diff --git a/dns/bind/Makefile b/dns/bind/Makefile index 750a9f3a9..93eeb1213 100644 --- a/dns/bind/Makefile +++ b/dns/bind/Makefile @@ -1,6 +1,5 @@ PLUGIN_NAME= bind -PLUGIN_VERSION= 1.2 -PLUGIN_REVISION= 1 +PLUGIN_VERSION= 1.3 PLUGIN_COMMENT= BIND domain name service PLUGIN_DEPENDS= bind912 PLUGIN_MAINTAINER= m.muenz@gmail.com diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml index 76efd1f49..227260813 100644 --- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml +++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml @@ -1,7 +1,7 @@
dnsbl.enabled - + checkbox This will enable the use of DNS Blocklists for ADs, Malware, or both. @@ -19,4 +19,16 @@ true List of domains to whitelist. It will add a entry for the domains itself and all sub domains. + + dnsbl.forcesafegoogle + + checkbox + This will force SafeSearch. + + + dnsbl.forcesafeyoutube + + checkbox + This will force safe Youtube browsing. +
diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml index d0491bfb5..9a0b151fc 100644 --- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml +++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml @@ -1,7 +1,7 @@ //OPNsense/bind/dnsbl DNSBL configuration - 1.0.3 + 1.0.4 0 @@ -28,5 +28,13 @@ N + + 0 + Y + + + 0 + Y + diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml index b131afb2b..006bac894 100644 --- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml +++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml @@ -1,12 +1,16 @@ //OPNsense/bind/general BIND configuration - 1.0.3 + 1.0.4 0 Y + + 1 + Y + 127.0.0.1 , diff --git a/dns/bind/src/opnsense/scripts/OPNsense/Bind/dnsbl.sh b/dns/bind/src/opnsense/scripts/OPNsense/Bind/dnsbl.sh index 05659a9ff..fd48375b0 100755 --- a/dns/bind/src/opnsense/scripts/OPNsense/Bind/dnsbl.sh +++ b/dns/bind/src/opnsense/scripts/OPNsense/Bind/dnsbl.sh @@ -137,7 +137,14 @@ install() { rm -rf ${WORKDIR} } -for CAT in $(echo ${1} | tr ',' ' '); do +DNSBL=${1} + +if [ -z "${DNSBL}" ]; then + . /etc/rc.conf.d/named + DNSBL=${named_dnsbl} +fi + +for CAT in $(echo ${DNSBL} | tr ',' ' '); do case "${CAT}" in aa) adaway diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/+TARGETS b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/+TARGETS index 5fc84ac33..671cf90e9 100644 --- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/+TARGETS +++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/+TARGETS @@ -1,6 +1,8 @@ blacklist.db:/usr/local/etc/namedb/master/blacklist.db +google.db:/usr/local/etc/namedb/master/google.db named:/etc/rc.conf.d/named named.conf:/usr/local/etc/namedb/named.conf rndc.conf:/usr/local/etc/namedb/rndc.conf whitelist.db:/usr/local/etc/namedb/master/whitelist.db whitelist.inc:/usr/local/etc/namedb/whitelist.inc +youtube.db:/usr/local/etc/namedb/master/youtube.db diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/google.db b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/google.db new file mode 100644 index 000000000..d4023d2f6 --- /dev/null +++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/google.db @@ -0,0 +1,12 @@ +$TTL 86400 +@ IN SOA opnsense.localdomain. hostmaster.opnsense.localdomain. ( + 2018111401 + 28800 + 7200 + 864000 + 3600 ) +@ NS localhost. +{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %} +google.com IN CNAME forcesafesearch.google.com. +www.google.com IN CNAME forcesafesearch.google.com. +{% endif %} diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named index 6f4d6766e..70167bad7 100644 --- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named +++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named @@ -1,5 +1,10 @@ {% if helpers.exists('OPNsense.bind.general.enabled') and OPNsense.bind.general.enabled == '1' %} named_var_script="/usr/local/opnsense/scripts/OPNsense/Bind/setup.sh" +{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %} +{% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %} +named_dnsbl="{{ OPNsense.bind.dnsbl.type }}" +{% endif %} +{% endif %} named_enable="YES" {% else %} named_enable="NO" diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf index f1cb1dcb4..443367cb7 100644 --- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf +++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf @@ -27,9 +27,7 @@ options { {% endif %} {% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %} -{% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %} - response-policy { zone "whitelist.localdomain"; zone "blacklist.localdomain"; }; -{% endif %} + response-policy { {% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}zone "whitelist.localdomain"; zone "blacklist.localdomain";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}zone "rpzgoogle";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}zone "rpzyoutube";{% endif %} }; {% endif %} {% if helpers.exists('OPNsense.bind.general.recursion') and OPNsense.bind.general.recursion != '' %} @@ -72,6 +70,16 @@ zone "whitelist.localdomain" { type master; file "/usr/local/etc/namedb/master/w zone "blacklist.localdomain" { type master; file "/usr/local/etc/namedb/master/blacklist.db"; notify no; check-names ignore; }; {% endif %} {% endif %} +{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %} +{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %} +zone "rpzgoogle" { type master; file "/usr/local/etc/namedb/master/google.db"; notify no; check-names ignore; }; +{% endif %} +{% endif %} +{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %} +{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %} +zone "rpzyoutube" { type master; file "/usr/local/etc/namedb/master/youtube.db"; notify no; check-names ignore; }; +{% endif %} +{% endif %} logging { channel default_log { diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/youtube.db b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/youtube.db new file mode 100644 index 000000000..e6a2fae88 --- /dev/null +++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/youtube.db @@ -0,0 +1,15 @@ +$TTL 86400 +@ IN SOA opnsense.localdomain. hostmaster.opnsense.localdomain. ( + 2018111401 + 28800 + 7200 + 864000 + 3600 ) +@ NS localhost. +{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %} +www.youtube.com IN CNAME restrict.youtube.com. +m.youtube.com IN CNAME restrict.youtube.com. +youtubei.googleapis.com IN CNAME restrict.youtube.com. +youtube.googleapis.com IN CNAME restrict.youtube.com. +www.youtube-nocookie.com IN CNAME restrict.youtube.com. +{% endif %}