DNS: Make YouTube configurable for Safe Search

When safe search is enabled, it is being enabled on YouTube, too.

This creates problems in some scenarios like schools where politics
is being tought as well as other subjects that might be censored by
YouTube (i.e. election TV spots).

Therefore it is now possible to exclude YouTube from Safe Search
but keep it enabled for the search engines.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

doc/language_issues.en

@@ -600,6 +600,7 @@ WARNING: untranslated string: dns check failed = DNS check failed
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server

doc/language_issues.es

@@ -896,6 +896,7 @@ WARNING: untranslated string: dnat address = Firewall Interface
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server

doc/language_issues.fr

@@ -877,6 +877,7 @@ WARNING: translation string unused: zoneconf val ppp assignment error
 WARNING: translation string unused: zoneconf val vlan amount assignment error
 WARNING: translation string unused: zoneconf val vlan tag assignment error
 WARNING: translation string unused: zoneconf val zoneslave amount error
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
 WARNING: untranslated string: guardian block a host = unknown string

doc/language_issues.it

@@ -920,6 +920,7 @@ WARNING: untranslated string: dl client arch insecure = Download insecure Client
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server

doc/language_issues.nl

@@ -921,6 +921,7 @@ WARNING: untranslated string: dl client arch insecure = Download insecure Client
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server

doc/language_issues.pl

@@ -896,6 +896,7 @@ WARNING: untranslated string: dnat address = Firewall Interface
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server

doc/language_issues.ru

@@ -899,6 +899,7 @@ WARNING: untranslated string: dnat address = Firewall Interface
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server

doc/language_issues.tr

@@ -897,6 +897,7 @@ WARNING: untranslated string: disconnected = Disconnected
 WARNING: untranslated string: dns check servers = Check DNS Servers
 WARNING: untranslated string: dns configuration = DNS Configuration
 WARNING: untranslated string: dns enable safe-search = Enable Safe Search
+WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
 WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous)
 WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled)
 WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server

doc/language_missings

@@ -239,6 +239,7 @@
 < dns configuration
 < dns could not add server
 < dns enable safe-search
+< dns enable safe-search youtube
 < dnsforward
 < dnsforward add a new entry
 < dnsforward configuration
@@ -950,6 +951,7 @@
 < ansi t1.483
 < bewan adsl pci st
 < bewan adsl usb
+< dns enable safe-search youtube
 < g.dtm
 < g.lite
 < upload fcdsl.o
@@ -1052,6 +1054,7 @@
 < dns configuration
 < dns could not add server
 < dns enable safe-search
+< dns enable safe-search youtube
 < dns forward disable dnssec
 < dnsforward dnssec disabled
 < dnsforward forward_servers
@@ -1431,6 +1434,7 @@
 < dns configuration
 < dns could not add server
 < dns enable safe-search
+< dns enable safe-search youtube
 < dns forward disable dnssec
 < dnsforward dnssec disabled
 < dnsforward forward_servers
@@ -1922,6 +1926,7 @@
 < dns configuration
 < dns could not add server
 < dns enable safe-search
+< dns enable safe-search youtube
 < dnsforward
 < dnsforward add a new entry
 < dnsforward configuration
@@ -2790,6 +2795,7 @@
 < dns configuration
 < dns could not add server
 < dns enable safe-search
+< dns enable safe-search youtube
 < dnsforward
 < dnsforward add a new entry
 < dnsforward configuration
@@ -3513,6 +3519,7 @@
 < dns configuration
 < dns could not add server
 < dns enable safe-search
+< dns enable safe-search youtube
 < dns forward disable dnssec
 < dnsforward dnssec disabled
 < dnsforward forward_servers

html/cgi-bin/dns.cgi

@@ -87,6 +87,10 @@ if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
 		$cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
 	}
 
+	if ($cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} ne "on") {
+		$cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} = "off";
+	}
+
 	# Check if using ISP nameservers and TLS is enabled at the same time.
 	if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) {
 		$errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'}
@@ -259,6 +263,7 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L
 
 # Hash to store the generic DNS settings.
 my %settings = ();
+$settings{"ENABLE_SAFE_SEARCH_YOUTUBE"} = "on";
 
 # Read-in general DNS settings.
 &General::readhash("$settings_file", \%settings);
@@ -310,6 +315,10 @@ $checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
 $checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
 $checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
 
+$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'off'} = '';
+$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'} = '';
+$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{$settings{'ENABLE_SAFE_SEARCH_YOUTUBE'}} = "checked='checked'";
+
 $selected{'PROTO'}{'UDP'} = '';
 $selected{'PROTO'}{'TLS'} = '';
 $selected{'PROTO'}{'TCP'} = '';
@@ -381,6 +390,16 @@ sub show_general_dns_configuration () {
 				</td>
 			</tr>
 
+			<tr>
+				<td width="33%">
+					&raquo; $Lang::tr{'dns enable safe-search youtube'}
+				</td>
+
+				<td>
+					<input type="checkbox" name="ENABLE_SAFE_SEARCH_YOUTUBE" $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'}>
+				</td>
+			</tr>
+
 			<tr>
 				<td colspan="2">
 					<br>

langs/de/cgi-bin/de.pl

@@ -828,6 +828,7 @@
 'dns configuration' => 'DNS-Konfiguration',
 'dns desc' => 'Wenn auf Schnittstelle red0 die IP-Adressinformationen über DHCP vom Provider kommen, werden automatisch die DNS-Server-Adressen des Providers gesetzt. Hier können Sie nun diese mit den eigenen DNS-Server-IP-Adressen überschreiben.',
 'dns enable safe-search' => 'Safe Search via DNS aktivieren',
+'dns enable safe-search youtube' => 'YouTube in Safe Search einbeziehen',
 'dns error 0' => 'Die IP Adresse vom <strong>primären</strong> DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!<br />Die eingegebene <strong>sekundären</strong> DNS Server Adresse ist jedoch gültig.<br />',
 'dns error 01' => 'Die eingegebene IP Adresse des <strong>primären</strong> wie auch des <strong>sekundären</strong> DNS-Servers sind nicht gültig, bitte überprüfen Sie Ihre Eingaben!',
 'dns error 1' => 'Die IP Adresse vom <strong>sekundären</strong> DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!<br />Die eingegebene <strong>primäre</strong> DNS Server Adresse ist jedoch gültig.',

langs/en/cgi-bin/en.pl

@@ -851,6 +851,7 @@
 'dns could not add server' => 'Could not add server - Reason:',
 'dns desc' => 'If the red0 interface gets the IP address information via DHCP from the provider, the DNS server addresses will be set automatically. Now here you are able to change these DNS server IP addresses with your own ones.',
 'dns enable safe-search' => 'Enable Safe Search',
+'dns enable safe-search youtube' => 'Include YouTube in Safe Search',
 'dns error 0' => 'The IP address of the <strong>primary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>secondary</strong> DNS server address is valid.',
 'dns error 01' => 'The entered IP address of the <strong>primary</strong> and <strong>secondary</strong> DNS server are not valid, please check your entries!',
 'dns error 1' => 'The IP address of the <strong>secondary</strong> DNS server is not valid, please check your entries!<br />The entered <strong>primary</strong> DNS server address is valid.',

src/initscripts/system/unbound

@@ -502,46 +502,45 @@ update_safe_search() {
 		unbound-control local_zone_remove "${domain}"
 	done >/dev/null
 
-	# Nothing to do if safe search is not enabled
-	if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
-		return 0
+	if [ "${ENABLE_SAFE_SEARCH}" = "on" ]; then
+		# Bing
+		unbound-control bing.com transparent >/dev/null
+		for address in $(resolve "strict.bing.com"); do
+			unbound-control local_data "www.bing.com ${LOCAL_TTL} IN A ${address}"
+		done >/dev/null
+
+		# DuckDuckGo
+		unbound-control local_zone duckduckgo.com typetransparent >/dev/null
+		for address in $(resolve "safe.duckduckgo.com"); do
+			unbound-control local_data "duckduckgo.com ${LOCAL_TTL} IN A ${address}"
+		done >/dev/null
+
+		# Google
+		local addresses="$(resolve "forcesafesearch.google.com")"
+		for domain in ${google_tlds[@]}; do
+			unbound-control local_zone "${domain}" transparent >/dev/null
+			for address in ${addresses}; do
+				unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}"
+			done >/dev/null
+		done
+
+		# Yandex
+		for domain in yandex.com yandex.ru; do
+			unbound-control local_zone "${domain}" typetransparent >/dev/null
+			for address in $(resolve "familysearch.${domain}"); do
+				unbound-control local_data "${domain} ${LOCAL_TTL} IN A ${address}"
+			done >/dev/null
+		done
+
+		# YouTube
+		if [ "${ENABLE_SAFE_SEARCH_YOUTUBE}" = "on" ]; then
+			unbound-control local_zone youtube.com transparent >/dev/null
+			for address in $(resolve "restrictmoderate.youtube.com"); do
+				unbound-control local_data "www.youtube.com ${LOCAL_TTL} IN A ${address}"
+			done >/dev/null
+		fi
 	fi
 
-	# Bing
-	unbound-control bing.com transparent >/dev/null
-	for address in $(resolve "strict.bing.com"); do
-		unbound-control local_data "www.bing.com ${LOCAL_TTL} IN A ${address}"
-	done >/dev/null
-
-	# DuckDuckGo
-	unbound-control local_zone duckduckgo.com typetransparent >/dev/null
-	for address in $(resolve "safe.duckduckgo.com"); do
-		unbound-control local_data "duckduckgo.com ${LOCAL_TTL} IN A ${address}"
-	done >/dev/null
-
-	# Google
-	local addresses="$(resolve "forcesafesearch.google.com")"
-	for domain in ${google_tlds[@]}; do
-		unbound-control local_zone "${domain}" transparent >/dev/null
-		for address in ${addresses}; do
-			unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}"
-		done >/dev/null
-	done
-
-	# Yandex
-	for domain in yandex.com yandex.ru; do
-		unbound-control local_zone "${domain}" typetransparent >/dev/null
-		for address in $(resolve "familysearch.${domain}"); do
-			unbound-control local_data "${domain} ${LOCAL_TTL} IN A ${address}"
-		done >/dev/null
-	done
-
-	# YouTube
-	unbound-control local_zone youtube.com transparent >/dev/null
-	for address in $(resolve "restrictmoderate.youtube.com"); do
-		unbound-control local_data "www.youtube.com ${LOCAL_TTL} IN A ${address}"
-	done >/dev/null
-
 	return 0
 }