public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed
* Re: [RFC PATCH 1/8] unbound: Add switch to enable Google Safe Search
@ 2019-05-15 17:57 Michael Tremer
  0 siblings, 0 replies; 4+ messages in thread
From: Michael Tremer @ 2019-05-15 17:57 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 10831 bytes --]

Cool. Have a nice one!

> On 15 May 2019, at 10:30, fischerm42(a)t-online.de wrote:
> 
> Hi,
> 
> will take a look when we're back from vacation.
> 
> Best,
> Matthias
> 
> 
> -----Original-Nachricht-----
> Betreff: Re: [RFC PATCH 1/8] unbound: Add switch to enable Google Safe Search
> Datum: 2019-05-13T17:47:58+0200
> Von: "Michael Tremer" <michael.tremer(a)ipfire.org>
> An: "Matthias Fischer" <matthias.fischer(a)ipfire.org>
> 
> Hi,
> 
> There is no rewrite happening on google.com, only www.google.com.
> 
> The output looks fine.
> 
> I have decided to merge this patchset and we will ship it, but there is no way for users to activate it yet apart from manually editing the configuration file.
> 
> There must be some UI element later. That gives us some extra time to test it.
> 
> Can you apply the latest configuration and initscript from next and run tests again?
> 
> -Michael
> 
>> On 3 May 2019, at 12:21, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
>> 
>> On 03.05.2019 10:54, Michael Tremer wrote:
>>> Hi,
>> 
>> Hi,
>> 
>>> What happens when you run “dig google.com” on the console?
>> 
>> In browser, https://www.google.de/ gives me:
>> 
>> "Hmm. We’re having trouble finding that site."
>> 
>> 'dig' results:
>> 
>> ***SNIP***
>> root(a)ipfire: /etc/init.d # dig google.com
>> 
>> ; <<>> DiG 9.11.6-P1 <<>> google.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25720
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;google.com.                    IN      A
>> 
>> ;; ANSWER SECTION:
>> google.com.             108     IN      A       216.58.205.238
>> 
>> ;; Query time: 418 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Fri May 03 13:09:28 CEST 2019
>> ;; MSG SIZE  rcvd: 55
>> ***SNAP***
>> 
>> ***SNIP***
>> root(a)ipfire: /etc/unbound # dig bing.com
>> 
>> ; <<>> DiG 9.11.6-P1 <<>> bing.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45651
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;bing.com.                      IN      A
>> 
>> ;; ANSWER SECTION:
>> bing.com.               191     IN      A       13.107.21.200
>> bing.com.               191     IN      A       204.79.197.200
>> 
>> ;; Query time: 158 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Fri May 03 13:12:11 CEST 2019
>> ;; MSG SIZE  rcvd: 69
>> ***SNAP***
>> 
>> ***SNIP***
>> root(a)ipfire: /etc/unbound # dig duckduckgo.com
>> 
>> ; <<>> DiG 9.11.6-P1 <<>> duckduckgo.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2573
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;duckduckgo.com.                        IN      A
>> 
>> ;; ANSWER SECTION:
>> duckduckgo.com.         3600    IN      CNAME   safe.duckduckgo.com.
>> 
>> ;; Query time: 0 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Fri May 03 13:13:15 CEST 2019
>> ;; MSG SIZE  rcvd: 62
>> ***SNAP***
>> 
>> ***SNIP***
>> root(a)ipfire: /etc/unbound # dig yandex.ru
>> 
>> ; <<>> DiG 9.11.6-P1 <<>> yandex.ru
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43047
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;yandex.ru.                     IN      A
>> 
>> ;; ANSWER SECTION:
>> yandex.ru.              3600    IN      A       213.180.193.56
>> 
>> ;; Query time: 0 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Fri May 03 13:14:02 CEST 2019
>> ;; MSG SIZE  rcvd: 54***SNAP***
>> 
>> The only site I can open in browser after restarting 'unbound' with
>> "ENABLE_SAFE_SEARCH=on" is 'yandex.ru'. All others respond with "Server
>> not found".
>> 
>> HTH,
>> Matthias
>> 
>>> The zones should be transparent and resolve any names that are not overlayed by the user-data.
>>> 
>>> -Michael
>>> 
>>>> On 1 May 2019, at 15:11, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
>>>> 
>>>> Hi,
>>>> 
>>>> Hm. Did I miss something?
>>>> 
>>>> Testing the Safesearch-Feature gives me:
>>>> 
>>>> "Hmm. We’re having trouble finding that site.
>>>> 
>>>> We can’t connect to the server at www.google.de."
>>>> 
>>>> => I can't connect to ANY of the now "safe searching" search engines.
>>>> 
>>>> Only https://yandex.ru/ works...
>>>> 
>>>> Best,
>>>> Matthias
>>>> 
>>>> On 30.04.2019 18:16, Michael Tremer wrote:
>>>>> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
>>>>> ---
>>>>> src/initscripts/system/unbound | 215 +++++++++++++++++++++++++++++++++++++++++
>>>>> 1 file changed, 215 insertions(+)
>>>>> 
>>>>> diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
>>>>> index fbb096e0d..4ac8331dc 100644
>>>>> --- a/src/initscripts/system/unbound
>>>>> +++ b/src/initscripts/system/unbound
>>>>> @@ -14,6 +14,7 @@ TEST_DOMAIN_FAIL="dnssec-failed.org"
>>>>> 
>>>>> INSECURE_ZONES=
>>>>> USE_FORWARDERS=1
>>>>> +ENABLE_SAFE_SEARCH=off
>>>>> 
>>>>> # Cache any local zones for 60 seconds
>>>>> LOCAL_TTL=60
>>>>> @@ -21,6 +22,202 @@ LOCAL_TTL=60
>>>>> # EDNS buffer size
>>>>> EDNS_DEFAULT_BUFFER_SIZE=4096
>>>>> 
>>>>> +GOOGLE_TLDS=(
>>>>> +	google.ad
>>>>> +	google.ae
>>>>> +	google.al
>>>>> +	google.am
>>>>> +	google.as
>>>>> +	google.at
>>>>> +	google.az
>>>>> +	google.ba
>>>>> +	google.be
>>>>> +	google.bf
>>>>> +	google.bg
>>>>> +	google.bi
>>>>> +	google.bj
>>>>> +	google.bs
>>>>> +	google.bt
>>>>> +	google.by
>>>>> +	google.ca
>>>>> +	google.cat
>>>>> +	google.cd
>>>>> +	google.cf
>>>>> +	google.cg
>>>>> +	google.ch
>>>>> +	google.ci
>>>>> +	google.cl
>>>>> +	google.cm
>>>>> +	google.cn
>>>>> +	google.co.ao
>>>>> +	google.co.bw
>>>>> +	google.co.ck
>>>>> +	google.co.cr
>>>>> +	google.co.id
>>>>> +	google.co.il
>>>>> +	google.co.in
>>>>> +	google.co.jp
>>>>> +	google.co.ke
>>>>> +	google.co.kr
>>>>> +	google.co.ls
>>>>> +	google.com
>>>>> +	google.co.ma
>>>>> +	google.com.af
>>>>> +	google.com.ag
>>>>> +	google.com.ai
>>>>> +	google.com.ar
>>>>> +	google.com.au
>>>>> +	google.com.bd
>>>>> +	google.com.bh
>>>>> +	google.com.bn
>>>>> +	google.com.bo
>>>>> +	google.com.br
>>>>> +	google.com.bz
>>>>> +	google.com.co
>>>>> +	google.com.cu
>>>>> +	google.com.cy
>>>>> +	google.com.do
>>>>> +	google.com.ec
>>>>> +	google.com.eg
>>>>> +	google.com.et
>>>>> +	google.com.fj
>>>>> +	google.com.gh
>>>>> +	google.com.gi
>>>>> +	google.com.gt
>>>>> +	google.com.hk
>>>>> +	google.com.jm
>>>>> +	google.com.kh
>>>>> +	google.com.kw
>>>>> +	google.com.lb
>>>>> +	google.com.ly
>>>>> +	google.com.mm
>>>>> +	google.com.mt
>>>>> +	google.com.mx
>>>>> +	google.com.my
>>>>> +	google.com.na
>>>>> +	google.com.nf
>>>>> +	google.com.ng
>>>>> +	google.com.ni
>>>>> +	google.com.np
>>>>> +	google.com.om
>>>>> +	google.com.pa
>>>>> +	google.com.pe
>>>>> +	google.com.pg
>>>>> +	google.com.ph
>>>>> +	google.com.pk
>>>>> +	google.com.pr
>>>>> +	google.com.py
>>>>> +	google.com.qa
>>>>> +	google.com.sa
>>>>> +	google.com.sb
>>>>> +	google.com.sg
>>>>> +	google.com.sl
>>>>> +	google.com.sv
>>>>> +	google.com.tj
>>>>> +	google.com.tr
>>>>> +	google.com.tw
>>>>> +	google.com.ua
>>>>> +	google.com.uy
>>>>> +	google.com.vc
>>>>> +	google.com.vn
>>>>> +	google.co.mz
>>>>> +	google.co.nz
>>>>> +	google.co.th
>>>>> +	google.co.tz
>>>>> +	google.co.ug
>>>>> +	google.co.uk
>>>>> +	google.co.uz
>>>>> +	google.co.ve
>>>>> +	google.co.vi
>>>>> +	google.co.za
>>>>> +	google.co.zm
>>>>> +	google.co.zw
>>>>> +	google.cv
>>>>> +	google.cz
>>>>> +	google.de
>>>>> +	google.dj
>>>>> +	google.dk
>>>>> +	google.dm
>>>>> +	google.dz
>>>>> +	google.ee
>>>>> +	google.es
>>>>> +	google.fi
>>>>> +	google.fm
>>>>> +	google.fr
>>>>> +	google.ga
>>>>> +	google.ge
>>>>> +	google.gg
>>>>> +	google.gl
>>>>> +	google.gm
>>>>> +	google.gp
>>>>> +	google.gr
>>>>> +	google.gy
>>>>> +	google.hn
>>>>> +	google.hr
>>>>> +	google.ht
>>>>> +	google.hu
>>>>> +	google.ie
>>>>> +	google.im
>>>>> +	google.iq
>>>>> +	google.is
>>>>> +	google.it
>>>>> +	google.je
>>>>> +	google.jo
>>>>> +	google.kg
>>>>> +	google.ki
>>>>> +	google.kz
>>>>> +	google.la
>>>>> +	google.li
>>>>> +	google.lk
>>>>> +	google.lt
>>>>> +	google.lu
>>>>> +	google.lv
>>>>> +	google.md
>>>>> +	google.me
>>>>> +	google.mg
>>>>> +	google.mk
>>>>> +	google.ml
>>>>> +	google.mn
>>>>> +	google.ms
>>>>> +	google.mu
>>>>> +	google.mv
>>>>> +	google.mw
>>>>> +	google.ne
>>>>> +	google.nl
>>>>> +	google.no
>>>>> +	google.nr
>>>>> +	google.nu
>>>>> +	google.pl
>>>>> +	google.pn
>>>>> +	google.ps
>>>>> +	google.pt
>>>>> +	google.ro
>>>>> +	google.rs
>>>>> +	google.ru
>>>>> +	google.rw
>>>>> +	google.sc
>>>>> +	google.se
>>>>> +	google.sh
>>>>> +	google.si
>>>>> +	google.sk
>>>>> +	google.sm
>>>>> +	google.sn
>>>>> +	google.so
>>>>> +	google.sr
>>>>> +	google.st
>>>>> +	google.td
>>>>> +	google.tg
>>>>> +	google.tk
>>>>> +	google.tl
>>>>> +	google.tm
>>>>> +	google.tn
>>>>> +	google.to
>>>>> +	google.tt
>>>>> +	google.vg
>>>>> +	google.vu
>>>>> +	google.ws
>>>>> +)
>>>>> +
>>>>> # Load optional configuration
>>>>> [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
>>>>> 
>>>>> @@ -481,6 +678,21 @@ fix_time_if_dns_fail() {
>>>>> 	fi
>>>>> }
>>>>> 
>>>>> +# Sets up Safe Search for various search engines
>>>>> +setup_safe_search() {
>>>>> +	# Nothing to do if safe search is not enabled
>>>>> +	if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
>>>>> +		return 0
>>>>> +	fi
>>>>> +
>>>>> +	local domain
>>>>> +
>>>>> +	# Google
>>>>> +	for domain in ${GOOGLE_TLDS[@]}; do
>>>>> +		unbound-control local_data "${domain} CNAME forcesafesearch.google.com."
>>>>> +	done
>>>>> +}
>>>>> +
>>>>> case "$1" in
>>>>> 	start)
>>>>> 		# Print a nicer messagen when unbound is already running
>>>>> @@ -501,6 +713,9 @@ case "$1" in
>>>>> 		# Make own hostname resolveable
>>>>> 		own_hostname
>>>>> 
>>>>> +		# Setup Safe Search
>>>>> +		setup_safe_search
>>>>> +
>>>>> 		# Update any known forwarding name servers
>>>>> 		update_forwarders
>>>>> 
>>>>> 
>>>> 
>>> 
>>> 
>> 
> 
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread
[parent not found: <20190430161645.24261-2-michael.tremer@ipfire.org>]
end of thread, other threads:[~2019-05-15 17:57 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <f1a1c35f-48e1-f726-26a2-c49aef953035@ipfire.org>
2019-05-13 15:47 ` [RFC PATCH 1/8] unbound: Add switch to enable Google Safe Search Michael Tremer
2019-05-15 17:57 Michael Tremer
     [not found] <20190430161645.24261-2-michael.tremer@ipfire.org>
2019-05-01 13:11 ` Matthias Fischer
2019-05-03  8:54   ` Michael Tremer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox