dns/bind: version 1.3

2026-05-28 04:34:15 -04:00 · 2018-12-11 09:53:20 +01:00 · 2018-12-11 09:53:20 +01:00 · 74c7d46a81
commit 74c7d46a81
parent 66c8fc4601
10 changed files with 81 additions and 9 deletions
--- a/dns/bind/Makefile
+++ b/dns/bind/Makefile
@ -1,6 +1,5 @@
 PLUGIN_NAME=		bind
-PLUGIN_VERSION=		1.2
-PLUGIN_REVISION=    1
+PLUGIN_VERSION=		1.3
 PLUGIN_COMMENT=		BIND domain name service
 PLUGIN_DEPENDS=		bind912
 PLUGIN_MAINTAINER=	m.muenz@gmail.com
--- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml
+++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml
@ -1,7 +1,7 @@
 <form>
    <field>
        <id>dnsbl.enabled</id>
-        <label>Enable DNSBL</label>
+        <label>Enable DNSBL and RPZ</label>
        <type>checkbox</type>
        <help>This will enable the use of DNS Blocklists for ADs, Malware, or both.</help>
    </field>
@ -19,4 +19,16 @@
        <allownew>true</allownew>
        <help>List of domains to whitelist. It will add a entry for the domains itself and all sub domains.</help>
    </field>
+    <field>
+        <id>dnsbl.forcesafegoogle</id>
+        <label>Enable Google SafeSearch</label>
+        <type>checkbox</type>
+        <help>This will force SafeSearch.</help>
+    </field>
+    <field>
+        <id>dnsbl.forcesafeyoutube</id>
+        <label>Enable Youtube Adult Restrictions</label>
+        <type>checkbox</type>
+        <help>This will force safe Youtube browsing.</help>
+    </field>
 </form>
--- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml
+++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml
@ -1,7 +1,7 @@
 <model>
    <mount>//OPNsense/bind/dnsbl</mount>
    <description>DNSBL configuration</description>
-    <version>1.0.3</version>
+    <version>1.0.4</version>
    <items>
        <enabled type="BooleanField">
            <default>0</default>
@ -28,5 +28,13 @@
        <whitelists type="CSVListField">
            <Required>N</Required>
        </whitelists>
+        <forcesafegoogle type="BooleanField">
+            <default>0</default>
+            <Required>Y</Required>
+        </forcesafegoogle>
+        <forcesafeyoutube type="BooleanField">
+            <default>0</default>
+            <Required>Y</Required>
+        </forcesafeyoutube>
    </items>
 </model>
--- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
+++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
@ -1,12 +1,16 @@
 <model>
    <mount>//OPNsense/bind/general</mount>
    <description>BIND configuration</description>
-    <version>1.0.3</version>
+    <version>1.0.4</version>
    <items>
        <enabled type="BooleanField">
            <default>0</default>
            <Required>Y</Required>
        </enabled>
+        <enablerpz type="BooleanField">
+            <default>1</default>
+            <Required>Y</Required>
+        </enablerpz>
        <listenv4 type="NetworkField">
            <default>127.0.0.1</default>
            <FieldSeparator>,</FieldSeparator>
--- a/dns/bind/src/opnsense/scripts/OPNsense/Bind/dnsbl.sh
+++ b/dns/bind/src/opnsense/scripts/OPNsense/Bind/dnsbl.sh
@ -137,7 +137,14 @@ install() {
 	rm -rf ${WORKDIR}
 }

-for CAT in $(echo ${1} | tr ',' ' '); do
+DNSBL=${1}
+
+if [ -z "${DNSBL}" ]; then
+	. /etc/rc.conf.d/named
+	DNSBL=${named_dnsbl}
+fi
+
+for CAT in $(echo ${DNSBL} | tr ',' ' '); do
 	case "${CAT}" in
 	aa)
 		adaway
--- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/+TARGETS
+++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/+TARGETS
@ -1,6 +1,8 @@
 blacklist.db:/usr/local/etc/namedb/master/blacklist.db
+google.db:/usr/local/etc/namedb/master/google.db
 named:/etc/rc.conf.d/named
 named.conf:/usr/local/etc/namedb/named.conf
 rndc.conf:/usr/local/etc/namedb/rndc.conf
 whitelist.db:/usr/local/etc/namedb/master/whitelist.db
 whitelist.inc:/usr/local/etc/namedb/whitelist.inc
+youtube.db:/usr/local/etc/namedb/master/youtube.db
--- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/google.db
+++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/google.db
@ -0,0 +1,12 @@
+$TTL    86400
+@       IN      SOA     opnsense.localdomain. hostmaster.opnsense.localdomain. (
+               2018111401
+                    28800
+                     7200
+                   864000
+                     3600 )
+@               NS      localhost.
+{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}
+google.com                IN CNAME forcesafesearch.google.com.
+www.google.com            IN CNAME forcesafesearch.google.com.
+{% endif %}
--- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named
+++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named
@ -1,5 +1,10 @@
 {% if helpers.exists('OPNsense.bind.general.enabled') and OPNsense.bind.general.enabled == '1' %}
 named_var_script="/usr/local/opnsense/scripts/OPNsense/Bind/setup.sh"
+{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
+{% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}
+named_dnsbl="{{ OPNsense.bind.dnsbl.type }}"
+{% endif %}
+{% endif %}
 named_enable="YES"
 {% else %}
 named_enable="NO"
--- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
+++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
@ -27,9 +27,7 @@ options {
 {% endif %}

 {% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
-{%   if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}
-        response-policy { zone "whitelist.localdomain"; zone "blacklist.localdomain"; };
-{%   endif %}
+        response-policy { {% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}zone "whitelist.localdomain"; zone "blacklist.localdomain";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}zone "rpzgoogle";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}zone "rpzyoutube";{% endif %} };
 {% endif %}

 {% if helpers.exists('OPNsense.bind.general.recursion') and OPNsense.bind.general.recursion != '' %}
@ -72,6 +70,16 @@ zone "whitelist.localdomain" { type master; file "/usr/local/etc/namedb/master/w
 zone "blacklist.localdomain" { type master; file "/usr/local/etc/namedb/master/blacklist.db"; notify no; check-names ignore; };
 {%   endif %}
 {% endif %}
+{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
+{%   if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}
+zone "rpzgoogle" { type master; file "/usr/local/etc/namedb/master/google.db"; notify no; check-names ignore; };
+{%   endif %}
+{% endif %}
+{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
+{%   if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}
+zone "rpzyoutube" { type master; file "/usr/local/etc/namedb/master/youtube.db"; notify no; check-names ignore; };
+{%   endif %}
+{% endif %}

 logging {
        channel default_log {
--- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/youtube.db
+++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/youtube.db
@ -0,0 +1,15 @@
+$TTL    86400
+@       IN      SOA     opnsense.localdomain. hostmaster.opnsense.localdomain. (
+               2018111401
+                    28800
+                     7200
+                   864000
+                     3600 )
+@               NS      localhost.
+{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}
+www.youtube.com           IN CNAME restrict.youtube.com.
+m.youtube.com             IN CNAME restrict.youtube.com.
+youtubei.googleapis.com   IN CNAME restrict.youtube.com.
+youtube.googleapis.com    IN CNAME restrict.youtube.com.
+www.youtube-nocookie.com  IN CNAME restrict.youtube.com.
+{% endif %}