Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/unbound/unbound.conf | 3 + src/initscripts/system/unbound | 431 +++++++++++++++++++++-------------------- 2 files changed, 221 insertions(+), 213 deletions(-)
diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf index e20c3330d..4d492a5bc 100644 --- a/config/unbound/unbound.conf +++ b/config/unbound/unbound.conf @@ -81,6 +81,9 @@ server: # Include any forward zones include: "/etc/unbound/forward.conf"
+ # Include safe search settings + include: "/etc/unbound/safe-search.conf" + remote-control: control-enable: yes control-use-cert: no diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 41117904f..951fda7ab 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -22,202 +22,6 @@ LOCAL_TTL=60 # EDNS buffer size EDNS_DEFAULT_BUFFER_SIZE=4096
-GOOGLE_TLDS=( - google.ad - google.ae - google.al - google.am - google.as - google.at - google.az - google.ba - google.be - google.bf - google.bg - google.bi - google.bj - google.bs - google.bt - google.by - google.ca - google.cat - google.cd - google.cf - google.cg - google.ch - google.ci - google.cl - google.cm - google.cn - google.co.ao - google.co.bw - google.co.ck - google.co.cr - google.co.id - google.co.il - google.co.in - google.co.jp - google.co.ke - google.co.kr - google.co.ls - google.com - google.co.ma - google.com.af - google.com.ag - google.com.ai - google.com.ar - google.com.au - google.com.bd - google.com.bh - google.com.bn - google.com.bo - google.com.br - google.com.bz - google.com.co - google.com.cu - google.com.cy - google.com.do - google.com.ec - google.com.eg - google.com.et - google.com.fj - google.com.gh - google.com.gi - google.com.gt - google.com.hk - google.com.jm - google.com.kh - google.com.kw - google.com.lb - google.com.ly - google.com.mm - google.com.mt - google.com.mx - google.com.my - google.com.na - google.com.nf - google.com.ng - google.com.ni - google.com.np - google.com.om - google.com.pa - google.com.pe - google.com.pg - google.com.ph - google.com.pk - google.com.pr - google.com.py - google.com.qa - google.com.sa - google.com.sb - google.com.sg - google.com.sl - google.com.sv - google.com.tj - google.com.tr - google.com.tw - google.com.ua - google.com.uy - google.com.vc - google.com.vn - google.co.mz - google.co.nz - google.co.th - google.co.tz - google.co.ug - google.co.uk - google.co.uz - google.co.ve - google.co.vi - google.co.za - google.co.zm - google.co.zw - google.cv - google.cz - google.de - google.dj - google.dk - google.dm - google.dz - google.ee - google.es - google.fi - google.fm - google.fr - google.ga - google.ge - google.gg - google.gl - google.gm - google.gp - google.gr - google.gy - google.hn - google.hr - google.ht - google.hu - google.ie - google.im - google.iq - google.is - google.it - google.je - google.jo - google.kg - google.ki - google.kz - google.la - google.li - google.lk - google.lt - google.lu - google.lv - google.md - google.me - google.mg - google.mk - google.ml - google.mn - google.ms - google.mu - google.mv - google.mw - google.ne - google.nl - google.no - google.nr - google.nu - google.pl - google.pn - google.ps - google.pt - google.ro - google.rs - google.ru - google.rw - google.sc - google.se - google.sh - google.si - google.sk - google.sm - google.sn - google.so - google.sr - google.st - google.td - google.tg - google.tk - google.tl - google.tm - google.tn - google.to - google.tt - google.vg - google.vu - google.ws -) - # Load optional configuration [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
@@ -679,24 +483,227 @@ fix_time_if_dns_fail() { }
# Sets up Safe Search for various search engines -setup_safe_search() { - # Nothing to do if safe search is not enabled - if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then - return 0 - fi +write_safe_search_conf() { + local google_tlds=( + google.ad + google.ae + google.al + google.am + google.as + google.at + google.az + google.ba + google.be + google.bf + google.bg + google.bi + google.bj + google.bs + google.bt + google.by + google.ca + google.cat + google.cd + google.cf + google.cg + google.ch + google.ci + google.cl + google.cm + google.cn + google.co.ao + google.co.bw + google.co.ck + google.co.cr + google.co.id + google.co.il + google.co.in + google.co.jp + google.co.ke + google.co.kr + google.co.ls + google.com + google.co.ma + google.com.af + google.com.ag + google.com.ai + google.com.ar + google.com.au + google.com.bd + google.com.bh + google.com.bn + google.com.bo + google.com.br + google.com.bz + google.com.co + google.com.cu + google.com.cy + google.com.do + google.com.ec + google.com.eg + google.com.et + google.com.fj + google.com.gh + google.com.gi + google.com.gt + google.com.hk + google.com.jm + google.com.kh + google.com.kw + google.com.lb + google.com.ly + google.com.mm + google.com.mt + google.com.mx + google.com.my + google.com.na + google.com.nf + google.com.ng + google.com.ni + google.com.np + google.com.om + google.com.pa + google.com.pe + google.com.pg + google.com.ph + google.com.pk + google.com.pr + google.com.py + google.com.qa + google.com.sa + google.com.sb + google.com.sg + google.com.sl + google.com.sv + google.com.tj + google.com.tr + google.com.tw + google.com.ua + google.com.uy + google.com.vc + google.com.vn + google.co.mz + google.co.nz + google.co.th + google.co.tz + google.co.ug + google.co.uk + google.co.uz + google.co.ve + google.co.vi + google.co.za + google.co.zm + google.co.zw + google.cv + google.cz + google.de + google.dj + google.dk + google.dm + google.dz + google.ee + google.es + google.fi + google.fm + google.fr + google.ga + google.ge + google.gg + google.gl + google.gm + google.gp + google.gr + google.gy + google.hn + google.hr + google.ht + google.hu + google.ie + google.im + google.iq + google.is + google.it + google.je + google.jo + google.kg + google.ki + google.kz + google.la + google.li + google.lk + google.lt + google.lu + google.lv + google.md + google.me + google.mg + google.mk + google.ml + google.mn + google.ms + google.mu + google.mv + google.mw + google.ne + google.nl + google.no + google.nr + google.nu + google.pl + google.pn + google.ps + google.pt + google.ro + google.rs + google.ru + google.rw + google.sc + google.se + google.sh + google.si + google.sk + google.sm + google.sn + google.so + google.sr + google.st + google.td + google.tg + google.tk + google.tl + google.tm + google.tn + google.to + google.tt + google.vg + google.vu + google.ws + ) + + ( + # Nothing to do if safe search is not enabled + if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then + exit 0 + fi
- local domain + # This all belongs into the server: section + echo "server:"
- # Bing - unbound-control local_data "bind.com CNAME strict.bing.com." + # Bing + echo " local-zone: bing.com transparent" + echo " local-data: "bing.com CNAME strict.bing.com.""
- # DuckDuckGo - unbound-control local_data "duckduckgo.com CNAME safe.duckduckgo.com." + # DuckDuckGo + echo " local-zone: duckduckgo.com transparent" + echo " local-data: "duckduckgo.com CNAME safe.duckduckgo.com.""
- # Google - for domain in ${GOOGLE_TLDS[@]}; do - unbound-control local_data "${domain} CNAME forcesafesearch.google.com." - done + # Google + local domain + for domain in ${google_tlds[@]}; do + echo " local-zone: ${domain} transparent" + echo " local-data: "${domain} CNAME forcesafesearch.google.com."" + done + ) > /etc/unbound/safe-search.conf }
case "$1" in @@ -712,6 +719,7 @@ case "$1" in # Update configuration files write_tuning_conf write_forward_conf + write_safe_search_conf
boot_mesg "Starting Unbound DNS Proxy..." loadproc /usr/sbin/unbound || exit $? @@ -719,9 +727,6 @@ case "$1" in # Make own hostname resolveable own_hostname
- # Setup Safe Search - setup_safe_search - # Update any known forwarding name servers update_forwarders