X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=src%2Finitscripts%2Fsystem%2Funbound;h=34b3e06fda5179fdca1b963c0210b213d2d15fff;hp=520525ea140c96971dfa72947cb6e7451cd287e2;hb=e263c29c929e69e345833f436d4958d88264020c;hpb=9f0295a5129bed325ba37aaa1e39303fef0a6c9f

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 520525ea14..34b3e06fda 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -482,6 +482,27 @@ fix_time_if_dns_fail() {
 	fi
 }
 
+resolve() {
+	local hostname="${1}"
+
+	local found=0
+	local ns
+	for ns in $(read_name_servers); do
+		local answer
+		for answer in $(dig +short "@${ns}" A "${hostname}"); do
+			found=1
+
+			# Filter out non-IP addresses
+			if [[ ! "${answer}" =~ \.$ ]]; then
+				echo "${answer}"
+			fi
+		done
+
+		# End loop when we have got something
+		[ ${found} -eq 1 ] && break
+	done
+}
+
 # Sets up Safe Search for various search engines
 write_safe_search_conf() {
 	local google_tlds=(
@@ -691,26 +712,39 @@ write_safe_search_conf() {
 
 		# Bing
 		echo "	local-zone: bing.com transparent"
-		echo "	local-data: \"www.bing.com CNAME strict.bing.com.\""
+		for address in $(resolve "strict.bing.com"); do
+			echo "	local-data: \"www.bing.com ${LOCAL_TTL} IN A ${address}\""
+		done
 
 		# DuckDuckGo
-		echo "	local-zone: duckduckgo.com transparent"
-		echo "	local-data: \"duckduckgo.com CNAME safe.duckduckgo.com.\""
+		echo "	local-zone: duckduckgo.com typetransparent"
+		for address in $(resolve "safe.duckduckgo.com"); do
+			echo "	local-data: \"duckduckgo.com ${LOCAL_TTL} IN A ${address}\""
+		done
 
 		# Google
+		addresses="$(resolve "forcesafesearch.google.com")"
 		local domain
 		for domain in ${google_tlds[@]}; do
 			echo "	local-zone: ${domain} transparent"
-			echo "	local-data: \"www.${domain} CNAME forcesafesearch.google.com.\""
+			for address in ${addresses}; do
+				echo "	local-data: \"www.${domain} ${LOCAL_TTL} IN A ${address}\""
+			done
 		done
 
 		# Yandex
-		echo "	local-zone: yandex.ru transparent"
-		echo "	local-data: \"yandex.ru A 213.180.193.56\""
+		for domain in yandex.com yandex.ru; do
+			echo "	local-zone: ${domain} typetransparent"
+			for address in $(resolve "familysearch.${domain}"); do
+				echo "	local-data: \"${domain} ${LOCAL_TTL} IN A ${address}\""
+			done
+		done
 
 		# YouTube
 		echo "	local-zone: youtube.com transparent"
-		echo "	local-data: \"www.youtube.com CNAME restrictmoderate.youtube.com.\""
+		for address in $(resolve "restrictmoderate.youtube.com"); do
+			echo "	local-data: \"www.youtube.com ${LOCAL_TTL} IN A ${address}\""
+		done
 	) > /etc/unbound/safe-search.conf
 }
 
@@ -809,8 +843,12 @@ case "$1" in
 		exit ${ret}
 		;;
 
+	resolve)
+		resolve "${2}"
+		;;
+
 	*)
-		echo "Usage: $0 {start|stop|restart|status|update-forwarders|test-name-server}"
+		echo "Usage: $0 {start|stop|restart|status|update-forwarders|test-name-server|resolve}"
 		exit 1
 		;;
 esac