Contributed by Ilya Bakulin, 2012-08-28.
* patch_rsamd5_enable.diff: this patch enables RSAMD5 validation (otherwise
it is treated as insecure). The RSAMD5 algorithm is deprecated (RFC6725).
+* create_unbound_ad_servers.sh: shell script to enter anti-ad server lists.
* create_unbound_ad_servers.cmd: windows script to enter anti-ad server lists.
+* unbound_cache.sh: shell script to save and load the cache.
* unbound_cache.cmd: windows script to save and load the cache.
+* warmup.sh: shell script to warm up DNS cache by your own MRU domains.
+* warmup.cmd: windows script to warm up DNS cache by your own MRU domains.
set list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D="
rem Check Wget installed
-for /f "delims=" %%a in ('where wget') do @set wget="%%a"
-if /I %wget% == "" (
-echo Wget not found. If installed, add path to PATH environment variable.
-exit 1
-)
+for /f "delims=" %%a in ('where wget') do @set wget=%%a
+if /I "%wget%"=="" echo Wget not found. If installed, add path to PATH environment variable. & exit 1
echo Wget found: %wget%
-%wget% -O %work_dir%\yoyo_ad_servers %list_addr%
+"%wget%" -O %work_dir%\yoyo_ad_servers %list_addr%
del /Q /F /S %dst_dir%\unbound_ad_servers
--- /dev/null
+#!/bin/sh
+#
+# Convert the Yoyo.org anti-ad server listing
+# into an unbound dns spoof redirection list.
+# Modified by Y.Voinov (c) 2014
+
+# Note: Wget required!
+
+# Variables
+dst_dir="/etc/opt/csw/unbound"
+work_dir="/tmp"
+list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D="
+
+# OS commands
+CAT=`which cat`
+ECHO=`which echo`
+WGET=`which wget`
+
+# Check Wget installed
+if [ ! -f $WGET ]; then
+ echo "Wget not found. Exiting..."
+ exit 1
+fi
+
+$WGET -O $work_dir/yoyo_ad_servers "$list_addr" && \
+$CAT $work_dir/yoyo_ad_servers | \
+while read line ; \
+ do \
+ $ECHO "local-zone: \"$line\" redirect" ;\
+ $ECHO "local-data: \"$line A 127.0.0.1\"" ;\
+ done > \
+$dst_dir/unbound_ad_servers
+
+echo "Done."
+# then add an include line to your unbound.conf pointing to the full path of
+# the unbound_ad_servers file:
+#
+# include: $dst_dir/unbound_ad_servers
+#
\ No newline at end of file
--- /dev/null
+#!/sbin/sh
+#
+# --------------------------------------------------------------
+# -- DNS cache save/load script
+# --
+# -- Version 1.0
+# -- By Yuri Voinov (c) 2006, 2014
+# --------------------------------------------------------------
+#
+# ident "@(#)unbound_cache.sh 1.1 14/04/26 YV"
+#
+
+#############
+# Variables #
+#############
+
+# Installation base dir
+CONF="/etc/opt/csw/unbound"
+BASE="/opt/csw"
+
+# Unbound binaries
+UC="$BASE/sbin/unbound-control"
+FNAME="unbound_cache.dmp"
+
+# OS utilities
+BASENAME=`which basename`
+CAT=`which cat`
+CUT=`which cut`
+ECHO=`which echo`
+GETOPT=`which getopt`
+ID=`which id`
+PRINTF=`which printf`
+
+###############
+# Subroutines #
+###############
+
+usage_note ()
+{
+# Script usage note
+ $ECHO "Usage: `$BASENAME $0` [-s] or [-l] or [-r] or [-h]"
+ $ECHO
+ $ECHO "l - Load - default mode. Warming up Unbound DNS cache from saved file. cache-ttl must be high value."
+ $ECHO "s - Save - save Unbound DNS cache contents to plain file with domain names."
+ $ECHO "r - Reload - reloadind new cache entries and refresh existing cache"
+ $ECHO "h - this screen."
+ $ECHO "Note: Run without any arguments will be in default mode."
+ $ECHO " Also, unbound-control must be configured."
+ exit 0
+}
+
+root_check ()
+{
+ if [ ! `$ID | $CUT -f1 -d" "` = "uid=0(root)" ]; then
+ $ECHO "ERROR: You must be super-user to run this script."
+ exit 1
+ fi
+}
+
+check_uc ()
+{
+ if [ ! -f "$UC" ]; then
+ $ECHO .
+ $ECHO "ERROR: $UC not found. Exiting..."
+ exit 1
+ fi
+}
+
+check_saved_file ()
+{
+ if [ ! -f "$CONF/$FNAME" ]; then
+ $ECHO .
+ $ECHO "ERROR: File $CONF/$FNAME does not exists. Save it first."
+ exit 1
+ fi
+}
+
+save_cache ()
+{
+ # Save unbound cache
+ $PRINTF "Saving cache in $CONF/$FNAME..."
+ $UC dump_cache>$CONF/$FNAME
+ $ECHO "ok"
+}
+
+load_cache ()
+{
+ # Load saved cache contents and warmup DNS cache
+ $PRINTF "Loading cache from saved $CONF/$FNAME..."
+ check_saved_file
+ $CAT $CONF/$FNAME|$UC load_cache
+}
+
+reload_cache ()
+{
+ # Reloading and refresh existing cache and saved dump
+ save_cache
+ load_cache
+}
+
+##############
+# Main block #
+##############
+
+# Root check
+root_check
+
+# Check unbound-control
+check_uc
+
+# Check command-line arguments
+if [ "x$1" = "x" ]; then
+# If arguments list empty, load cache by default
+ load_cache
+else
+ arg_list=$1
+ # Parse command line
+ set -- `$GETOPT sSlLrRhH: $arg_list` || {
+ usage_note 1>&2
+ }
+
+ # Read arguments
+ for i in $arg_list
+ do
+ case $i in
+ -s | -S) save_cache;;
+ -l | -L) load_cache;;
+ -r | -R) reload_cache;;
+ -h | -H | \?) usage_note;;
+ esac
+ break
+ done
+fi
+
+exit 0
\ No newline at end of file
--- /dev/null
+@echo off\r
+\r
+rem --------------------------------------------------------------\r
+rem -- Warm up DNS cache script by your own MRU domains\r
+rem --\r
+rem -- Version 1.0\r
+rem -- By Yuri Voinov (c) 2014\r
+rem --------------------------------------------------------------\r
+\r
+rem Check dig installed\r
+for /f "delims=" %%a in ('where dig') do @set dig=%%a\r
+if /I "%dig%"=="" echo Dig not found. If installed, add path to PATH environment variable. & exit 1\r
+echo Dig found: %dig%\r
+\r
+echo Warming up cache by MRU domains...\r
+rem dig -f my_domains 1>nul 2>nul\r
+rem echo Done.\r
+\r
+for %%a in (\r
+mail.ru\r
+my.mail.ru\r
+mra.mail.ru\r
+agent.mail.ru\r
+news.mail.ru\r
+icq.com\r
+lenta.ru\r
+gazeta.ru\r
+peerbet.ru\r
+www.opennet.ru\r
+snob.ru\r
+artlebedev.ru\r
+mail.google.com\r
+translate.google.com\r
+drive.google.com\r
+google.com\r
+google.kz\r
+drive.google.com\r
+blogspot.com\r
+farmanager.com\r
+forum.farmanager.com\r
+plugring.farmanager.com\r
+symantec.com\r
+symantecliveupdate.com\r
+shalla.de\r
+torstatus.blutmagie.de\r
+torproject.org\r
+dnscrypt.org\r
+unbound.net\r
+getsharex.com\r
+skype.com\r
+vlc.org\r
+aimp.ru\r
+mozilla.org\r
+libreoffice.org\r
+piriform.com\r
+raidcall.com\r
+nvidia.com\r
+intel.com\r
+microsoft.com\r
+windowsupdate.com\r
+ru.wikipedia.org\r
+www.bbc.co.uk\r
+tengrinews.kz\r
+) do "%dig%" %%a 1>nul 2>nul\r
+\r
+echo Saving cache...\r
+unbound_cache.cmd -s\r
+echo Done.\r
--- /dev/null
+#!/bin/sh
+
+# --------------------------------------------------------------
+# -- Warm up DNS cache script by your own MRU domains
+# --
+# -- Version 1.0
+# -- By Yuri Voinov (c) 2014
+# --------------------------------------------------------------
+
+dig=`which dig`
+
+echo "Warming up cache by MRU domains..."
+$dig -f - >/dev/null 2>&1 <<EOT
+mail.ru
+my.mail.ru
+mra.mail.ru
+agent.mail.ru
+news.mail.ru
+icq.com
+lenta.ru
+gazeta.ru
+peerbet.ru
+www.opennet.ru
+snob.ru
+artlebedev.ru
+mail.google.com
+translate.google.com
+drive.google.com
+google.com
+google.kz
+drive.google.com
+blogspot.com
+farmanager.com
+forum.farmanager.com
+plugring.farmanager.com
+symantec.com
+symantecliveupdate.com
+shalla.de
+torstatus.blutmagie.de
+torproject.org
+dnscrypt.org
+unbound.net
+getsharex.com
+skype.com
+vlc.org
+aimp.ru
+mozilla.org
+libreoffice.org
+piriform.com
+raidcall.com
+nvidia.com
+intel.com
+microsoft.com
+windowsupdate.com
+ru.wikipedia.org
+www.bbc.co.uk
+tengrinews.kz
+EOT
+echo "Done."
+
+echo "Saving cache..."
+/usr/local/bin/unbound_cache.sh -s
+echo "Done."
+
+exit 0
+16 May 2014: Wouter
+ - Updated create_unbound_ad_servers and unbound_cache scripts from
+ Yuri Voinov in the source/contrib directory. Added
+ warmup.cmd (and .sh): warm up the DNS cache with your MRU domains.
+
9 May 2014: Wouter
- Implement draft-ietf-dnsop-rfc6598-rfc6303-01.
- iana portlist updated.
rem Check OpenSSL installed
for /f "delims=" %%a in ('where openssl') do @set SSL_PROGRAM=%%a
-if /I %SSL_PROGRAM%=="" (
-echo SSL not found. If installed, add path to PATH environment variable.
-exit 1
-)
+if /I "%SSL_PROGRAM%"=="" echo SSL not found. If installed, add path to PATH environment variable. & exit 1
echo SSL found: %SSL_PROGRAM%
set arg=%1
goto next
)
echo generating %SVR_BASE%.key
-%SSL_PROGRAM% genrsa -out %SVR_BASE%.key %BITS% || echo could not genrsa && exit 1
+"%SSL_PROGRAM%" genrsa -out %SVR_BASE%.key %BITS% || echo could not genrsa && exit 1
:next
if exist %CTL_BASE%.key (
goto next2
)
echo generating %CTL_BASE%.key
-%SSL_PROGRAM% genrsa -out %CTL_BASE%.key %BITS% || echo could not genrsa && exit 1
+"%SSL_PROGRAM%" genrsa -out %CTL_BASE%.key %BITS% || echo could not genrsa && exit 1
:next2
rem create self-signed cert for server
)
echo create %SVR_BASE%.pem (self signed certificate)
-%SSL_PROGRAM% req -key %SVR_BASE%.key -config request.cfg -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1
+"%SSL_PROGRAM%" req -key %SVR_BASE%.key -config request.cfg -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1
rem create trusted usage pem
-%SSL_PROGRAM% x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem
+"%SSL_PROGRAM%" x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem
rem create client request and sign it
if exist request.cfg (del /F /Q /S request.cfg)
)
echo create %CTL_BASE%.pem (signed client certificate)
-%SSL_PROGRAM% req -key %CTL_BASE%.key -config request.cfg -new | %SSL_PROGRAM% x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem
+"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem
if not exist %CTL_BASE%.pem (
echo could not create %CTL_BASE%.pem
exit 1
)
rem create trusted usage pem
-rem %SSL_PROGRAM% x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem
+rem "%SSL_PROGRAM%" x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem
-rem see details with %SSL_PROGRAM% x509 -noout -text < %SVR_BASE%.pem
+rem see details with "%SSL_PROGRAM%" x509 -noout -text < %SVR_BASE%.pem
rem echo "create %CTL_BASE%_browser.pfx (web client certificate)"
rem echo "create webbrowser PKCSrem12 .PFX certificate file. In Firefox import in:"
rem echo "preferences - advanced - encryption - view certificates - your certs"
rem echo "empty password is used, simply click OK on the password dialog box."
-rem %SSL_PROGRAM% pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1
+rem "%SSL_PROGRAM%" pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1
rem remove crap
del /F /Q /S request.cfg
echo default: %DESTDIR%
echo please run this command using the same user id that the
echo unbound daemon uses, it needs read privileges.
-exit 1
\ No newline at end of file
+exit 1
projects / thirdparty / unbound.git / commitdiff
