unbound is not able to expand CNAMEs in local-data. Therefore we
have to do it manually at startup.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+resolve() {
+ local hostname="${1}"
+
+ local found=0
+ local ns
+ for ns in $(read_name_servers); do
+ local answer
+ for answer in $(dig +short "@${ns}" A "${hostname}"); do
+ found=1
+
+ # Filter out non-IP addresses
+ if [[ ! "${answer}" =~ \.$ ]]; then
+ echo "${answer}"
+ fi
+ done
+
+ # End loop when we have got something
+ [ ${found} -eq 1 ] && break
+ done
+}
+
# Sets up Safe Search for various search engines
write_safe_search_conf() {
local google_tlds=(
# Sets up Safe Search for various search engines
write_safe_search_conf() {
local google_tlds=(
- echo " local-zone: bing.com transparent"
- echo " local-data: \"www.bing.com CNAME strict.bing.com.\""
+ echo " local-zone: www.bing.com transparent"
+ for address in $(resolve "strict.bing.com"); do
+ echo " local-data: \"www.bing.com ${LOCAL_TTL} IN A ${address}\""
+ done
# DuckDuckGo
echo " local-zone: duckduckgo.com transparent"
# DuckDuckGo
echo " local-zone: duckduckgo.com transparent"
- echo " local-data: \"duckduckgo.com CNAME safe.duckduckgo.com.\""
+ for address in $(resolve "safe.duckduckgo.com"); do
+ echo " local-data: \"duckduckgo.com ${LOCAL_TTL} IN A ${address}\""
+ done
+ addresses="$(resolve "forcesafesearch.google.com")"
local domain
for domain in ${google_tlds[@]}; do
echo " local-zone: ${domain} transparent"
local domain
for domain in ${google_tlds[@]}; do
echo " local-zone: ${domain} transparent"
- echo " local-data: \"www.${domain} CNAME forcesafesearch.google.com.\""
+ for address in ${addresses}; do
+ echo " local-data: \"www.${domain} ${LOCAL_TTL} IN A ${address}\""
+ done
# YouTube
echo " local-zone: youtube.com transparent"
# YouTube
echo " local-zone: youtube.com transparent"
- echo " local-data: \"www.youtube.com CNAME restrictmoderate.youtube.com.\""
+ for address in $(resolve "restrictmoderate.youtube.com"); do
+ echo " local-data: \"www.youtube.com ${LOCAL_TTL} IN A ${address}\""
+ done
) > /etc/unbound/safe-search.conf
}
) > /etc/unbound/safe-search.conf
}
+ resolve)
+ resolve "${2}"
+ ;;
+
- echo "Usage: $0 {start|stop|restart|status|update-forwarders|test-name-server}"
+ echo "Usage: $0 {start|stop|restart|status|update-forwarders|test-name-server|resolve}"