From 5d6101327fc607ae4e16480e48cab1a4bd35ae11 Mon Sep 17 00:00:00 2001
From: Northguy <1189058+Northguy@users.noreply.github.com>
Date: Sun, 23 Dec 2018 18:43:05 +0100
Subject: [PATCH] dns/bind: Add duck duck go (#1085)
---
.../app/controllers/OPNsense/Bind/forms/dnsbl.xml | 6 ++++++
.../opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml | 4 ++++
.../service/templates/OPNsense/Bind/+TARGETS | 1 +
.../service/templates/OPNsense/Bind/duckduckgo.db | 12 ++++++++++++
.../service/templates/OPNsense/Bind/named.conf | 7 ++++++-
5 files changed, 29 insertions(+), 1 deletion(-)
create mode 100644 dns/bind/src/opnsense/service/templates/OPNsense/Bind/duckduckgo.db
diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml
index fb49bd40d..43785baa6 100644
--- a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml
+++ b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dnsbl.xml
@@ -25,6 +25,12 @@
checkbox
This will force SafeSearch.
+
+ dnsbl.forcesafeduckduckgo
+
+ checkbox
+ This will force SafeSearch.
+
dnsbl.forcesafeyoutube
diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml
index 78ea8a279..2b36795c8 100644
--- a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml
+++ b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Dnsbl.xml
@@ -36,6 +36,10 @@
0
Y
+
+ 0
+ Y
+
0
Y
diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/+TARGETS b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/+TARGETS
index d702fd2c9..bf8b53508 100644
--- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/+TARGETS
+++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/+TARGETS
@@ -1,5 +1,6 @@
bing.db:/usr/local/etc/namedb/master/bing.db
blacklist.db:/usr/local/etc/namedb/master/blacklist.db
+duckduckgo.db:/usr/local/etc/namedb/master/duckduckgo.db
google.db:/usr/local/etc/namedb/master/google.db
named:/etc/rc.conf.d/named
named.conf:/usr/local/etc/namedb/named.conf
diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/duckduckgo.db b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/duckduckgo.db
new file mode 100644
index 000000000..d374a8ccd
--- /dev/null
+++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/duckduckgo.db
@@ -0,0 +1,12 @@
+$TTL 86400
+@ IN SOA opnsense.localdomain. hostmaster.opnsense.localdomain. (
+ 2018111401
+ 28800
+ 7200
+ 864000
+ 3600 )
+@ NS localhost.
+{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeduckduckgo') and OPNsense.bind.dnsbl.forcesafeduckduckgo == '1' %}
+duckduckgo.com IN CNAME safe.duckduckgo.com.
+www.duckduckgo.com IN CNAME safe.duckduckgo.com.
+{% endif %}
diff --git a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
index 0555fc6a8..d27afa622 100644
--- a/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
+++ b/dns/bind/src/opnsense/service/templates/OPNsense/Bind/named.conf
@@ -27,7 +27,7 @@ options {
{% endif %}
{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
- response-policy { {% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}zone "whitelist.localdomain"; zone "blacklist.localdomain";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}zone "rpzgoogle";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}zone "rpzyoutube";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcestrictbing') and OPNsense.bind.dnsbl.forcestrictbing == '1' %}zone "rpzbing";{% endif %} };
+ response-policy { {% if helpers.exists('OPNsense.bind.dnsbl.type') and OPNsense.bind.dnsbl.type != '' %}zone "whitelist.localdomain"; zone "blacklist.localdomain";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafegoogle') and OPNsense.bind.dnsbl.forcesafegoogle == '1' %}zone "rpzgoogle";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeduckduckgo') and OPNsense.bind.dnsbl.forcesafeduckduckgo == '1' %}zone "rpzduckduckgo";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}zone "rpzyoutube";{% endif %}{% if helpers.exists('OPNsense.bind.dnsbl.forcestrictbing') and OPNsense.bind.dnsbl.forcestrictbing == '1' %}zone "rpzbing";{% endif %} };
{% endif %}
{% if helpers.exists('OPNsense.bind.general.recursion') and OPNsense.bind.general.recursion != '' %}
@@ -89,6 +89,11 @@ zone "rpzgoogle" { type master; file "/usr/local/etc/namedb/master/google.db"; n
{% endif %}
{% endif %}
{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
+{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeduckduckgo') and OPNsense.bind.dnsbl.forcesafeduckduckgo == '1' %}
+zone "rpzduckduckgo" { type master; file "/usr/local/etc/namedb/master/duckduckgo.db"; notify no; check-names ignore; };
+{% endif %}
+{% endif %}
+{% if helpers.exists('OPNsense.bind.dnsbl.enabled') and OPNsense.bind.dnsbl.enabled == '1' %}
{% if helpers.exists('OPNsense.bind.dnsbl.forcesafeyoutube') and OPNsense.bind.dnsbl.forcesafeyoutube == '1' %}
zone "rpzyoutube" { type master; file "/usr/local/etc/namedb/master/youtube.db"; notify no; check-names ignore; };
{% endif %}