knot-resolver: Implement Safe Search for the other search engines

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/knot-resolver/kresd.conf b/config/knot-resolver/kresd.conf
index 89db0993853a133823f5e0f79332431b64d9352a..1c8853a2102c2b1104ac48685f1fb32891331fdd 100644 (file)
--- a/config/knot-resolver/kresd.conf
+++ b/config/knot-resolver/kresd.conf
@@ -172,24 +172,21 @@ local GOOGLE_TLDS = {
 }
 
 -- Implements Google Safe Search
-local function safesearch_google(state, query)
-       local qname = kres.dname2str(query.sname)
+local function safesearch_google(response)
+       return function(state, query)
+               local qname = kres.dname2str(query.sname)
 
-       -- Check if we need to handle this
-       if not qname:match("^google%.") and not qname:match("^www%.google%.") then
-               return policy.PASS
-       end
+               -- Check if we need to handle this
+               if not qname:match("^google%.") and not qname:match("^www%.google%.") then
+                       return policy.PASS
+               end
 
-       -- Check if the TLD is any of the valid Google TLDs
-       for i, tld in ipairs(GOOGLE_TLDS) do
-               if qname == string.format("google.%s.", tld)
-                               or qname == string.format("www.google.%s.", tld) then
-                       return policy.ANSWER({
-                               [kres.type.CNAME] = {
-                                       rdata = kres.str2dname("forcesafesearch.google.com."),
-                                       ttl   = 60
-                               }
-                       })
+               -- Check if the TLD is any of the valid Google TLDs
+               for i, tld in ipairs(GOOGLE_TLDS) do
+                       if qname == string.format("google.%s.", tld)
+                                       or qname == string.format("www.google.%s.", tld) then
+                               return response
+                       end
                end
        end
 end
@@ -204,8 +201,48 @@ local function load_safesearch()
                return
        end
 
+       -- Helper to respond with a CNAME
+       local function response(name)
+               return policy.ANSWER({
+                       [kres.type.CNAME] = {
+                               rdata = kres.str2dname(name),
+                               ttl   = 60,
+                       }
+               })
+       end
+
        -- Enable Googe Safe Search
-       policy.add(safesearch_google)
+       policy.add(safesearch_google(response("forcesafesearch.google.com")))
+
+       -- Enable Bing Strict Search
+       policy.add(
+               policy.domains(
+                       response("strict.bing.com"),
+                       { "bing.com", "www.bing.com" }
+               )
+       )
+
+       -- Enable DuckDuckGo Safe Search
+       policy.add(
+               policy.domains(
+                       response("safe.duckduckgo.com"),
+                       { "duckduckgo.com", "www.duckduckgo.com" }
+               )
+       )
+
+       -- Enable Yandex Family Search
+       policy.add(
+               policy.domains(
+                       response("familysearch.yandex.com"),
+                       { "yandex.com", "www.yandex.com" }
+               )
+       )
+       policy.add(
+               policy.domains(
+                       response("familysearch.yandex.ru"),
+                       { "yandex.ru", "www.yandex.ru" }
+               )
+       )
 end
 
 -- Loads the Forwarding Rules