Hi,
What happens when you run “dig google.com” on the console?
The zones should be transparent and resolve any names that are not overlayed by the user-data.
-Michael
On 1 May 2019, at 15:11, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi,
Hm. Did I miss something?
Testing the Safesearch-Feature gives me:
"Hmm. We’re having trouble finding that site.
We can’t connect to the server at www.google.de."
=> I can't connect to ANY of the now "safe searching" search engines.
Only https://yandex.ru/ works...
Best, Matthias
On 30.04.2019 18:16, Michael Tremer wrote:
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
src/initscripts/system/unbound | 215 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 215 insertions(+)
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index fbb096e0d..4ac8331dc 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -14,6 +14,7 @@ TEST_DOMAIN_FAIL="dnssec-failed.org"
INSECURE_ZONES= USE_FORWARDERS=1 +ENABLE_SAFE_SEARCH=off
# Cache any local zones for 60 seconds LOCAL_TTL=60 @@ -21,6 +22,202 @@ LOCAL_TTL=60 # EDNS buffer size EDNS_DEFAULT_BUFFER_SIZE=4096
+GOOGLE_TLDS=(
- google.ad
- google.ae
- google.al
- google.am
- google.as
- google.at
- google.az
- google.ba
- google.be
- google.bf
- google.bg
- google.bi
- google.bj
- google.bs
- google.bt
- google.by
- google.ca
- google.cat
- google.cd
- google.cf
- google.cg
- google.ch
- google.ci
- google.cl
- google.cm
- google.cn
- google.co.ao
- google.co.bw
- google.co.ck
- google.co.cr
- google.co.id
- google.co.il
- google.co.in
- google.co.jp
- google.co.ke
- google.co.kr
- google.co.ls
- google.com
- google.co.ma
- google.com.af
- google.com.ag
- google.com.ai
- google.com.ar
- google.com.au
- google.com.bd
- google.com.bh
- google.com.bn
- google.com.bo
- google.com.br
- google.com.bz
- google.com.co
- google.com.cu
- google.com.cy
- google.com.do
- google.com.ec
- google.com.eg
- google.com.et
- google.com.fj
- google.com.gh
- google.com.gi
- google.com.gt
- google.com.hk
- google.com.jm
- google.com.kh
- google.com.kw
- google.com.lb
- google.com.ly
- google.com.mm
- google.com.mt
- google.com.mx
- google.com.my
- google.com.na
- google.com.nf
- google.com.ng
- google.com.ni
- google.com.np
- google.com.om
- google.com.pa
- google.com.pe
- google.com.pg
- google.com.ph
- google.com.pk
- google.com.pr
- google.com.py
- google.com.qa
- google.com.sa
- google.com.sb
- google.com.sg
- google.com.sl
- google.com.sv
- google.com.tj
- google.com.tr
- google.com.tw
- google.com.ua
- google.com.uy
- google.com.vc
- google.com.vn
- google.co.mz
- google.co.nz
- google.co.th
- google.co.tz
- google.co.ug
- google.co.uk
- google.co.uz
- google.co.ve
- google.co.vi
- google.co.za
- google.co.zm
- google.co.zw
- google.cv
- google.cz
- google.de
- google.dj
- google.dk
- google.dm
- google.dz
- google.ee
- google.es
- google.fi
- google.fm
- google.fr
- google.ga
- google.ge
- google.gg
- google.gl
- google.gm
- google.gp
- google.gr
- google.gy
- google.hn
- google.hr
- google.ht
- google.hu
- google.ie
- google.im
- google.iq
- google.is
- google.it
- google.je
- google.jo
- google.kg
- google.ki
- google.kz
- google.la
- google.li
- google.lk
- google.lt
- google.lu
- google.lv
- google.md
- google.me
- google.mg
- google.mk
- google.ml
- google.mn
- google.ms
- google.mu
- google.mv
- google.mw
- google.ne
- google.nl
- google.no
- google.nr
- google.nu
- google.pl
- google.pn
- google.ps
- google.pt
- google.ro
- google.rs
- google.ru
- google.rw
- google.sc
- google.se
- google.sh
- google.si
- google.sk
- google.sm
- google.sn
- google.so
- google.sr
- google.st
- google.td
- google.tg
- google.tk
- google.tl
- google.tm
- google.tn
- google.to
- google.tt
- google.vg
- google.vu
- google.ws
+)
# Load optional configuration [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
@@ -481,6 +678,21 @@ fix_time_if_dns_fail() { fi }
+# Sets up Safe Search for various search engines +setup_safe_search() {
- # Nothing to do if safe search is not enabled
- if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
return 0- fi
- local domain
- for domain in ${GOOGLE_TLDS[@]}; do
unbound-control local_data "${domain} CNAME forcesafesearch.google.com."- done
+}
case "$1" in start) # Print a nicer messagen when unbound is already running @@ -501,6 +713,9 @@ case "$1" in # Make own hostname resolveable own_hostname
# Setup Safe Searchsetup_safe_search- # Update any known forwarding name servers update_forwarders