYJZlj9yN+6PFgmaqGpQ84I3Icy+yZX/8Q== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH] DNS: Make YouTube configurable for Safe Search Date: Sat, 7 Nov 2020 12:59:08 +0000 Message-Id: <20201107125908.1078-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" When safe search is enabled, it is being enabled on YouTube, too. This creates problems in some scenarios like schools where politics is being tought as well as other subjects that might be censored by YouTube (i.e. election TV spots). Therefore it is now possible to exclude YouTube from Safe Search but keep it enabled for the search engines. Signed-off-by: Michael Tremer --- doc/language_issues.en | 1 + doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.it | 1 + doc/language_issues.nl | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_issues.tr | 1 + doc/language_missings | 7 ++++ html/cgi-bin/dns.cgi | 19 ++++++++++ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + src/initscripts/system/unbound | 69 +++++++++++++++++----------------- 13 files changed, 70 insertions(+), 35 deletions(-) diff --git a/doc/language_issues.en b/doc/language_issues.en index 9efb56a39..6ee7ac034 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -601,6 +601,7 @@ WARNING: untranslated string: dns check failed = DNS check failed WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_issues.es b/doc/language_issues.es index e01f5aa98..a68e232d8 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -897,6 +897,7 @@ WARNING: untranslated string: dns = unknown string WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_issues.fr b/doc/language_issues.fr index b98154eca..60db5a967 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -879,6 +879,7 @@ WARNING: translation string unused: zoneconf val ppp assignment error WARNING: translation string unused: zoneconf val vlan amount assignment error WARNING: translation string unused: zoneconf val vlan tag assignment error WARNING: translation string unused: zoneconf val zoneslave amount error +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string WARNING: untranslated string: guardian block a host = unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index 2f41213a8..414adbb9f 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -923,6 +923,7 @@ WARNING: untranslated string: dns = unknown string WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_issues.nl b/doc/language_issues.nl index d486349bc..03ae8d242 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -923,6 +923,7 @@ WARNING: untranslated string: dns = unknown string WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_issues.pl b/doc/language_issues.pl index e01f5aa98..a68e232d8 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -897,6 +897,7 @@ WARNING: untranslated string: dns = unknown string WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_issues.ru b/doc/language_issues.ru index cc2fe7489..26595d1d9 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -901,6 +901,7 @@ WARNING: untranslated string: dns = unknown string WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 99ead4c4a..3b1c99d97 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -900,6 +900,7 @@ WARNING: untranslated string: dns = unknown string WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_missings b/doc/language_missings index 90f4c2926..2dfa3665f 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -239,6 +239,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dnsforward < dnsforward add a new entry < dnsforward configuration @@ -950,6 +951,7 @@ < ansi t1.483 < bewan adsl pci st < bewan adsl usb +< dns enable safe-search youtube < g.dtm < g.lite < upload fcdsl.o @@ -1052,6 +1054,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dns forward disable dnssec < dnsforward dnssec disabled < dnsforward forward_servers @@ -1431,6 +1434,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dns forward disable dnssec < dnsforward dnssec disabled < dnsforward forward_servers @@ -1923,6 +1927,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dnsforward < dnsforward add a new entry < dnsforward configuration @@ -2792,6 +2797,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dnsforward < dnsforward add a new entry < dnsforward configuration @@ -3516,6 +3522,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dns forward disable dnssec < dnsforward dnssec disabled < dnsforward forward_servers diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi index 0a097e2c0..e406f2b9e 100755 --- a/html/cgi-bin/dns.cgi +++ b/html/cgi-bin/dns.cgi @@ -87,6 +87,10 @@ if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) { $cgiparams{'ENABLE_SAFE_SEARCH'} = "off"; } + if ($cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} ne "on") { + $cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} = "off"; + } + # Check if using ISP nameservers and TLS is enabled at the same time. if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) { $errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'} @@ -259,6 +263,7 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L # Hash to store the generic DNS settings. my %settings = (); +$settings{"ENABLE_SAFE_SEARCH_YOUTUBE"} = "on"; # Read-in general DNS settings. &General::readhash("$settings_file", \%settings); @@ -313,6 +318,10 @@ $checked{'ENABLE_SAFE_SEARCH'}{'off'} = ''; $checked{'ENABLE_SAFE_SEARCH'}{'on'} = ''; $checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'"; +$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'off'} = ''; +$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'} = ''; +$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{$settings{'ENABLE_SAFE_SEARCH_YOUTUBE'}} = "checked='checked'"; + $selected{'PROTO'}{'UDP'} = ''; $selected{'PROTO'}{'TLS'} = ''; $selected{'PROTO'}{'TCP'} = ''; @@ -384,6 +393,16 @@ sub show_general_dns_configuration () { + + + » $Lang::tr{'dns enable safe-search youtube'} + + + + + + +
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 6ad0e02c5..016c92be9 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -829,6 +829,7 @@ 'dns configuration' => 'DNS-Konfiguration', 'dns desc' => 'Wenn auf Schnittstelle red0 die IP-Adressinformationen über DHCP vom Provider kommen, werden automatisch die DNS-Server-Adressen des Providers gesetzt. Hier können Sie nun diese mit den eigenen DNS-Server-IP-Adressen überschreiben.', 'dns enable safe-search' => 'Safe Search via DNS aktivieren', +'dns enable safe-search youtube' => 'YouTube in Safe Search einbeziehen', 'dns error 0' => 'Die IP Adresse vom primären DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!
Die eingegebene sekundären DNS Server Adresse ist jedoch gültig.
', 'dns error 01' => 'Die eingegebene IP Adresse des primären wie auch des sekundären DNS-Servers sind nicht gültig, bitte überprüfen Sie Ihre Eingaben!', 'dns error 1' => 'Die IP Adresse vom sekundären DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!
Die eingegebene primäre DNS Server Adresse ist jedoch gültig.', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index d00de3d03..b190190d8 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -851,6 +851,7 @@ 'dns could not add server' => 'Could not add server - Reason:', 'dns desc' => 'If the red0 interface gets the IP address information via DHCP from the provider, the DNS server addresses will be set automatically. Now here you are able to change these DNS server IP addresses with your own ones.', 'dns enable safe-search' => 'Enable Safe Search', +'dns enable safe-search youtube' => 'Include YouTube in Safe Search', 'dns error 0' => 'The IP address of the primary DNS server is not valid, please check your entries!
The entered secondary DNS server address is valid.', 'dns error 01' => 'The entered IP address of the primary and secondary DNS server are not valid, please check your entries!', 'dns error 1' => 'The IP address of the secondary DNS server is not valid, please check your entries!
The entered primary DNS server address is valid.', diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index acbf6f5b5..5c5d2e3f4 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -502,45 +502,44 @@ update_safe_search() { unbound-control local_zone_remove "${domain}" done >/dev/null - # Nothing to do if safe search is not enabled - if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then - return 0 - fi - - # Bing - unbound-control bing.com transparent >/dev/null - for address in $(resolve "strict.bing.com"); do - unbound-control local_data "www.bing.com ${LOCAL_TTL} IN A ${address}" - done >/dev/null - - # DuckDuckGo - unbound-control local_zone duckduckgo.com typetransparent >/dev/null - for address in $(resolve "safe.duckduckgo.com"); do - unbound-control local_data "duckduckgo.com ${LOCAL_TTL} IN A ${address}" - done >/dev/null - - # Google - local addresses="$(resolve "forcesafesearch.google.com")" - for domain in ${google_tlds[@]}; do - unbound-control local_zone "${domain}" transparent >/dev/null - for address in ${addresses}; do - unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}" + if [ "${ENABLE_SAFE_SEARCH}" = "on" ]; then + # Bing + unbound-control bing.com transparent >/dev/null + for address in $(resolve "strict.bing.com"); do + unbound-control local_data "www.bing.com ${LOCAL_TTL} IN A ${address}" done >/dev/null - done - # Yandex - for domain in yandex.com yandex.ru; do - unbound-control local_zone "${domain}" typetransparent >/dev/null - for address in $(resolve "familysearch.${domain}"); do - unbound-control local_data "${domain} ${LOCAL_TTL} IN A ${address}" + # DuckDuckGo + unbound-control local_zone duckduckgo.com typetransparent >/dev/null + for address in $(resolve "safe.duckduckgo.com"); do + unbound-control local_data "duckduckgo.com ${LOCAL_TTL} IN A ${address}" done >/dev/null - done - # YouTube - unbound-control local_zone youtube.com transparent >/dev/null - for address in $(resolve "restrictmoderate.youtube.com"); do - unbound-control local_data "www.youtube.com ${LOCAL_TTL} IN A ${address}" - done >/dev/null + # Google + local addresses="$(resolve "forcesafesearch.google.com")" + for domain in ${google_tlds[@]}; do + unbound-control local_zone "${domain}" transparent >/dev/null + for address in ${addresses}; do + unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}" + done >/dev/null + done + + # Yandex + for domain in yandex.com yandex.ru; do + unbound-control local_zone "${domain}" typetransparent >/dev/null + for address in $(resolve "familysearch.${domain}"); do + unbound-control local_data "${domain} ${LOCAL_TTL} IN A ${address}" + done >/dev/null + done + + # YouTube + if [ "${ENABLE_SAFE_SEARCH_YOUTUBE}" = "on" ]; then + unbound-control local_zone youtube.com transparent >/dev/null + for address in $(resolve "restrictmoderate.youtube.com"); do + unbound-control local_data "www.youtube.com ${LOCAL_TTL} IN A ${address}" + done >/dev/null + fi + fi return 0 }