mirror of
https://github.com/opnsense/plugins.git
synced 2026-05-28 04:34:15 -04:00
dns/bind: release 1.4
This commit is contained in:
Franco Fichtner
parent
6b8a57a6a5
commit
e005172f59
11 changed files with 224 additions and 8 deletions
|
|
@ -1,5 +1,5 @@
|
|||
PLUGIN_NAME= bind
|
||||
PLUGIN_VERSION= 1.3
|
||||
PLUGIN_VERSION= 1.4
|
||||
PLUGIN_COMMENT= BIND domain name service
|
||||
PLUGIN_DEPENDS= bind912
|
||||
PLUGIN_MAINTAINER= m.muenz@gmail.com
|
||||
|
|
|
|||
|
|
@ -4,4 +4,34 @@ one computer can find another computer on the basis of its name.
|
|||
The BIND software distribution contains all of the software
|
||||
necessary for asking and answering name service questions.
|
||||
|
||||
|
||||
Plugin Changelog
|
||||
================
|
||||
|
||||
1.4
|
||||
|
||||
* Add Bing and DuckDuckGo Strict Search
|
||||
* Add 5 new blacklists to DNSBL (Hbbtv, Simple Ad, Simple Tracker, StevenBlack, Zeus Tracker)
|
||||
* Ability to hide system hostname and version
|
||||
* Rate-Limiting support
|
||||
|
||||
1.3
|
||||
|
||||
* Add Google Safe Search
|
||||
* Add Youtube Adult Filter
|
||||
|
||||
1.2
|
||||
|
||||
* Add Log Viewer
|
||||
* Removed too big PornAll list
|
||||
|
||||
1.1
|
||||
|
||||
* Add 3 new blacklists to DNSBL (EMD, PornTop1M, PornAll)
|
||||
|
||||
1.0
|
||||
|
||||
* Initial release
|
||||
|
||||
|
||||
WWW: https://www.isc.org
|
||||
|
|
|
|||
|
|
@ -25,10 +25,22 @@
|
|||
<type>checkbox</type>
|
||||
<help>This will force SafeSearch.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>dnsbl.forcesafeduckduckgo</id>
|
||||
<label>Enable DuckDuckGo SafeSearch</label>
|
||||
<type>checkbox</type>
|
||||
<help>This will force SafeSearch.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>dnsbl.forcesafeyoutube</id>
|
||||
<label>Enable Youtube Adult Restrictions</label>
|
||||
<type>checkbox</type>
|
||||
<help>This will force safe Youtube browsing.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>dnsbl.forcestrictbing</id>
|
||||
<label>Enable Strict Bing Search</label>
|
||||
<type>checkbox</type>
|
||||
<help>This will force safe search when using Bing.</help>
|
||||
</field>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -59,4 +59,41 @@
|
|||
<type>dropdown</type>
|
||||
<help>Default is "No". Set to "Auto" to use the static trust anchor configuration by the system.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>general.hidehostname</id>
|
||||
<label>Hide Hostname</label>
|
||||
<type>checkbox</type>
|
||||
<advanced>true</advanced>
|
||||
<help>This will hide the system hostname for DNS queries.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>general.hideversion</id>
|
||||
<label>Hide Version</label>
|
||||
<type>checkbox</type>
|
||||
<advanced>true</advanced>
|
||||
<help>This will hide the local BIND version in DNS queries.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>general.enableratelimiting</id>
|
||||
<label>Enable Rate Limiting</label>
|
||||
<type>checkbox</type>
|
||||
<advanced>true</advanced>
|
||||
<help>This will enable rate-limiting for DNS replies.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>general.ratelimitcount</id>
|
||||
<label>Rate Limit Replies</label>
|
||||
<type>text</type>
|
||||
<advanced>true</advanced>
|
||||
<help>Set how many replies per second are allowed.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>general.ratelimitexcept</id>
|
||||
<label>Rate Limit Exceptions</label>
|
||||
<style>tokenize</style>
|
||||
<type>select_multiple</type>
|
||||
<allownew>true</allownew>
|
||||
<advanced>true</advanced>
|
||||
<help>Except a list of IPs from rate-limiting like ::1</help>
|
||||
</field>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<model>
|
||||
<mount>//OPNsense/bind/dnsbl</mount>
|
||||
<description>DNSBL configuration</description>
|
||||
<version>1.0.4</version>
|
||||
<version>1.0.5</version>
|
||||
<items>
|
||||
<enabled type="BooleanField">
|
||||
<default>0</default>
|
||||
|
|
@ -17,12 +17,17 @@
|
|||
<el>Easy List</el>
|
||||
<emd>EMD Malicious Domains List</emd>
|
||||
<ep>Easyprivacy List</ep>
|
||||
<ht>Hbbtv List</ht>
|
||||
<mw>Malwaredomain List</mw>
|
||||
<nc>NoCoin List</nc>
|
||||
<pt>PornTop1M List</pt>
|
||||
<rw>Ransomware Tracker List</rw>
|
||||
<sa>Simple Ad List</sa>
|
||||
<st>Simple Tracker List</st>
|
||||
<sb>Steven Black List</sb>
|
||||
<ws>Windows Spyware Blocker</ws>
|
||||
<yy>YoYo List</yy>
|
||||
<za>ZeusTracker Abuse.ch List</za>
|
||||
</OptionValues>
|
||||
</type>
|
||||
<whitelists type="CSVListField">
|
||||
|
|
@ -32,9 +37,17 @@
|
|||
<default>0</default>
|
||||
<Required>Y</Required>
|
||||
</forcesafegoogle>
|
||||
<forcesafeduckduckgo type="BooleanField">
|
||||
<default>0</default>
|
||||
<Required>Y</Required>
|
||||
</forcesafeduckduckgo>
|
||||
<forcesafeyoutube type="BooleanField">
|
||||
<default>0</default>
|
||||
<Required>Y</Required>
|
||||
</forcesafeyoutube>
|
||||
<forcestrictbing type="BooleanField">
|
||||
<default>0</default>
|
||||
<Required>Y</Required>
|
||||
</forcestrictbing>
|
||||
</items>
|
||||
</model>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<model>
|
||||
<mount>//OPNsense/bind/general</mount>
|
||||
<description>BIND configuration</description>
|
||||
<version>1.0.4</version>
|
||||
<version>1.0.5</version>
|
||||
<items>
|
||||
<enabled type="BooleanField">
|
||||
<default>0</default>
|
||||
|
|
@ -67,5 +67,29 @@
|
|||
<Multiple>N</Multiple>
|
||||
<Required>Y</Required>
|
||||
</dnssecvalidation>
|
||||
<hidehostname type="BooleanField">
|
||||
<default>0</default>
|
||||
<Required>Y</Required>
|
||||
</hidehostname>
|
||||
<hideversion type="BooleanField">
|
||||
<default>0</default>
|
||||
<Required>Y</Required>
|
||||
</hideversion>
|
||||
<enableratelimiting type="BooleanField">
|
||||
<default>0</default>
|
||||
<Required>Y</Required>
|
||||
</enableratelimiting>
|
||||
<ratelimitcount type="IntegerField">
|
||||
<Required>N</Required>
|
||||
<MinimumValue>1</MinimumValue>
|
||||
<MaximumValue>1000</MaximumValue>
|
||||
<ValidationMessage>Choose a value between 1 and 1000.</ValidationMessage>
|
||||
</ratelimitcount>
|
||||
<ratelimitexcept type="NetworkField">
|
||||
<default>127.0.0.1,::1</default>
|
||||
<FieldSeparator>,</FieldSeparator>
|
||||
<Required>Y</Required>
|
||||
<asList>Y</asList>
|
||||
</ratelimitexcept>
|
||||
</items>
|
||||
</model>
|
||||
|
|
|
|||
|
|
@ -126,6 +126,41 @@ yoyo() {
|
|||
rm ${WORKDIR}/yoyo-raw
|
||||
}
|
||||
|
||||
stevenblack() {
|
||||
# StevenBlack
|
||||
${FETCH} https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts -o ${WORKDIR}/stevenblack-raw
|
||||
sed "/\.$/d" ${WORKDIR}/stevenblack-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" | sed "/localhost/d" | sed "/127\.0\.0\.1/d" | sed "/255\.255\.255\.255/d" | sed "/\:\:1/d" | sed "/fe80\:\:1/d" | sed "/ff00\:\:/d" | sed "/ff02\:\:/d" | sed "/0\.0\.0\.0 0\.0\.0\.0/d" | tr -d '\r' | awk 'BEGIN{FS=OFS=" ";}{print $2;}' > ${WORKDIR}/stevenblack
|
||||
rm ${WORKDIR}/stevenblack-raw
|
||||
}
|
||||
|
||||
hbbtv() {
|
||||
# HBBTV List
|
||||
${FETCH} https://raw.githubusercontent.com/Akamaru/Pi-Hole-Lists/master/hbbtv.txt -o ${WORKDIR}/hbbtv-raw
|
||||
sed "/\.$/d" ${WORKDIR}/hbbtv-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/hbbtv
|
||||
rm ${WORKDIR}/hbbtv-raw
|
||||
}
|
||||
|
||||
simplead() {
|
||||
# Simple Ad List
|
||||
${FETCH} https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt -o ${WORKDIR}/simplead-raw
|
||||
sed "/\.$/d" ${WORKDIR}/simplead-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/simplead
|
||||
rm ${WORKDIR}/simplead-raw
|
||||
}
|
||||
|
||||
simpletrack() {
|
||||
# Simple Tracking List
|
||||
${FETCH} https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt -o ${WORKDIR}/simpletrack-raw
|
||||
sed "/\.$/d" ${WORKDIR}/simpletrack-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/simpletrack
|
||||
rm ${WORKDIR}/simpletrack-raw
|
||||
}
|
||||
|
||||
zeusabuse() {
|
||||
# Zeus Tracker List from abuse.ch
|
||||
${FETCH} https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist -o ${WORKDIR}/zeusabuse-raw
|
||||
sed "/\.$/d" ${WORKDIR}/zeusabuse-raw | sed "/^#/d" | sed "/\_/d" | sed "/^\s*$/d" | sed "/\.\./d" | sed "s/^\.//g" > ${WORKDIR}/zeusabuse
|
||||
rm ${WORKDIR}/zeusabuse-raw
|
||||
}
|
||||
|
||||
install() {
|
||||
# Put all files in correct format
|
||||
for FILE in $(find ${WORKDIR} -type f); do
|
||||
|
|
@ -164,6 +199,9 @@ for CAT in $(echo ${DNSBL} | tr ',' ' '); do
|
|||
emd)
|
||||
emdlist
|
||||
;;
|
||||
ht)
|
||||
hbbtv
|
||||
;;
|
||||
nc)
|
||||
nocoin
|
||||
;;
|
||||
|
|
@ -179,12 +217,24 @@ for CAT in $(echo ${DNSBL} | tr ',' ' '); do
|
|||
pt)
|
||||
porntop
|
||||
;;
|
||||
sa)
|
||||
simplead
|
||||
;;
|
||||
sb)
|
||||
stevenblack
|
||||
;;
|
||||
st)
|
||||
simpletrack
|
||||
;;
|
||||
ws)
|
||||
windowsspyblocker
|
||||
;;
|
||||
yy)
|
||||
yoyo
|
||||
;;
|
||||
za)
|
||||
zeusabuse
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,6 @@
|
|||
bing.db:/usr/local/etc/namedb/master/bing.db
|
||||
blacklist.db:/usr/local/etc/namedb/master/blacklist.db
|
||||
duckduckgo.db:/usr/local/etc/namedb/master/duckduckgo.db
|
||||
google.db:/usr/local/etc/namedb/master/google.db
|
||||
named:/etc/rc.conf.d/named
|
||||
named.conf:/usr/local/etc/namedb/named.conf
|
||||
|
|
|
|||
|
|
@ -0,0 +1,14 @@
|
|||
$TTL 86400
|
||||
@ IN SOA opnsense.localdomain. hostmaster.opnsense.localdomain. (
|
||||
2018121501
|
||||
28800
|
||||
7200
|
||||
864000
|
||||
3600 )
|
||||
@ NS localhost.
|
||||
{% if helpers.exists('OPNsense.bind.dnsbl.forcestrictbing') and OPNsense.bind.dnsbl.forcestrictbing == '1' %}
|
||||
www.bing.at IN CNAME strict.bing.com.
|
||||
www.bing.ch IN CNAME strict.bing.com.
|
||||
www.bing.com IN CNAME strict.bing.com.
|
||||
www.bing.de IN CNAME strict.bing.com.
|
||||
{% endif %}
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
$TTL 86400
|
||||
@ IN SOA opnsense.localdomain. hostmaster.opnsense.localdomain. (
|
||||
2018111401
|
||||
28800
|
||||
7200
|
||||
864000
|
||||
3600 )
|
||||
@ NS localhost.
|
||||
{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeduckduckgo') and OPNsense.bind.dnsbl.forcesafeduckduckgo == '1' %}
|
||||
duckduckgo.com IN CNAME safe.duckduckgo.com.
|
||||
www.duckduckgo.com IN CNAME safe.duckduckgo.com.
|
||||
{% endif %}
|
||||
|
|
@ -27,7 +27,7 @@ options {
|
|||
{% endif %}
|
||||
|
||||
{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
|
||||
response-policy { {% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}zone "whitelist.localdomain"; zone "blacklist.localdomain";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}zone "rpzgoogle";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}zone "rpzyoutube";{% endif %} };
|
||||
response-policy { {% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}zone "whitelist.localdomain"; zone "blacklist.localdomain";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}zone "rpzgoogle";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeduckduckgo') and OPNsense.bind.dnsbl.forcesafeduckduckgo == '1' %}zone "rpzduckduckgo";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}zone "rpzyoutube";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcestrictbing') and OPNsense.bind.dnsbl.forcestrictbing == '1' %}zone "rpzbing";{% endif %} };
|
||||
{% endif %}
|
||||
|
||||
{% if helpers.exists('OPNsense.bind.general.recursion') and OPNsense.bind.general.recursion != '' %}
|
||||
|
|
@ -38,15 +38,28 @@ options {
|
|||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if helpers.exists('OPNsense.bind.general.maxcachesize') and OPNsense.bind.general.maxcachesize != '' %}
|
||||
max-cache-size {{ OPNsense.bind.general.maxcachesize }}%;
|
||||
{% endif %}
|
||||
|
||||
{% if helpers.exists('OPNsense.bind.general.dnssecvalidation') and OPNsense.bind.general.dnssecvalidation != '' %}
|
||||
dnssec-validation {{ OPNsense.bind.general.dnssecvalidation }};
|
||||
{% endif %}
|
||||
|
||||
{% if helpers.exists('OPNsense.bind.general.hidehostname') and OPNsense.bind.general.hidehostname == '1' %}
|
||||
hostname none;
|
||||
{% endif %}
|
||||
{% if helpers.exists('OPNsense.bind.general.hideversion') and OPNsense.bind.general.hideversion == '1' %}
|
||||
version none;
|
||||
{% endif %}
|
||||
{% if helpers.exists('OPNsense.bind.general.enableratelimiting') and OPNsense.bind.general.enableratelimiting == '1' %}
|
||||
{% if helpers.exists('OPNsense.bind.general.ratelimitcount') and OPNsense.bind.general.ratelimitcount != '' %}
|
||||
rate-limit {
|
||||
responses-per-second {{ OPNsense.bind.general.ratelimitcount }};
|
||||
{% if helpers.exists('OPNsense.bind.general.ratelimitexcept') and OPNsense.bind.general.ratelimitexcept != '' %}
|
||||
exempt-clients { {{ OPNsense.bind.general.ratelimitexcept.replace(',', '; ') }}; };
|
||||
{% endif %}
|
||||
};
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
};
|
||||
|
||||
key "rndc-key" {
|
||||
|
|
@ -76,11 +89,20 @@ zone "rpzgoogle" { type master; file "/usr/local/etc/namedb/master/google.db"; n
|
|||
{% endif %}
|
||||
{% endif %}
|
||||
{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
|
||||
{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeduckduckgo') and OPNsense.bind.dnsbl.forcesafeduckduckgo == '1' %}
|
||||
zone "rpzduckduckgo" { type master; file "/usr/local/etc/namedb/master/duckduckgo.db"; notify no; check-names ignore; };
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
|
||||
{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}
|
||||
zone "rpzyoutube" { type master; file "/usr/local/etc/namedb/master/youtube.db"; notify no; check-names ignore; };
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
|
||||
{% if helpers.exists('OPNsense.bind.dnsbl.forcestrictbing') and OPNsense.bind.dnsbl.forcestrictbing == '1' %}
|
||||
zone "rpzbing" { type master; file "/usr/local/etc/namedb/master/bing.db"; notify no; check-names ignore; };
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
logging {
|
||||
channel default_log {
|
||||
file "/var/log/named/named.log" versions 3 size {{ OPNsense.bind.general.logsize }}m;
|
||||
|
|
|
|||
Loading…
Reference in a new issue