Created
April 9, 2016 21:39
-
-
Save hayesr/55b55d167f67f57fe5e56ec3ab1f8088 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function preresolve(dq) | |
| if dq.qname:equal("www.google.com") then | |
| dq:addAnswer(pdns.CNAME, "forcesafesearch.google.com.") | |
| dq.rcode = 0 | |
| dq.followupFunction="followCNAMERecords" -- this makes PowerDNS lookup your CNAME | |
| return true; | |
| end | |
| return false; | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Force Google SafeSearch with the PowerDNS Recursor
Now that Google requires SSL for all searches, this is useful to schools and districts who want to enforce some filtering. https://support.google.com/websearch/answer/186669?hl=en
The script checks if the requested domain is
www.google.comthen answers withforcesafesearch.google.com. CNAME chain resolution is documented here: https://doc.powerdns.com/md/recursor/scripting/#cname-chain-resolution . I believe the finalreturn falseis necessary to tell the recursor that the function does nothing. Without it, onlygoogle.comwill work.The path of this file is referenced in
recursor.confusing thelua-dns-scriptdirective.