Hi, What happens when you run “dig google.com” on the console? The zones should be transparent and resolve any names that are not overlayed by the user-data. -Michael > On 1 May 2019, at 15:11, Matthias Fischer wrote: > > Hi, > > Hm. Did I miss something? > > Testing the Safesearch-Feature gives me: > > "Hmm. We’re having trouble finding that site. > > We can’t connect to the server at www.google.de." > > => I can't connect to ANY of the now "safe searching" search engines. > > Only https://yandex.ru/ works... > > Best, > Matthias > > On 30.04.2019 18:16, Michael Tremer wrote: >> Signed-off-by: Michael Tremer >> --- >> src/initscripts/system/unbound | 215 +++++++++++++++++++++++++++++++++++++++++ >> 1 file changed, 215 insertions(+) >> >> diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound >> index fbb096e0d..4ac8331dc 100644 >> --- a/src/initscripts/system/unbound >> +++ b/src/initscripts/system/unbound >> @@ -14,6 +14,7 @@ TEST_DOMAIN_FAIL="dnssec-failed.org" >> >> INSECURE_ZONES= >> USE_FORWARDERS=1 >> +ENABLE_SAFE_SEARCH=off >> >> # Cache any local zones for 60 seconds >> LOCAL_TTL=60 >> @@ -21,6 +22,202 @@ LOCAL_TTL=60 >> # EDNS buffer size >> EDNS_DEFAULT_BUFFER_SIZE=4096 >> >> +GOOGLE_TLDS=( >> + google.ad >> + google.ae >> + google.al >> + google.am >> + google.as >> + google.at >> + google.az >> + google.ba >> + google.be >> + google.bf >> + google.bg >> + google.bi >> + google.bj >> + google.bs >> + google.bt >> + google.by >> + google.ca >> + google.cat >> + google.cd >> + google.cf >> + google.cg >> + google.ch >> + google.ci >> + google.cl >> + google.cm >> + google.cn >> + google.co.ao >> + google.co.bw >> + google.co.ck >> + google.co.cr >> + google.co.id >> + google.co.il >> + google.co.in >> + google.co.jp >> + google.co.ke >> + google.co.kr >> + google.co.ls >> + google.com >> + google.co.ma >> + google.com.af >> + google.com.ag >> + google.com.ai >> + google.com.ar >> + google.com.au >> + google.com.bd >> + google.com.bh >> + google.com.bn >> + google.com.bo >> + google.com.br >> + google.com.bz >> + google.com.co >> + google.com.cu >> + google.com.cy >> + google.com.do >> + google.com.ec >> + google.com.eg >> + google.com.et >> + google.com.fj >> + google.com.gh >> + google.com.gi >> + google.com.gt >> + google.com.hk >> + google.com.jm >> + google.com.kh >> + google.com.kw >> + google.com.lb >> + google.com.ly >> + google.com.mm >> + google.com.mt >> + google.com.mx >> + google.com.my >> + google.com.na >> + google.com.nf >> + google.com.ng >> + google.com.ni >> + google.com.np >> + google.com.om >> + google.com.pa >> + google.com.pe >> + google.com.pg >> + google.com.ph >> + google.com.pk >> + google.com.pr >> + google.com.py >> + google.com.qa >> + google.com.sa >> + google.com.sb >> + google.com.sg >> + google.com.sl >> + google.com.sv >> + google.com.tj >> + google.com.tr >> + google.com.tw >> + google.com.ua >> + google.com.uy >> + google.com.vc >> + google.com.vn >> + google.co.mz >> + google.co.nz >> + google.co.th >> + google.co.tz >> + google.co.ug >> + google.co.uk >> + google.co.uz >> + google.co.ve >> + google.co.vi >> + google.co.za >> + google.co.zm >> + google.co.zw >> + google.cv >> + google.cz >> + google.de >> + google.dj >> + google.dk >> + google.dm >> + google.dz >> + google.ee >> + google.es >> + google.fi >> + google.fm >> + google.fr >> + google.ga >> + google.ge >> + google.gg >> + google.gl >> + google.gm >> + google.gp >> + google.gr >> + google.gy >> + google.hn >> + google.hr >> + google.ht >> + google.hu >> + google.ie >> + google.im >> + google.iq >> + google.is >> + google.it >> + google.je >> + google.jo >> + google.kg >> + google.ki >> + google.kz >> + google.la >> + google.li >> + google.lk >> + google.lt >> + google.lu >> + google.lv >> + google.md >> + google.me >> + google.mg >> + google.mk >> + google.ml >> + google.mn >> + google.ms >> + google.mu >> + google.mv >> + google.mw >> + google.ne >> + google.nl >> + google.no >> + google.nr >> + google.nu >> + google.pl >> + google.pn >> + google.ps >> + google.pt >> + google.ro >> + google.rs >> + google.ru >> + google.rw >> + google.sc >> + google.se >> + google.sh >> + google.si >> + google.sk >> + google.sm >> + google.sn >> + google.so >> + google.sr >> + google.st >> + google.td >> + google.tg >> + google.tk >> + google.tl >> + google.tm >> + google.tn >> + google.to >> + google.tt >> + google.vg >> + google.vu >> + google.ws >> +) >> + >> # Load optional configuration >> [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound >> >> @@ -481,6 +678,21 @@ fix_time_if_dns_fail() { >> fi >> } >> >> +# Sets up Safe Search for various search engines >> +setup_safe_search() { >> + # Nothing to do if safe search is not enabled >> + if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then >> + return 0 >> + fi >> + >> + local domain >> + >> + # Google >> + for domain in ${GOOGLE_TLDS[@]}; do >> + unbound-control local_data "${domain} CNAME forcesafesearch.google.com." >> + done >> +} >> + >> case "$1" in >> start) >> # Print a nicer messagen when unbound is already running >> @@ -501,6 +713,9 @@ case "$1" in >> # Make own hostname resolveable >> own_hostname >> >> + # Setup Safe Search >> + setup_safe_search >> + >> # Update any known forwarding name servers >> update_forwarders >> >> >