From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH] DNS: Make YouTube configurable for Safe Search Date: Sat, 07 Nov 2020 12:59:08 +0000 Message-ID: <20201107125908.1078-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4075046620197339200==" List-Id: --===============4075046620197339200== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable When safe search is enabled, it is being enabled on YouTube, too. This creates problems in some scenarios like schools where politics is being tought as well as other subjects that might be censored by YouTube (i.e. election TV spots). Therefore it is now possible to exclude YouTube from Safe Search but keep it enabled for the search engines. Signed-off-by: Michael Tremer --- doc/language_issues.en | 1 + doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.it | 1 + doc/language_issues.nl | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_issues.tr | 1 + doc/language_missings | 7 ++++ html/cgi-bin/dns.cgi | 19 ++++++++++ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + src/initscripts/system/unbound | 69 +++++++++++++++++----------------- 13 files changed, 70 insertions(+), 35 deletions(-) diff --git a/doc/language_issues.en b/doc/language_issues.en index 9efb56a39..6ee7ac034 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -601,6 +601,7 @@ WARNING: untranslated string: dns check failed =3D DNS ch= eck failed WARNING: untranslated string: dns check servers =3D Check DNS Servers WARNING: untranslated string: dns configuration =3D DNS Configuration WARNING: untranslated string: dns enable safe-search =3D Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube =3D Include You= Tube in Safe Search WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dns isp assigned nameserver =3D ISP-assigned D= NS server diff --git a/doc/language_issues.es b/doc/language_issues.es index e01f5aa98..a68e232d8 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -897,6 +897,7 @@ WARNING: untranslated string: dns =3D unknown string WARNING: untranslated string: dns check servers =3D Check DNS Servers WARNING: untranslated string: dns configuration =3D DNS Configuration WARNING: untranslated string: dns enable safe-search =3D Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube =3D Include You= Tube in Safe Search WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dns isp assigned nameserver =3D ISP-assigned D= NS server diff --git a/doc/language_issues.fr b/doc/language_issues.fr index b98154eca..60db5a967 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -879,6 +879,7 @@ WARNING: translation string unused: zoneconf val ppp assi= gnment error WARNING: translation string unused: zoneconf val vlan amount assignment error WARNING: translation string unused: zoneconf val vlan tag assignment error WARNING: translation string unused: zoneconf val zoneslave amount error +WARNING: untranslated string: dns enable safe-search youtube =3D Include You= Tube in Safe Search WARNING: untranslated string: fwhost cust locationgrp =3D unknown string WARNING: untranslated string: fwhost err hostip =3D unknown string WARNING: untranslated string: guardian block a host =3D unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index 2f41213a8..414adbb9f 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -923,6 +923,7 @@ WARNING: untranslated string: dns =3D unknown string WARNING: untranslated string: dns check servers =3D Check DNS Servers WARNING: untranslated string: dns configuration =3D DNS Configuration WARNING: untranslated string: dns enable safe-search =3D Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube =3D Include You= Tube in Safe Search WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dns isp assigned nameserver =3D ISP-assigned D= NS server diff --git a/doc/language_issues.nl b/doc/language_issues.nl index d486349bc..03ae8d242 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -923,6 +923,7 @@ WARNING: untranslated string: dns =3D unknown string WARNING: untranslated string: dns check servers =3D Check DNS Servers WARNING: untranslated string: dns configuration =3D DNS Configuration WARNING: untranslated string: dns enable safe-search =3D Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube =3D Include You= Tube in Safe Search WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dns isp assigned nameserver =3D ISP-assigned D= NS server diff --git a/doc/language_issues.pl b/doc/language_issues.pl index e01f5aa98..a68e232d8 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -897,6 +897,7 @@ WARNING: untranslated string: dns =3D unknown string WARNING: untranslated string: dns check servers =3D Check DNS Servers WARNING: untranslated string: dns configuration =3D DNS Configuration WARNING: untranslated string: dns enable safe-search =3D Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube =3D Include You= Tube in Safe Search WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dns isp assigned nameserver =3D ISP-assigned D= NS server diff --git a/doc/language_issues.ru b/doc/language_issues.ru index cc2fe7489..26595d1d9 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -901,6 +901,7 @@ WARNING: untranslated string: dns =3D unknown string WARNING: untranslated string: dns check servers =3D Check DNS Servers WARNING: untranslated string: dns configuration =3D DNS Configuration WARNING: untranslated string: dns enable safe-search =3D Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube =3D Include You= Tube in Safe Search WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dns isp assigned nameserver =3D ISP-assigned D= NS server diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 99ead4c4a..3b1c99d97 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -900,6 +900,7 @@ WARNING: untranslated string: dns =3D unknown string WARNING: untranslated string: dns check servers =3D Check DNS Servers WARNING: untranslated string: dns configuration =3D DNS Configuration WARNING: untranslated string: dns enable safe-search =3D Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube =3D Include You= Tube in Safe Search WARNING: untranslated string: dns forward disable dnssec =3D Disable DNSSEC = (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice =3D (DNS= SEC disabled) WARNING: untranslated string: dns isp assigned nameserver =3D ISP-assigned D= NS server diff --git a/doc/language_missings b/doc/language_missings index 90f4c2926..2dfa3665f 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -239,6 +239,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dnsforward < dnsforward add a new entry < dnsforward configuration @@ -950,6 +951,7 @@ < ansi t1.483 < bewan adsl pci st < bewan adsl usb +< dns enable safe-search youtube < g.dtm < g.lite < upload fcdsl.o @@ -1052,6 +1054,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dns forward disable dnssec < dnsforward dnssec disabled < dnsforward forward_servers @@ -1431,6 +1434,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dns forward disable dnssec < dnsforward dnssec disabled < dnsforward forward_servers @@ -1923,6 +1927,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dnsforward < dnsforward add a new entry < dnsforward configuration @@ -2792,6 +2797,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dnsforward < dnsforward add a new entry < dnsforward configuration @@ -3516,6 +3522,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dns forward disable dnssec < dnsforward dnssec disabled < dnsforward forward_servers diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi index 0a097e2c0..e406f2b9e 100755 --- a/html/cgi-bin/dns.cgi +++ b/html/cgi-bin/dns.cgi @@ -87,6 +87,10 @@ if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) { $cgiparams{'ENABLE_SAFE_SEARCH'} =3D "off"; } =20 + if ($cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} ne "on") { + $cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} =3D "off"; + } + # Check if using ISP nameservers and TLS is enabled at the same time. if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq = "TLS")) { $errormessage =3D $Lang::tr{'dns isp nameservers and tls not allowed'} @@ -259,6 +263,7 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgi= params{'SERVERS'} eq $L =20 # Hash to store the generic DNS settings. my %settings =3D (); +$settings{"ENABLE_SAFE_SEARCH_YOUTUBE"} =3D "on"; =20 # Read-in general DNS settings. &General::readhash("$settings_file", \%settings); @@ -313,6 +318,10 @@ $checked{'ENABLE_SAFE_SEARCH'}{'off'} =3D ''; $checked{'ENABLE_SAFE_SEARCH'}{'on'} =3D ''; $checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} =3D "checked= =3D'checked'"; =20 +$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'off'} =3D ''; +$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'} =3D ''; +$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{$settings{'ENABLE_SAFE_SEARCH_YOUTUBE= '}} =3D "checked=3D'checked'"; + $selected{'PROTO'}{'UDP'} =3D ''; $selected{'PROTO'}{'TLS'} =3D ''; $selected{'PROTO'}{'TCP'} =3D ''; @@ -384,6 +393,16 @@ sub show_general_dns_configuration () { =20 + + + » $Lang::tr{'dns enable safe-search youtube'} + + + + + + +
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 6ad0e02c5..016c92be9 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -829,6 +829,7 @@ 'dns configuration' =3D> 'DNS-Konfiguration', 'dns desc' =3D> 'Wenn auf Schnittstelle red0 die IP-Adressinformationen =C3= =BCber DHCP vom Provider kommen, werden automatisch die DNS-Server-Adressen d= es Providers gesetzt. Hier k=C3=B6nnen Sie nun diese mit den eigenen DNS-Serv= er-IP-Adressen =C3=BCberschreiben.', 'dns enable safe-search' =3D> 'Safe Search via DNS aktivieren', +'dns enable safe-search youtube' =3D> 'YouTube in Safe Search einbeziehen', 'dns error 0' =3D> 'Die IP Adresse vom prim=C3=A4ren DNS Se= rver ist nicht g=C3=BCltig, bitte =C3=BCberpr=C3=BCfen Sie Ihre Eingabe!
Die eingegebene sekund=C3=A4ren DNS Server Adresse ist jedo= ch g=C3=BCltig.
', 'dns error 01' =3D> 'Die eingegebene IP Adresse des prim=C3=A4ren wie auch des sekund=C3=A4ren DNS-Servers sind nicht g= =C3=BCltig, bitte =C3=BCberpr=C3=BCfen Sie Ihre Eingaben!', 'dns error 1' =3D> 'Die IP Adresse vom sekund=C3=A4ren DNS = Server ist nicht g=C3=BCltig, bitte =C3=BCberpr=C3=BCfen Sie Ihre Eingabe!Die eingegebene prim=C3=A4re DNS Server Adresse ist jedoc= h g=C3=BCltig.', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index d00de3d03..b190190d8 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -851,6 +851,7 @@ 'dns could not add server' =3D> 'Could not add server - Reason:', 'dns desc' =3D> 'If the red0 interface gets the IP address information via D= HCP from the provider, the DNS server addresses will be set automatically. No= w here you are able to change these DNS server IP addresses with your own one= s.', 'dns enable safe-search' =3D> 'Enable Safe Search', +'dns enable safe-search youtube' =3D> 'Include YouTube in Safe Search', 'dns error 0' =3D> 'The IP address of the primary DNS serve= r is not valid, please check your entries!
The entered secondary= DNS server address is valid.', 'dns error 01' =3D> 'The entered IP address of the primary = and secondary DNS server are not valid, please check your en= tries!', 'dns error 1' =3D> 'The IP address of the secondary DNS ser= ver is not valid, please check your entries!
The entered primary= DNS server address is valid.', diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index acbf6f5b5..5c5d2e3f4 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -502,45 +502,44 @@ update_safe_search() { unbound-control local_zone_remove "${domain}" done >/dev/null =20 - # Nothing to do if safe search is not enabled - if [ "${ENABLE_SAFE_SEARCH}" !=3D "on" ]; then - return 0 - fi - - # Bing - unbound-control bing.com transparent >/dev/null - for address in $(resolve "strict.bing.com"); do - unbound-control local_data "www.bing.com ${LOCAL_TTL} IN A ${address}" - done >/dev/null - - # DuckDuckGo - unbound-control local_zone duckduckgo.com typetransparent >/dev/null - for address in $(resolve "safe.duckduckgo.com"); do - unbound-control local_data "duckduckgo.com ${LOCAL_TTL} IN A ${address}" - done >/dev/null - - # Google - local addresses=3D"$(resolve "forcesafesearch.google.com")" - for domain in ${google_tlds[@]}; do - unbound-control local_zone "${domain}" transparent >/dev/null - for address in ${addresses}; do - unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}" + if [ "${ENABLE_SAFE_SEARCH}" =3D "on" ]; then + # Bing + unbound-control bing.com transparent >/dev/null + for address in $(resolve "strict.bing.com"); do + unbound-control local_data "www.bing.com ${LOCAL_TTL} IN A ${address}" done >/dev/null - done =20 - # Yandex - for domain in yandex.com yandex.ru; do - unbound-control local_zone "${domain}" typetransparent >/dev/null - for address in $(resolve "familysearch.${domain}"); do - unbound-control local_data "${domain} ${LOCAL_TTL} IN A ${address}" + # DuckDuckGo + unbound-control local_zone duckduckgo.com typetransparent >/dev/null + for address in $(resolve "safe.duckduckgo.com"); do + unbound-control local_data "duckduckgo.com ${LOCAL_TTL} IN A ${address}" done >/dev/null - done =20 - # YouTube - unbound-control local_zone youtube.com transparent >/dev/null - for address in $(resolve "restrictmoderate.youtube.com"); do - unbound-control local_data "www.youtube.com ${LOCAL_TTL} IN A ${address}" - done >/dev/null + # Google + local addresses=3D"$(resolve "forcesafesearch.google.com")" + for domain in ${google_tlds[@]}; do + unbound-control local_zone "${domain}" transparent >/dev/null + for address in ${addresses}; do + unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}" + done >/dev/null + done + + # Yandex + for domain in yandex.com yandex.ru; do + unbound-control local_zone "${domain}" typetransparent >/dev/null + for address in $(resolve "familysearch.${domain}"); do + unbound-control local_data "${domain} ${LOCAL_TTL} IN A ${address}" + done >/dev/null + done + + # YouTube + if [ "${ENABLE_SAFE_SEARCH_YOUTUBE}" =3D "on" ]; then + unbound-control local_zone youtube.com transparent >/dev/null + for address in $(resolve "restrictmoderate.youtube.com"); do + unbound-control local_data "www.youtube.com ${LOCAL_TTL} IN A ${address}" + done >/dev/null + fi + fi =20 return 0 } --=20 2.20.1 --===============4075046620197339200==--