From: Michael Tremer Date: Wed, 13 May 2026 16:26:57 +0000 (+0100) Subject: knot-resolver: Build a prototype for Google SafeSearch X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=82115f3dd80552f89f2e70cb9f5c72e29c77ced8;p=ipfire-2.x.git knot-resolver: Build a prototype for Google SafeSearch Signed-off-by: Michael Tremer --- diff --git a/config/knot-resolver/kresd.conf b/config/knot-resolver/kresd.conf index b4541516f..eacdef8cb 100644 --- a/config/knot-resolver/kresd.conf +++ b/config/knot-resolver/kresd.conf @@ -200,6 +200,59 @@ end -- Safe serach -- XXX: TO DO +local google_tlds = { + "com", + + -- ccTLDs + "ad", "ae", "al", "am", "as", "at", "az", "ba", "be", "bf", "bg", "bi", "bj", + "bs", "bt", "by", "ca", "cat", "cd", "cf", "cg", "ch", "ci", "cl", "cm", "cn", + "cv", "cz", "de", "dj", "dk", "dm", "dz", "ee", "es", "fi", "fm", "fr", "ga", + "ge", "gg", "gl", "gm", "gr", "gy", "hn", "hr", "ht", "hu", "ie", "im", "iq", + "is", "it", "je", "jo", "kg", "ki", "kz", "la", "li", "lk", "lt", "lu", "lv", + "md", "me", "mg", "mk", "ml", "mn", "mu", "mv", "mw", "ne", "nl", "no", "nr", + "nu", "pl", "pn", "ps", "pt", "ro", "rs", "ru", "rw", "sc", "se", "sh", "si", + "sk", "sm", "sn", "so", "sr", "st", "td", "tg", "tl", "tm", "tn", "to", "tt", + "vu", "ws", + + -- co.* + "co.ao", "co.bw", "co.ck", "co.cr", "co.id", "co.il", "co.in", "co.jp", "co.ke", + "co.kr", "co.ls", "co.ma", "co.mz", "co.nz", "co.th", "co.tz", "co.ug", "co.uk", + "co.uz", "co.ve", "co.vi", "co.za", "co.zm", "co.zw", + + -- com.* + "com.af", "com.ag", "com.ar", "com.au", "com.bd", "com.bh", "com.bn", "com.bo", + "com.br", "com.bz", "com.co", "com.cu", "com.cy", "com.do", "com.ec", "com.eg", + "com.et", "com.fj", "com.gh", "com.gi", "com.gt", "com.hk", "com.jm", "com.kh", + "com.kw", "com.lb", "com.ly", "com.mm", "com.mt", "com.mx", "com.my", "com.na", + "com.ng", "com.ni", "com.np", "com.om", "com.pa", "com.pe", "com.pg", "com.ph", + "com.pk", "com.pr", "com.py", "com.qa", "com.sa", "com.sb", "com.sg", "com.sl", + "com.sv", "com.tj", "com.tr", "com.tw", "com.ua", "com.uy", "com.vc", "com.vn" +} + +local function safesearch_google(state, query) + local qname = kres.dname2str(query.sname) + + -- Check if we need to handle this + if not qname:match("^google%.") and not qname:match("^www%.google%.") then + return policy.PASS + end + + -- Check if the TLD is any of the valid Google TLDs + for i, tld in ipairs(google_tlds) do + if qname == string.format("google.%s.", tld) + or qname == string.format("www.google.%s.", tld) then + return policy.ANSWER({ + [kres.type.CNAME] = { + rdata = kres.str2dname("forcesafesearch.google.com."), + ttl = 60 + } + }) + end + end +end + +policy.add(safesearch_google) + -- RPZ -- XXX: TO DO - RPZ files needs to be declared once and then passed to a view (ACL) to prevent from loading -- the same RPZ file multiple times