echo "local-data: \"${address} ${LOCAL_TTL} IN PTR ${HOSTNAME}\""
done
- # Add all hosts
local enabled address hostname domainname generateptr
+
+ # Find all unique domain names
+ while IFS="," read -r enabled address hostname domainname generateptr; do
+ [ "${enabled}" = "on" ] || continue
+
+ # Skip empty domainnames
+ [ "${domainname}" = "" ] && continue
+
+ echo "local-zone: ${domainname} typetransparent"
+ done < /var/ipfire/main/hosts | sort -u
+
+ # Add all hosts
while IFS="," read -r enabled address hostname domainname generateptr; do
[ "${enabled}" = "on" ] || continue
write_tuning_conf() {
# https://www.unbound.net/documentation/howto_optimise.html
- # Determine number of online processors
- local processors=$(getconf _NPROCESSORS_ONLN)
-
- # Determine number of slabs
- local slabs=1
- while [ ${slabs} -lt ${processors} ]; do
- slabs=$(( ${slabs} * 2 ))
- done
-
# Determine amount of system memory
local mem=$(get_memory_amount)
(
config_header
- # We run one thread per processor
- echo "num-threads: ${processors}"
- echo "so-reuseport: yes"
-
- # Adjust number of slabs
- echo "infra-cache-slabs: ${slabs}"
- echo "key-cache-slabs: ${slabs}"
- echo "msg-cache-slabs: ${slabs}"
- echo "rrset-cache-slabs: ${slabs}"
-
# Slice up the cache
echo "rrset-cache-size: $(( ${mem} / 2 ))m"
echo "msg-cache-size: $(( ${mem} / 4 ))m"
unbound-control local_zone_remove "${domain}"
done >/dev/null
- # Nothing to do if safe search is not enabled
- if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
- return 0
- fi
-
- # Bing
- unbound-control bing.com transparent >/dev/null
- for address in $(resolve "strict.bing.com"); do
- unbound-control local_data "www.bing.com ${LOCAL_TTL} IN A ${address}"
- done >/dev/null
-
- # DuckDuckGo
- unbound-control local_zone duckduckgo.com typetransparent >/dev/null
- for address in $(resolve "safe.duckduckgo.com"); do
- unbound-control local_data "duckduckgo.com ${LOCAL_TTL} IN A ${address}"
- done >/dev/null
-
- # Google
- local addresses="$(resolve "forcesafesearch.google.com")"
- for domain in ${google_tlds[@]}; do
- unbound-control local_zone "${domain}" transparent >/dev/null
- for address in ${addresses}; do
- unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}"
+ if [ "${ENABLE_SAFE_SEARCH}" = "on" ]; then
+ # Bing
+ unbound-control bing.com transparent >/dev/null
+ for address in $(resolve "strict.bing.com"); do
+ unbound-control local_data "www.bing.com ${LOCAL_TTL} IN A ${address}"
done >/dev/null
- done
- # Yandex
- for domain in yandex.com yandex.ru; do
- unbound-control local_zone "${domain}" typetransparent >/dev/null
- for address in $(resolve "familysearch.${domain}"); do
- unbound-control local_data "${domain} ${LOCAL_TTL} IN A ${address}"
+ # DuckDuckGo
+ unbound-control local_zone duckduckgo.com typetransparent >/dev/null
+ for address in $(resolve "safe.duckduckgo.com"); do
+ unbound-control local_data "duckduckgo.com ${LOCAL_TTL} IN A ${address}"
done >/dev/null
- done
- # YouTube
- unbound-control local_zone youtube.com transparent >/dev/null
- for address in $(resolve "restrictmoderate.youtube.com"); do
- unbound-control local_data "www.youtube.com ${LOCAL_TTL} IN A ${address}"
- done >/dev/null
+ # Google
+ local addresses="$(resolve "forcesafesearch.google.com")"
+ for domain in ${google_tlds[@]}; do
+ unbound-control local_zone "${domain}" transparent >/dev/null
+ for address in ${addresses}; do
+ unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}"
+ done >/dev/null
+ done
+
+ # Yandex
+ for domain in yandex.com yandex.ru; do
+ unbound-control local_zone "${domain}" typetransparent >/dev/null
+ for address in $(resolve "familysearch.${domain}"); do
+ unbound-control local_data "${domain} ${LOCAL_TTL} IN A ${address}"
+ done >/dev/null
+ done
+
+ # YouTube
+ if [ "${ENABLE_SAFE_SEARCH_YOUTUBE}" = "on" ]; then
+ unbound-control local_zone youtube.com transparent >/dev/null
+ for address in $(resolve "restrictmoderate.youtube.com"); do
+ unbound-control local_data "www.youtube.com ${LOCAL_TTL} IN A ${address}"
+ done >/dev/null
+ fi
+ fi
return 0
}