webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 11:05:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

unbound: safe search: Resolve hosts at startup

Browse Source 
unbound is not able to expand CNAMEs in local-data. Therefore we
have to do it manually at startup.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2019-06-13 11:12:07 +01:00
parent f081e454a6
commit 043e7aa50f
1 changed files with 40 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/initscripts/system/unbound
View File

@@ -482,6 +482,27 @@ fix_time_if_dns_fail() {
fi
}
resolve() {
local hostname="${1}"
local found=0
local ns
for ns in $(read_name_servers); do
local answer
for answer in $(dig +short "@${ns}" A "${hostname}"); do
found=1
# Filter out non-IP addresses
if [[ ! "${answer}" =~ \.$ ]]; then
echo "${answer}"
fi
done
# End loop when we have got something
[ ${found} -eq 1 ] && break
done
}
# Sets up Safe Search for various search engines
write_safe_search_conf() {
local google_tlds=(
@@ -690,18 +711,25 @@ write_safe_search_conf() {
echo "server:"
# Bing
echo " local-zone: bing.com transparent"
echo " local-data: \"www.bing.com CNAME strict.bing.com.\""
echo " local-zone: www.bing.com transparent"
for address in $(resolve "strict.bing.com"); do
echo " local-data: \"www.bing.com ${LOCAL_TTL} IN A ${address}\""
done
# DuckDuckGo
echo " local-zone: duckduckgo.com transparent"
echo " local-data: \"duckduckgo.com CNAME safe.duckduckgo.com.\""
for address in $(resolve "safe.duckduckgo.com"); do
echo " local-data: \"duckduckgo.com ${LOCAL_TTL} IN A ${address}\""
done
# Google
addresses="$(resolve "forcesafesearch.google.com")"
local domain
for domain in ${google_tlds[@]}; do
echo " local-zone: ${domain} transparent"
echo " local-data: \"www.${domain} CNAME forcesafesearch.google.com.\""
for address in ${addresses}; do
echo " local-data: \"www.${domain} ${LOCAL_TTL} IN A ${address}\""
done
done
# Yandex
@@ -710,7 +738,9 @@ write_safe_search_conf() {
# YouTube
echo " local-zone: youtube.com transparent"
echo " local-data: \"www.youtube.com CNAME restrictmoderate.youtube.com.\""
for address in $(resolve "restrictmoderate.youtube.com"); do
echo " local-data: \"www.youtube.com ${LOCAL_TTL} IN A ${address}\""
done
) > /etc/unbound/safe-search.conf
}
@@ -809,8 +839,12 @@ case "$1" in
exit ${ret}
;;
resolve)
resolve "${2}"
;;
*)
echo "Usage: $0 {start|stop|restart|status|update-forwarders|test-name-server}"
echo "Usage: $0 {start|stop|restart|status|update-forwarders|test-name-server|resolve}"
exit 1
;;
esac