unbound: Add switch to enable Google Safe Search

author Michael Tremer <michael.tremer@ipfire.org>

Tue, 30 Apr 2019 15:15:06 +0000 (16:15 +0100)

committer Michael Tremer <michael.tremer@ipfire.org>

Tue, 30 Apr 2019 15:15:06 +0000 (16:15 +0100)
author Michael Tremer <michael.tremer@ipfire.org>
Tue, 30 Apr 2019 15:15:06 +0000 (16:15 +0100)
committer Michael Tremer <michael.tremer@ipfire.org>
Tue, 30 Apr 2019 15:15:06 +0000 (16:15 +0100)
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound

index fbb096e0d7bd0ad8c7318f76f1f499accda3dd6b..4ac8331dc3800963682770d43c24af0778c243ef 100644 (file)
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -14,6 +14,7 @@ TEST_DOMAIN_FAIL="dnssec-failed.org"
  
  INSECURE_ZONES=
  USE_FORWARDERS=1
+ENABLE_SAFE_SEARCH=off
  
  # Cache any local zones for 60 seconds
  LOCAL_TTL=60
@@ -21,6 +22,202 @@ LOCAL_TTL=60
  # EDNS buffer size
  EDNS_DEFAULT_BUFFER_SIZE=4096
  
+GOOGLE_TLDS=(
+       google.ad
+       google.ae
+       google.al
+       google.am
+       google.as
+       google.at
+       google.az
+       google.ba
+       google.be
+       google.bf
+       google.bg
+       google.bi
+       google.bj
+       google.bs
+       google.bt
+       google.by
+       google.ca
+       google.cat
+       google.cd
+       google.cf
+       google.cg
+       google.ch
+       google.ci
+       google.cl
+       google.cm
+       google.cn
+       google.co.ao
+       google.co.bw
+       google.co.ck
+       google.co.cr
+       google.co.id
+       google.co.il
+       google.co.in
+       google.co.jp
+       google.co.ke
+       google.co.kr
+       google.co.ls
+       google.com
+       google.co.ma
+       google.com.af
+       google.com.ag
+       google.com.ai
+       google.com.ar
+       google.com.au
+       google.com.bd
+       google.com.bh
+       google.com.bn
+       google.com.bo
+       google.com.br
+       google.com.bz
+       google.com.co
+       google.com.cu
+       google.com.cy
+       google.com.do
+       google.com.ec
+       google.com.eg
+       google.com.et
+       google.com.fj
+       google.com.gh
+       google.com.gi
+       google.com.gt
+       google.com.hk
+       google.com.jm
+       google.com.kh
+       google.com.kw
+       google.com.lb
+       google.com.ly
+       google.com.mm
+       google.com.mt
+       google.com.mx
+       google.com.my
+       google.com.na
+       google.com.nf
+       google.com.ng
+       google.com.ni
+       google.com.np
+       google.com.om
+       google.com.pa
+       google.com.pe
+       google.com.pg
+       google.com.ph
+       google.com.pk
+       google.com.pr
+       google.com.py
+       google.com.qa
+       google.com.sa
+       google.com.sb
+       google.com.sg
+       google.com.sl
+       google.com.sv
+       google.com.tj
+       google.com.tr
+       google.com.tw
+       google.com.ua
+       google.com.uy
+       google.com.vc
+       google.com.vn
+       google.co.mz
+       google.co.nz
+       google.co.th
+       google.co.tz
+       google.co.ug
+       google.co.uk
+       google.co.uz
+       google.co.ve
+       google.co.vi
+       google.co.za
+       google.co.zm
+       google.co.zw
+       google.cv
+       google.cz
+       google.de
+       google.dj
+       google.dk
+       google.dm
+       google.dz
+       google.ee
+       google.es
+       google.fi
+       google.fm
+       google.fr
+       google.ga
+       google.ge
+       google.gg
+       google.gl
+       google.gm
+       google.gp
+       google.gr
+       google.gy
+       google.hn
+       google.hr
+       google.ht
+       google.hu
+       google.ie
+       google.im
+       google.iq
+       google.is
+       google.it
+       google.je
+       google.jo
+       google.kg
+       google.ki
+       google.kz
+       google.la
+       google.li
+       google.lk
+       google.lt
+       google.lu
+       google.lv
+       google.md
+       google.me
+       google.mg
+       google.mk
+       google.ml
+       google.mn
+       google.ms
+       google.mu
+       google.mv
+       google.mw
+       google.ne
+       google.nl
+       google.no
+       google.nr
+       google.nu
+       google.pl
+       google.pn
+       google.ps
+       google.pt
+       google.ro
+       google.rs
+       google.ru
+       google.rw
+       google.sc
+       google.se
+       google.sh
+       google.si
+       google.sk
+       google.sm
+       google.sn
+       google.so
+       google.sr
+       google.st
+       google.td
+       google.tg
+       google.tk
+       google.tl
+       google.tm
+       google.tn
+       google.to
+       google.tt
+       google.vg
+       google.vu
+       google.ws
+)
+
  # Load optional configuration
  [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
  
@@ -481,6 +678,21 @@ fix_time_if_dns_fail() {
         fi
  }
  
+# Sets up Safe Search for various search engines
+setup_safe_search() {
+       # Nothing to do if safe search is not enabled
+       if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
+               return 0
+       fi
+
+       local domain
+
+       # Google
+       for domain in ${GOOGLE_TLDS[@]}; do
+               unbound-control local_data "${domain} CNAME forcesafesearch.google.com."
+       done
+}
+
  case "$1" in
         start)
                 # Print a nicer messagen when unbound is already running
@@ -501,6 +713,9 @@ case "$1" in
                 # Make own hostname resolveable
                 own_hostname
  
+               # Setup Safe Search
+               setup_safe_search
+
                 # Update any known forwarding name servers
                 update_forwarders
author	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 30 Apr 2019 15:15:06 +0000 (16:15 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 30 Apr 2019 15:15:06 +0000 (16:15 +0100)