knot-resolver: Build a prototype for Google SafeSearch

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/knot-resolver/kresd.conf b/config/knot-resolver/kresd.conf
index b4541516ffa3765f8df81f7a66530c260f7d35a9..eacdef8cb181c757515fb9f5b67bc919a2bb924e 100644 (file)
--- a/config/knot-resolver/kresd.conf
+++ b/config/knot-resolver/kresd.conf
@@ -200,6 +200,59 @@ end
 -- Safe serach
 -- XXX: TO DO
 
+local google_tlds = {
+       "com",
+
+       -- ccTLDs
+       "ad", "ae", "al", "am", "as", "at", "az", "ba", "be", "bf", "bg", "bi", "bj",
+       "bs", "bt", "by", "ca", "cat", "cd", "cf", "cg", "ch", "ci", "cl", "cm", "cn",
+       "cv", "cz", "de", "dj", "dk", "dm", "dz", "ee", "es", "fi", "fm", "fr", "ga",
+       "ge", "gg", "gl", "gm", "gr", "gy", "hn", "hr", "ht", "hu", "ie", "im", "iq",
+       "is", "it", "je", "jo", "kg", "ki", "kz", "la", "li", "lk", "lt", "lu", "lv",
+       "md", "me", "mg", "mk", "ml", "mn", "mu", "mv", "mw", "ne", "nl", "no", "nr",
+       "nu", "pl", "pn", "ps", "pt", "ro", "rs", "ru", "rw", "sc", "se", "sh", "si",
+       "sk", "sm", "sn", "so", "sr", "st", "td", "tg", "tl", "tm", "tn", "to", "tt",
+       "vu", "ws",
+
+       -- co.*
+       "co.ao", "co.bw", "co.ck", "co.cr", "co.id", "co.il", "co.in", "co.jp", "co.ke",
+       "co.kr", "co.ls", "co.ma", "co.mz", "co.nz", "co.th", "co.tz", "co.ug", "co.uk",
+       "co.uz", "co.ve", "co.vi", "co.za", "co.zm", "co.zw",
+
+       -- com.*
+       "com.af", "com.ag", "com.ar", "com.au", "com.bd", "com.bh", "com.bn", "com.bo",
+       "com.br", "com.bz", "com.co", "com.cu", "com.cy", "com.do", "com.ec", "com.eg",
+       "com.et", "com.fj", "com.gh", "com.gi", "com.gt", "com.hk", "com.jm", "com.kh",
+       "com.kw", "com.lb", "com.ly", "com.mm", "com.mt", "com.mx", "com.my", "com.na",
+       "com.ng", "com.ni", "com.np", "com.om", "com.pa", "com.pe", "com.pg", "com.ph",
+       "com.pk", "com.pr", "com.py", "com.qa", "com.sa", "com.sb", "com.sg", "com.sl",
+       "com.sv", "com.tj", "com.tr", "com.tw", "com.ua", "com.uy", "com.vc", "com.vn"
+}
+
+local function safesearch_google(state, query)
+       local qname = kres.dname2str(query.sname)
+
+       -- Check if we need to handle this
+       if not qname:match("^google%.") and not qname:match("^www%.google%.") then
+               return policy.PASS
+       end
+
+       -- Check if the TLD is any of the valid Google TLDs
+       for i, tld in ipairs(google_tlds) do
+               if qname == string.format("google.%s.", tld)
+                               or qname == string.format("www.google.%s.", tld) then
+                       return policy.ANSWER({
+                               [kres.type.CNAME] = {
+                                       rdata = kres.str2dname("forcesafesearch.google.com."),
+                                       ttl   = 60
+                               }
+                       })
+               end
+       end
+end
+
+policy.add(safesearch_google)
+
 -- RPZ
 -- XXX: TO DO - RPZ files needs to be declared once and then passed to a view (ACL) to prevent from loading
 --     the same RPZ file multiple times