From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [RFC PATCH 1/8] unbound: Add switch to enable Google Safe Search
Date: Fri, 03 May 2019 10:54:14 +0200
Message-ID: <3AB5DCF6-509D-455B-ADB6-297E4D1625F6@ipfire.org>
In-Reply-To: <d170a9ad-4fde-31ac-01c3-8055abed43b3@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3319440915943510331=="
List-Id: <development.lists.ipfire.org>

--===============3319440915943510331==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi,

What happens when you run =E2=80=9Cdig google.com=E2=80=9D on the console?

The zones should be transparent and resolve any names that are not overlayed =
by the user-data.

-Michael

> On 1 May 2019, at 15:11, Matthias Fischer <matthias.fischer(a)ipfire.org> w=
rote:
>=20
> Hi,
>=20
> Hm. Did I miss something?
>=20
> Testing the Safesearch-Feature gives me:
>=20
> "Hmm. We=E2=80=99re having trouble finding that site.
>=20
> We can=E2=80=99t connect to the server at www.google.de."
>=20
> =3D> I can't connect to ANY of the now "safe searching" search engines.
>=20
> Only https://yandex.ru/ works...
>=20
> Best,
> Matthias
>=20
> On 30.04.2019 18:16, Michael Tremer wrote:
>> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
>> ---
>> src/initscripts/system/unbound | 215 +++++++++++++++++++++++++++++++++++++=
++++
>> 1 file changed, 215 insertions(+)
>>=20
>> diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbou=
nd
>> index fbb096e0d..4ac8331dc 100644
>> --- a/src/initscripts/system/unbound
>> +++ b/src/initscripts/system/unbound
>> @@ -14,6 +14,7 @@ TEST_DOMAIN_FAIL=3D"dnssec-failed.org"
>>=20
>> INSECURE_ZONES=3D
>> USE_FORWARDERS=3D1
>> +ENABLE_SAFE_SEARCH=3Doff
>>=20
>> # Cache any local zones for 60 seconds
>> LOCAL_TTL=3D60
>> @@ -21,6 +22,202 @@ LOCAL_TTL=3D60
>> # EDNS buffer size
>> EDNS_DEFAULT_BUFFER_SIZE=3D4096
>>=20
>> +GOOGLE_TLDS=3D(
>> +	google.ad
>> +	google.ae
>> +	google.al
>> +	google.am
>> +	google.as
>> +	google.at
>> +	google.az
>> +	google.ba
>> +	google.be
>> +	google.bf
>> +	google.bg
>> +	google.bi
>> +	google.bj
>> +	google.bs
>> +	google.bt
>> +	google.by
>> +	google.ca
>> +	google.cat
>> +	google.cd
>> +	google.cf
>> +	google.cg
>> +	google.ch
>> +	google.ci
>> +	google.cl
>> +	google.cm
>> +	google.cn
>> +	google.co.ao
>> +	google.co.bw
>> +	google.co.ck
>> +	google.co.cr
>> +	google.co.id
>> +	google.co.il
>> +	google.co.in
>> +	google.co.jp
>> +	google.co.ke
>> +	google.co.kr
>> +	google.co.ls
>> +	google.com
>> +	google.co.ma
>> +	google.com.af
>> +	google.com.ag
>> +	google.com.ai
>> +	google.com.ar
>> +	google.com.au
>> +	google.com.bd
>> +	google.com.bh
>> +	google.com.bn
>> +	google.com.bo
>> +	google.com.br
>> +	google.com.bz
>> +	google.com.co
>> +	google.com.cu
>> +	google.com.cy
>> +	google.com.do
>> +	google.com.ec
>> +	google.com.eg
>> +	google.com.et
>> +	google.com.fj
>> +	google.com.gh
>> +	google.com.gi
>> +	google.com.gt
>> +	google.com.hk
>> +	google.com.jm
>> +	google.com.kh
>> +	google.com.kw
>> +	google.com.lb
>> +	google.com.ly
>> +	google.com.mm
>> +	google.com.mt
>> +	google.com.mx
>> +	google.com.my
>> +	google.com.na
>> +	google.com.nf
>> +	google.com.ng
>> +	google.com.ni
>> +	google.com.np
>> +	google.com.om
>> +	google.com.pa
>> +	google.com.pe
>> +	google.com.pg
>> +	google.com.ph
>> +	google.com.pk
>> +	google.com.pr
>> +	google.com.py
>> +	google.com.qa
>> +	google.com.sa
>> +	google.com.sb
>> +	google.com.sg
>> +	google.com.sl
>> +	google.com.sv
>> +	google.com.tj
>> +	google.com.tr
>> +	google.com.tw
>> +	google.com.ua
>> +	google.com.uy
>> +	google.com.vc
>> +	google.com.vn
>> +	google.co.mz
>> +	google.co.nz
>> +	google.co.th
>> +	google.co.tz
>> +	google.co.ug
>> +	google.co.uk
>> +	google.co.uz
>> +	google.co.ve
>> +	google.co.vi
>> +	google.co.za
>> +	google.co.zm
>> +	google.co.zw
>> +	google.cv
>> +	google.cz
>> +	google.de
>> +	google.dj
>> +	google.dk
>> +	google.dm
>> +	google.dz
>> +	google.ee
>> +	google.es
>> +	google.fi
>> +	google.fm
>> +	google.fr
>> +	google.ga
>> +	google.ge
>> +	google.gg
>> +	google.gl
>> +	google.gm
>> +	google.gp
>> +	google.gr
>> +	google.gy
>> +	google.hn
>> +	google.hr
>> +	google.ht
>> +	google.hu
>> +	google.ie
>> +	google.im
>> +	google.iq
>> +	google.is
>> +	google.it
>> +	google.je
>> +	google.jo
>> +	google.kg
>> +	google.ki
>> +	google.kz
>> +	google.la
>> +	google.li
>> +	google.lk
>> +	google.lt
>> +	google.lu
>> +	google.lv
>> +	google.md
>> +	google.me
>> +	google.mg
>> +	google.mk
>> +	google.ml
>> +	google.mn
>> +	google.ms
>> +	google.mu
>> +	google.mv
>> +	google.mw
>> +	google.ne
>> +	google.nl
>> +	google.no
>> +	google.nr
>> +	google.nu
>> +	google.pl
>> +	google.pn
>> +	google.ps
>> +	google.pt
>> +	google.ro
>> +	google.rs
>> +	google.ru
>> +	google.rw
>> +	google.sc
>> +	google.se
>> +	google.sh
>> +	google.si
>> +	google.sk
>> +	google.sm
>> +	google.sn
>> +	google.so
>> +	google.sr
>> +	google.st
>> +	google.td
>> +	google.tg
>> +	google.tk
>> +	google.tl
>> +	google.tm
>> +	google.tn
>> +	google.to
>> +	google.tt
>> +	google.vg
>> +	google.vu
>> +	google.ws
>> +)
>> +
>> # Load optional configuration
>> [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
>>=20
>> @@ -481,6 +678,21 @@ fix_time_if_dns_fail() {
>> 	fi
>> }
>>=20
>> +# Sets up Safe Search for various search engines
>> +setup_safe_search() {
>> +	# Nothing to do if safe search is not enabled
>> +	if [ "${ENABLE_SAFE_SEARCH}" !=3D "on" ]; then
>> +		return 0
>> +	fi
>> +
>> +	local domain
>> +
>> +	# Google
>> +	for domain in ${GOOGLE_TLDS[@]}; do
>> +		unbound-control local_data "${domain} CNAME forcesafesearch.google.com."
>> +	done
>> +}
>> +
>> case "$1" in
>> 	start)
>> 		# Print a nicer messagen when unbound is already running
>> @@ -501,6 +713,9 @@ case "$1" in
>> 		# Make own hostname resolveable
>> 		own_hostname
>>=20
>> +		# Setup Safe Search
>> +		setup_safe_search
>> +
>> 		# Update any known forwarding name servers
>> 		update_forwarders
>>=20
>>=20
>=20


--===============3319440915943510331==--