From 65ef52a33564f7fd41825aa01e0417c234690eab Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 7 Nov 2020 12:59:08 +0000 Subject: [PATCH] DNS: Make YouTube configurable for Safe Search When safe search is enabled, it is being enabled on YouTube, too. This creates problems in some scenarios like schools where politics is being tought as well as other subjects that might be censored by YouTube (i.e. election TV spots). Therefore it is now possible to exclude YouTube from Safe Search but keep it enabled for the search engines. Signed-off-by: Michael Tremer --- doc/language_issues.en | 1 + doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.it | 1 + doc/language_issues.nl | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_issues.tr | 1 + doc/language_missings | 7 ++++ html/cgi-bin/dns.cgi | 19 ++++++++++ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + src/initscripts/system/unbound | 69 +++++++++++++++++----------------- 13 files changed, 70 insertions(+), 35 deletions(-) diff --git a/doc/language_issues.en b/doc/language_issues.en index 0592f938b1..4cff0c6cb9 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -600,6 +600,7 @@ WARNING: untranslated string: dns check failed = DNS check failed WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_issues.es b/doc/language_issues.es index fd9c61b321..8d6041ce50 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -896,6 +896,7 @@ WARNING: untranslated string: dnat address = Firewall Interface WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_issues.fr b/doc/language_issues.fr index c84aab2b13..f4ed28c7db 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -877,6 +877,7 @@ WARNING: translation string unused: zoneconf val ppp assignment error WARNING: translation string unused: zoneconf val vlan amount assignment error WARNING: translation string unused: zoneconf val vlan tag assignment error WARNING: translation string unused: zoneconf val zoneslave amount error +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string WARNING: untranslated string: guardian block a host = unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index 505e73373f..08b07080e8 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -920,6 +920,7 @@ WARNING: untranslated string: dl client arch insecure = Download insecure Client WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 0f73afc86d..bde5daf3ce 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -921,6 +921,7 @@ WARNING: untranslated string: dl client arch insecure = Download insecure Client WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_issues.pl b/doc/language_issues.pl index fd9c61b321..8d6041ce50 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -896,6 +896,7 @@ WARNING: untranslated string: dnat address = Firewall Interface WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_issues.ru b/doc/language_issues.ru index bf1d976e9d..6235f33fd5 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -899,6 +899,7 @@ WARNING: untranslated string: dnat address = Firewall Interface WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_issues.tr b/doc/language_issues.tr index b2c24de572..b61f3740a4 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -897,6 +897,7 @@ WARNING: untranslated string: disconnected = Disconnected WARNING: untranslated string: dns check servers = Check DNS Servers WARNING: untranslated string: dns configuration = DNS Configuration WARNING: untranslated string: dns enable safe-search = Enable Safe Search +WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search WARNING: untranslated string: dns forward disable dnssec = Disable DNSSEC (dangerous) WARNING: untranslated string: dns forwarding dnssec disabled notice = (DNSSEC disabled) WARNING: untranslated string: dns isp assigned nameserver = ISP-assigned DNS server diff --git a/doc/language_missings b/doc/language_missings index d79afff83d..638a7cc42c 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -239,6 +239,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dnsforward < dnsforward add a new entry < dnsforward configuration @@ -950,6 +951,7 @@ < ansi t1.483 < bewan adsl pci st < bewan adsl usb +< dns enable safe-search youtube < g.dtm < g.lite < upload fcdsl.o @@ -1052,6 +1054,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dns forward disable dnssec < dnsforward dnssec disabled < dnsforward forward_servers @@ -1431,6 +1434,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dns forward disable dnssec < dnsforward dnssec disabled < dnsforward forward_servers @@ -1922,6 +1926,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dnsforward < dnsforward add a new entry < dnsforward configuration @@ -2790,6 +2795,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dnsforward < dnsforward add a new entry < dnsforward configuration @@ -3513,6 +3519,7 @@ < dns configuration < dns could not add server < dns enable safe-search +< dns enable safe-search youtube < dns forward disable dnssec < dnsforward dnssec disabled < dnsforward forward_servers diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi index 762e77ff1d..5c3ca875da 100755 --- a/html/cgi-bin/dns.cgi +++ b/html/cgi-bin/dns.cgi @@ -87,6 +87,10 @@ if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) { $cgiparams{'ENABLE_SAFE_SEARCH'} = "off"; } + if ($cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} ne "on") { + $cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} = "off"; + } + # Check if using ISP nameservers and TLS is enabled at the same time. if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) { $errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'} @@ -259,6 +263,7 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L # Hash to store the generic DNS settings. my %settings = (); +$settings{"ENABLE_SAFE_SEARCH_YOUTUBE"} = "on"; # Read-in general DNS settings. &General::readhash("$settings_file", \%settings); @@ -310,6 +315,10 @@ $checked{'ENABLE_SAFE_SEARCH'}{'off'} = ''; $checked{'ENABLE_SAFE_SEARCH'}{'on'} = ''; $checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'"; +$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'off'} = ''; +$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'} = ''; +$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{$settings{'ENABLE_SAFE_SEARCH_YOUTUBE'}} = "checked='checked'"; + $selected{'PROTO'}{'UDP'} = ''; $selected{'PROTO'}{'TLS'} = ''; $selected{'PROTO'}{'TCP'} = ''; @@ -381,6 +390,16 @@ sub show_general_dns_configuration () { + + + » $Lang::tr{'dns enable safe-search youtube'} + + + + + + +
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index d4dad76522..4a2a9e2e04 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -828,6 +828,7 @@ 'dns configuration' => 'DNS-Konfiguration', 'dns desc' => 'Wenn auf Schnittstelle red0 die IP-Adressinformationen über DHCP vom Provider kommen, werden automatisch die DNS-Server-Adressen des Providers gesetzt. Hier können Sie nun diese mit den eigenen DNS-Server-IP-Adressen überschreiben.', 'dns enable safe-search' => 'Safe Search via DNS aktivieren', +'dns enable safe-search youtube' => 'YouTube in Safe Search einbeziehen', 'dns error 0' => 'Die IP Adresse vom primären DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!
Die eingegebene sekundären DNS Server Adresse ist jedoch gültig.
', 'dns error 01' => 'Die eingegebene IP Adresse des primären wie auch des sekundären DNS-Servers sind nicht gültig, bitte überprüfen Sie Ihre Eingaben!', 'dns error 1' => 'Die IP Adresse vom sekundären DNS Server ist nicht gültig, bitte überprüfen Sie Ihre Eingabe!
Die eingegebene primäre DNS Server Adresse ist jedoch gültig.', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 19a5eb02f9..1151da08d5 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -851,6 +851,7 @@ 'dns could not add server' => 'Could not add server - Reason:', 'dns desc' => 'If the red0 interface gets the IP address information via DHCP from the provider, the DNS server addresses will be set automatically. Now here you are able to change these DNS server IP addresses with your own ones.', 'dns enable safe-search' => 'Enable Safe Search', +'dns enable safe-search youtube' => 'Include YouTube in Safe Search', 'dns error 0' => 'The IP address of the primary DNS server is not valid, please check your entries!
The entered secondary DNS server address is valid.', 'dns error 01' => 'The entered IP address of the primary and secondary DNS server are not valid, please check your entries!', 'dns error 1' => 'The IP address of the secondary DNS server is not valid, please check your entries!
The entered primary DNS server address is valid.', diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index acbf6f5b52..5c5d2e3f41 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -502,45 +502,44 @@ update_safe_search() { unbound-control local_zone_remove "${domain}" done >/dev/null - # Nothing to do if safe search is not enabled - if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then - return 0 - fi - - # Bing - unbound-control bing.com transparent >/dev/null - for address in $(resolve "strict.bing.com"); do - unbound-control local_data "www.bing.com ${LOCAL_TTL} IN A ${address}" - done >/dev/null - - # DuckDuckGo - unbound-control local_zone duckduckgo.com typetransparent >/dev/null - for address in $(resolve "safe.duckduckgo.com"); do - unbound-control local_data "duckduckgo.com ${LOCAL_TTL} IN A ${address}" - done >/dev/null - - # Google - local addresses="$(resolve "forcesafesearch.google.com")" - for domain in ${google_tlds[@]}; do - unbound-control local_zone "${domain}" transparent >/dev/null - for address in ${addresses}; do - unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}" + if [ "${ENABLE_SAFE_SEARCH}" = "on" ]; then + # Bing + unbound-control bing.com transparent >/dev/null + for address in $(resolve "strict.bing.com"); do + unbound-control local_data "www.bing.com ${LOCAL_TTL} IN A ${address}" done >/dev/null - done - # Yandex - for domain in yandex.com yandex.ru; do - unbound-control local_zone "${domain}" typetransparent >/dev/null - for address in $(resolve "familysearch.${domain}"); do - unbound-control local_data "${domain} ${LOCAL_TTL} IN A ${address}" + # DuckDuckGo + unbound-control local_zone duckduckgo.com typetransparent >/dev/null + for address in $(resolve "safe.duckduckgo.com"); do + unbound-control local_data "duckduckgo.com ${LOCAL_TTL} IN A ${address}" done >/dev/null - done - # YouTube - unbound-control local_zone youtube.com transparent >/dev/null - for address in $(resolve "restrictmoderate.youtube.com"); do - unbound-control local_data "www.youtube.com ${LOCAL_TTL} IN A ${address}" - done >/dev/null + # Google + local addresses="$(resolve "forcesafesearch.google.com")" + for domain in ${google_tlds[@]}; do + unbound-control local_zone "${domain}" transparent >/dev/null + for address in ${addresses}; do + unbound-control local_data "www.${domain} ${LOCAL_TTL} IN A ${address}" + done >/dev/null + done + + # Yandex + for domain in yandex.com yandex.ru; do + unbound-control local_zone "${domain}" typetransparent >/dev/null + for address in $(resolve "familysearch.${domain}"); do + unbound-control local_data "${domain} ${LOCAL_TTL} IN A ${address}" + done >/dev/null + done + + # YouTube + if [ "${ENABLE_SAFE_SEARCH_YOUTUBE}" = "on" ]; then + unbound-control local_zone youtube.com transparent >/dev/null + for address in $(resolve "restrictmoderate.youtube.com"); do + unbound-control local_data "www.youtube.com ${LOCAL_TTL} IN A ${address}" + done >/dev/null + fi + fi return 0 } -- 2.39.2