SysV and systemd script to change DNS servers

Forum rules
Post Reply
Message
Author
TimothySimon
Posts: 93
Joined: Fri Sep 10, 2021 2:16 am

Re: SysV and systemd script to change DNS servers

#11 Post by TimothySimon »

nXecure wrote: Sat Sep 11, 2021 12:53 pm if it is instead a file, save the contents for later restoration.
Thank you so much for this too. If you are willing, please enlighten me.
BTW: I now updated the code to do these:
If [ "$(realpath /etc/resolv.conf)" != "/etc/resolv.conf" ] ; backup $(realpath /etc/resolv.conf) before removing it.
Else, if /etc/resolv.conf doesn't contain a comment (that my app adds on top of the nameservers) ; then, backup the contents of /etc/resolv.conf
On trying to restore automatic DNS , try these 2 ways in that order.
nXecure wrote: Sat Sep 11, 2021 12:53 pm Real programmers create programs for real people. If you do so, you are a real programmer (sorry, robot programmers).
As per your opinion, do I fall into the category of "real" or "robot" programmers ? ;)
Top
User avatar
figueroa
Posts: 1097
Joined: Thu Dec 20, 2018 11:20 pm

Re: SysV and systemd script to change DNS servers

#12 Post by figueroa »

In your initial post, you describe much of what I do manually as sysadmin at a small school where we are 75% through migrating the desktop computers and computer lab from Mint to MX. You are not crazy; just going against the flow. Do you really have safe nameservers? Would you share?

I backup to tar /etc/resolv.conf,

Code: Select all

tar cpf /root/resolv.conf.tar /etc/resolv.conf
Then delete it, hand jam the /etc/resolv.conf file I as I want it to be, then

Code: Select all

chown root:root /etc/resolv.conf

Code: Select all

chmod 400 /etc/resolv.conf

Code: Select all

chattr +i /etc/resolv.conf
Additionally, I hand jam the network settings for the interface in /etc/network/interfaces using a static IP. Doing this disables network manager the interface.

Of course, all of the other steps to deny the other users root access of any kind.
Andy Figueroa
Using Unix from 1984; GNU/Linux from 1993
Top
TimothySimon
Posts: 93
Joined: Fri Sep 10, 2021 2:16 am

Re: SysV and systemd script to change DNS servers

#13 Post by TimothySimon »

figueroa wrote: Sun Sep 12, 2021 3:20 pm In your initial post, you describe much of what I do manually as sysadmin at a small school where we are 75% through migrating the desktop computers and computer lab from Mint to MX. You are not crazy; just going against the flow. Do you really have safe nameservers? Would you share?

I backup to tar /etc/resolv.conf,

Code: Select all

tar cpf /root/resolv.conf.tar /etc/resolv.conf
Then delete it, hand jam the /etc/resolv.conf file I as I want it to be, then

Code: Select all

chown root:root /etc/resolv.conf

Code: Select all

chmod 400 /etc/resolv.conf

Code: Select all

chattr +i /etc/resolv.conf
Additionally, I hand jam the network settings for the interface in /etc/network/interfaces using a static IP. Doing this disables network manager the interface.

Of course, all of the other steps to deny the other users root access of any kind.
@figueroa You and your little scripts are a treasure-trove of knowledge (both here and on Gentoo).
I'm changing my code to incude this (tar, chattr -i, remove, edit, chown, chmod and then chattr +i).
(The tar step is only done on the first run).
figueroa wrote: Sun Sep 12, 2021 3:20 pm

Code: Select all

chmod 400 /etc/resolv.conf
AFAIK, some applications (like browsers etc.,) need to read the hosts file, resolv.conf etc.,
So, this may be better:

Code: Select all

chmod 444 /etc/resolv.conf
figueroa wrote: Sun Sep 12, 2021 3:20 pm Do you really have safe nameservers? Would you share?
https://en.wikipedia.org/wiki/Public_re ... ame_server ( a pretty impartial comparison of public DNSes )
My favorite public DNS is familyshield.opendns.com ( 208.67.222.123 and 208.67.220.123 ).

Good hosts file blocklists (and safe search enforcement in the hosts file) are MUCH better for children's safety.
Here is my script for that:

Code: Select all

#!/bin/bash

# Apply various hosts file based blocklists
# Enforce (using the hosts file) strict safe search in Google, Bing, YouTube and DuckDuckGo

# Depends on:
# bash, wget, sed, coreutils
# Perl is recommended (just to filter out valid domains). Else, the line using perl can just be deleted.

# Exit on errors
set -e

function wget_clean_and_append {
# wget the URL, then add it to the file, which is then cleaned, sorted and deduplicated.
# Allow only valid domains (the perl regex, used only if perl is available)
# Accept all lists starting with 0.0.0.0 or 127.0.0.1 or raw lists of domain names
# Output raw domain list
 wget "$1" -qO - | cat "$2" - | \
  sed 's/#.*$//g' | \
  strings | \
  sed '/ localhost$/d' | \
  sed '/ localhost.localdomain$/d' | \
  sed '/ local$/d' | \
  sed '/ broadcasthost$/d' | \
  sed '/ ip6-localhost$/d' | \
  sed '/ ip6-loopback$/d' | \
  sed '/ ip6-localnet$/d' | \
  sed '/ ip6-mcastprefix$/d' | \
  sed '/ ip6-allnodes$/d' | \
  sed '/ ip6-allrouters$/d' | \
  sed '/ ip6-allhosts$/d' | \
  sed '/^$/d' | \
  sed 's/[\t]/ /g' | \
  sed 's/  / /g' | \
  sed 's/^127\.0\.0\.1 /0\.0\.0\.0 /g' | \
  sed 's/^0\.0\.0\.0 //g' | \
  sed 's/ //g' | \
  perl -ne 'print if /(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$)/' | \
  tr -d '\015' | \
  sort -u \
  >> "$2".temp
  mv -f "$2".temp "$2"
}

MARKER_START="# BEGIN websites blocked by your administrator"
MARKER_END="# END websites blocked by your administrator"

if [ "$(pwd)" = "/etc" ] ; then
 echo "This script cannot be run in /etc."
 echo "Please change your directory to elsewhere."
 exit 1
fi

# Truncate old files
echo '' > blocklist

echo "Please wait...... Downloading blocklists"

# StevenBlack's hosts list ( https://github.com/StevenBlack/hosts ) with FakeNews, Gambling and Pornography extensions
wget_clean_and_append "https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts" blocklist

# Some of Shalla's lists
wget_clean_and_append "https://raw.githubusercontent.com/cbuijs/shallalist/master/sex/lingerie/domains" blocklist
wget_clean_and_append "https://raw.githubusercontent.com/cbuijs/shallalist/master/violence/domains" blocklist
wget_clean_and_append "https://raw.githubusercontent.com/cbuijs/shallalist/master/models/domains" blocklist

# DeveloperDans's dating blocklist
wget_clean_and_append "https://www.github.developerdan.com/hosts/lists/dating-services-extended.txt" blocklist

# Shalla's dating blocklist
wget_clean_and_append "https://raw.githubusercontent.com/cbuijs/shallalist/master/dating/domains" blocklist

# disconnect.me blocklist
wget_clean_and_append "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" blocklist
wget_clean_and_append "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" blocklist

# Block various bypass methods (Proxies, VPN websites etc.,)
wget_clean_and_append "https://raw.githubusercontent.com/mark4409/DNS-Blocklists/master/blocklist-combined-bypassmethods.txt" blocklist
wget_clean_and_append "https://raw.githubusercontent.com/nextdns/metadata/master/parentalcontrol/bypass-methods" blocklist

# Block a lot of Online Games
# https://github.com/dupontjean/pihole-blocklist
wget_clean_and_append "https://raw.githubusercontent.com/dupontjean/pihole-blocklist/master/game.txt" blocklist

# https://github.com/blocklistproject/Lists
wget_clean_and_append "https://blocklistproject.github.io/Lists/ransomware.txt" blocklist

# Wally3K 's blocklist
wget_clean_and_append "https://v.firebog.net/hosts/static/w3kbl.txt" blocklist

# https://github.com/chadmayfield/pihole-blocklists
wget_clean_and_append "https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list" blocklist

# Block cryptomining
# https://github.com/hoshsadiq/adblock-nocoin-list
wget_clean_and_append "https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt" blocklist

# Block cryptomining
# https://gitlab.com/ZeroDot1/CoinBlockerLists/
wget_clean_and_append "https://gitlab.com/ZeroDot1/CoinBlockerLists/-/raw/master/hosts_browser" blocklist

# DeveloperDan's "Hate & Junk" blocklist
wget_clean_and_append "https://www.github.developerdan.com/hosts/lists/hate-and-junk-extended.txt" blocklist

# Search engines not supporting safe search enforcement with the hosts file
wget_clean_and_append "https://raw.githubusercontent.com/nextdns/metadata/master/parentalcontrol/safesearch-not-supported" blocklist

sed -e "/$MARKER_START/,/$MARKER_END/d" /etc/hosts > ./hosts
echo "$MARKER_START" >> ./hosts

# Various search engines' and youtube's strict safe search.
cat << EOF >> ./hosts
# Google Safe Search Host List
# Ref: https://support.google.com/websearch/answer/186669?hl=en
# Generated on Wed 11 Aug 2021 09:10:52 AM UTC
# From: https://www.google.com/supported_domains
216.239.38.120 forcesafesearch.google.com
216.239.38.120 google.com
216.239.38.120 google.ad
216.239.38.120 google.ae
216.239.38.120 google.com.af
216.239.38.120 google.com.ag
216.239.38.120 google.com.ai
216.239.38.120 google.al
216.239.38.120 google.am
216.239.38.120 google.co.ao
216.239.38.120 google.com.ar
216.239.38.120 google.as
216.239.38.120 google.at
216.239.38.120 google.com.au
216.239.38.120 google.az
216.239.38.120 google.ba
216.239.38.120 google.com.bd
216.239.38.120 google.be
216.239.38.120 google.bf
216.239.38.120 google.bg
216.239.38.120 google.com.bh
216.239.38.120 google.bi
216.239.38.120 google.bj
216.239.38.120 google.com.bn
216.239.38.120 google.com.bo
216.239.38.120 google.com.br
216.239.38.120 google.bs
216.239.38.120 google.bt
216.239.38.120 google.co.bw
216.239.38.120 google.by
216.239.38.120 google.com.bz
216.239.38.120 google.ca
216.239.38.120 google.cd
216.239.38.120 google.cf
216.239.38.120 google.cg
216.239.38.120 google.ch
216.239.38.120 google.ci
216.239.38.120 google.co.ck
216.239.38.120 google.cl
216.239.38.120 google.cm
216.239.38.120 google.cn
216.239.38.120 google.com.co
216.239.38.120 google.co.cr
216.239.38.120 google.com.cu
216.239.38.120 google.cv
216.239.38.120 google.com.cy
216.239.38.120 google.cz
216.239.38.120 google.de
216.239.38.120 google.dj
216.239.38.120 google.dk
216.239.38.120 google.dm
216.239.38.120 google.com.do
216.239.38.120 google.dz
216.239.38.120 google.com.ec
216.239.38.120 google.ee
216.239.38.120 google.com.eg
216.239.38.120 google.es
216.239.38.120 google.com.et
216.239.38.120 google.fi
216.239.38.120 google.com.fj
216.239.38.120 google.fm
216.239.38.120 google.fr
216.239.38.120 google.ga
216.239.38.120 google.ge
216.239.38.120 google.gg
216.239.38.120 google.com.gh
216.239.38.120 google.com.gi
216.239.38.120 google.gl
216.239.38.120 google.gm
216.239.38.120 google.gr
216.239.38.120 google.com.gt
216.239.38.120 google.gy
216.239.38.120 google.com.hk
216.239.38.120 google.hn
216.239.38.120 google.hr
216.239.38.120 google.ht
216.239.38.120 google.hu
216.239.38.120 google.co.id
216.239.38.120 google.ie
216.239.38.120 google.co.il
216.239.38.120 google.im
216.239.38.120 google.co.in
216.239.38.120 google.iq
216.239.38.120 google.is
216.239.38.120 google.it
216.239.38.120 google.je
216.239.38.120 google.com.jm
216.239.38.120 google.jo
216.239.38.120 google.co.jp
216.239.38.120 google.co.ke
216.239.38.120 google.com.kh
216.239.38.120 google.ki
216.239.38.120 google.kg
216.239.38.120 google.co.kr
216.239.38.120 google.com.kw
216.239.38.120 google.kz
216.239.38.120 google.la
216.239.38.120 google.com.lb
216.239.38.120 google.li
216.239.38.120 google.lk
216.239.38.120 google.co.ls
216.239.38.120 google.lt
216.239.38.120 google.lu
216.239.38.120 google.lv
216.239.38.120 google.com.ly
216.239.38.120 google.co.ma
216.239.38.120 google.md
216.239.38.120 google.me
216.239.38.120 google.mg
216.239.38.120 google.mk
216.239.38.120 google.ml
216.239.38.120 google.com.mm
216.239.38.120 google.mn
216.239.38.120 google.ms
216.239.38.120 google.com.mt
216.239.38.120 google.mu
216.239.38.120 google.mv
216.239.38.120 google.mw
216.239.38.120 google.com.mx
216.239.38.120 google.com.my
216.239.38.120 google.co.mz
216.239.38.120 google.com.na
216.239.38.120 google.com.ng
216.239.38.120 google.com.ni
216.239.38.120 google.ne
216.239.38.120 google.nl
216.239.38.120 google.no
216.239.38.120 google.com.np
216.239.38.120 google.nr
216.239.38.120 google.nu
216.239.38.120 google.co.nz
216.239.38.120 google.com.om
216.239.38.120 google.com.pa
216.239.38.120 google.com.pe
216.239.38.120 google.com.pg
216.239.38.120 google.com.ph
216.239.38.120 google.com.pk
216.239.38.120 google.pl
216.239.38.120 google.pn
216.239.38.120 google.com.pr
216.239.38.120 google.ps
216.239.38.120 google.pt
216.239.38.120 google.com.py
216.239.38.120 google.com.qa
216.239.38.120 google.ro
216.239.38.120 google.ru
216.239.38.120 google.rw
216.239.38.120 google.com.sa
216.239.38.120 google.com.sb
216.239.38.120 google.sc
216.239.38.120 google.se
216.239.38.120 google.com.sg
216.239.38.120 google.sh
216.239.38.120 google.si
216.239.38.120 google.sk
216.239.38.120 google.com.sl
216.239.38.120 google.sn
216.239.38.120 google.so
216.239.38.120 google.sm
216.239.38.120 google.sr
216.239.38.120 google.st
216.239.38.120 google.com.sv
216.239.38.120 google.td
216.239.38.120 google.tg
216.239.38.120 google.co.th
216.239.38.120 google.com.tj
216.239.38.120 google.tl
216.239.38.120 google.tm
216.239.38.120 google.tn
216.239.38.120 google.to
216.239.38.120 google.com.tr
216.239.38.120 google.tt
216.239.38.120 google.com.tw
216.239.38.120 google.co.tz
216.239.38.120 google.com.ua
216.239.38.120 google.co.ug
216.239.38.120 google.co.uk
216.239.38.120 google.com.uy
216.239.38.120 google.co.uz
216.239.38.120 google.com.vc
216.239.38.120 google.co.ve
216.239.38.120 google.vg
216.239.38.120 google.co.vi
216.239.38.120 google.com.vn
216.239.38.120 google.vu
216.239.38.120 google.ws
216.239.38.120 google.rs
216.239.38.120 google.co.za
216.239.38.120 google.co.zm
216.239.38.120 google.co.zw
216.239.38.120 google.cat
216.239.38.120 www.google.com
216.239.38.120 www.google.ad
216.239.38.120 www.google.ae
216.239.38.120 www.google.com.af
216.239.38.120 www.google.com.ag
216.239.38.120 www.google.com.ai
216.239.38.120 www.google.al
216.239.38.120 www.google.am
216.239.38.120 www.google.co.ao
216.239.38.120 www.google.com.ar
216.239.38.120 www.google.as
216.239.38.120 www.google.at
216.239.38.120 www.google.com.au
216.239.38.120 www.google.az
216.239.38.120 www.google.ba
216.239.38.120 www.google.com.bd
216.239.38.120 www.google.be
216.239.38.120 www.google.bf
216.239.38.120 www.google.bg
216.239.38.120 www.google.com.bh
216.239.38.120 www.google.bi
216.239.38.120 www.google.bj
216.239.38.120 www.google.com.bn
216.239.38.120 www.google.com.bo
216.239.38.120 www.google.com.br
216.239.38.120 www.google.bs
216.239.38.120 www.google.bt
216.239.38.120 www.google.co.bw
216.239.38.120 www.google.by
216.239.38.120 www.google.com.bz
216.239.38.120 www.google.ca
216.239.38.120 www.google.cd
216.239.38.120 www.google.cf
216.239.38.120 www.google.cg
216.239.38.120 www.google.ch
216.239.38.120 www.google.ci
216.239.38.120 www.google.co.ck
216.239.38.120 www.google.cl
216.239.38.120 www.google.cm
216.239.38.120 www.google.cn
216.239.38.120 www.google.com.co
216.239.38.120 www.google.co.cr
216.239.38.120 www.google.com.cu
216.239.38.120 www.google.cv
216.239.38.120 www.google.com.cy
216.239.38.120 www.google.cz
216.239.38.120 www.google.de
216.239.38.120 www.google.dj
216.239.38.120 www.google.dk
216.239.38.120 www.google.dm
216.239.38.120 www.google.com.do
216.239.38.120 www.google.dz
216.239.38.120 www.google.com.ec
216.239.38.120 www.google.ee
216.239.38.120 www.google.com.eg
216.239.38.120 www.google.es
216.239.38.120 www.google.com.et
216.239.38.120 www.google.fi
216.239.38.120 www.google.com.fj
216.239.38.120 www.google.fm
216.239.38.120 www.google.fr
216.239.38.120 www.google.ga
216.239.38.120 www.google.ge
216.239.38.120 www.google.gg
216.239.38.120 www.google.com.gh
216.239.38.120 www.google.com.gi
216.239.38.120 www.google.gl
216.239.38.120 www.google.gm
216.239.38.120 www.google.gr
216.239.38.120 www.google.com.gt
216.239.38.120 www.google.gy
216.239.38.120 www.google.com.hk
216.239.38.120 www.google.hn
216.239.38.120 www.google.hr
216.239.38.120 www.google.ht
216.239.38.120 www.google.hu
216.239.38.120 www.google.co.id
216.239.38.120 www.google.ie
216.239.38.120 www.google.co.il
216.239.38.120 www.google.im
216.239.38.120 www.google.co.in
216.239.38.120 www.google.iq
216.239.38.120 www.google.is
216.239.38.120 www.google.it
216.239.38.120 www.google.je
216.239.38.120 www.google.com.jm
216.239.38.120 www.google.jo
216.239.38.120 www.google.co.jp
216.239.38.120 www.google.co.ke
216.239.38.120 www.google.com.kh
216.239.38.120 www.google.ki
216.239.38.120 www.google.kg
216.239.38.120 www.google.co.kr
216.239.38.120 www.google.com.kw
216.239.38.120 www.google.kz
216.239.38.120 www.google.la
216.239.38.120 www.google.com.lb
216.239.38.120 www.google.li
216.239.38.120 www.google.lk
216.239.38.120 www.google.co.ls
216.239.38.120 www.google.lt
216.239.38.120 www.google.lu
216.239.38.120 www.google.lv
216.239.38.120 www.google.com.ly
216.239.38.120 www.google.co.ma
216.239.38.120 www.google.md
216.239.38.120 www.google.me
216.239.38.120 www.google.mg
216.239.38.120 www.google.mk
216.239.38.120 www.google.ml
216.239.38.120 www.google.com.mm
216.239.38.120 www.google.mn
216.239.38.120 www.google.ms
216.239.38.120 www.google.com.mt
216.239.38.120 www.google.mu
216.239.38.120 www.google.mv
216.239.38.120 www.google.mw
216.239.38.120 www.google.com.mx
216.239.38.120 www.google.com.my
216.239.38.120 www.google.co.mz
216.239.38.120 www.google.com.na
216.239.38.120 www.google.com.ng
216.239.38.120 www.google.com.ni
216.239.38.120 www.google.ne
216.239.38.120 www.google.nl
216.239.38.120 www.google.no
216.239.38.120 www.google.com.np
216.239.38.120 www.google.nr
216.239.38.120 www.google.nu
216.239.38.120 www.google.co.nz
216.239.38.120 www.google.com.om
216.239.38.120 www.google.com.pa
216.239.38.120 www.google.com.pe
216.239.38.120 www.google.com.pg
216.239.38.120 www.google.com.ph
216.239.38.120 www.google.com.pk
216.239.38.120 www.google.pl
216.239.38.120 www.google.pn
216.239.38.120 www.google.com.pr
216.239.38.120 www.google.ps
216.239.38.120 www.google.pt
216.239.38.120 www.google.com.py
216.239.38.120 www.google.com.qa
216.239.38.120 www.google.ro
216.239.38.120 www.google.ru
216.239.38.120 www.google.rw
216.239.38.120 www.google.com.sa
216.239.38.120 www.google.com.sb
216.239.38.120 www.google.sc
216.239.38.120 www.google.se
216.239.38.120 www.google.com.sg
216.239.38.120 www.google.sh
216.239.38.120 www.google.si
216.239.38.120 www.google.sk
216.239.38.120 www.google.com.sl
216.239.38.120 www.google.sn
216.239.38.120 www.google.so
216.239.38.120 www.google.sm
216.239.38.120 www.google.sr
216.239.38.120 www.google.st
216.239.38.120 www.google.com.sv
216.239.38.120 www.google.td
216.239.38.120 www.google.tg
216.239.38.120 www.google.co.th
216.239.38.120 www.google.com.tj
216.239.38.120 www.google.tl
216.239.38.120 www.google.tm
216.239.38.120 www.google.tn
216.239.38.120 www.google.to
216.239.38.120 www.google.com.tr
216.239.38.120 www.google.tt
216.239.38.120 www.google.com.tw
216.239.38.120 www.google.co.tz
216.239.38.120 www.google.com.ua
216.239.38.120 www.google.co.ug
216.239.38.120 www.google.co.uk
216.239.38.120 www.google.com.uy
216.239.38.120 www.google.co.uz
216.239.38.120 www.google.com.vc
216.239.38.120 www.google.co.ve
216.239.38.120 www.google.vg
216.239.38.120 www.google.co.vi
216.239.38.120 www.google.com.vn
216.239.38.120 www.google.vu
216.239.38.120 www.google.ws
216.239.38.120 www.google.rs
216.239.38.120 www.google.co.za
216.239.38.120 www.google.co.zm
216.239.38.120 www.google.co.zw
216.239.38.120 www.google.cat

# Bing Safe Search Hosts List
# Ref: https://help.ads.microsoft.com/apex/index/18/de-US/10003
# IP: 204.79.197.220
204.79.197.220 www.bing.com
204.79.197.220 bing.com
204.79.197.220 www2.bing.com
204.79.197.220 www3.bing.com

# DuckDuckGo Safe Search hosts list
# Ref: https://help.duckduckgo.com/duckduckgo-help-pages/features/safe-search/ says to use safe.duckduckgo.com
#      https://www.leowkahman.com/2017/09/11/enforce-safe-search-on-google-youtube-bing/ (Also mentions about DuckDuckGo)
# nslookup safe.duckduckgo.com 208.67.222.123 -> Address: 40.81.93.196
# nslookup safe.duckduckgo.com 208.67.220.123 -> Address: 40.81.93.196
# Note: 208.67.220.123 and 208.67.222.123 are OpenDNS FamilyShield DNS's ( https://www.opendns.com/setupguide/#familyshield )
# IP: 40.81.93.196
40.81.93.196 safe.duckduckgo.com
40.81.93.196 www.duckduckgo.com
40.81.93.196 duckduckgo.com
40.81.93.196 start.duckduckgo.com
40.81.93.196 ac.duckduckgo.com

# YouTube strict resricted mode
# Ref: https://support.google.com/a/answer/6214622
# nslookup restrict.youtube.com 8.8.8.8 -> Address: 216.239.38.120
216.239.38.120 www.youtube.com
216.239.38.120 m.youtube.com
216.239.38.120 youtubei.googleapis.com
216.239.38.120 youtube.googleapis.com
216.239.38.120 www.youtube-nocookie.com
EOF

# Pack 9 domains/line and add the "0.0.0.0 " at the beginning.
cat ./blocklist | paste -d' ' - - - - - - - - - | sed 's/^/0\.0\.0\.0 /' >> ./hosts

echo "$MARKER_END" >> ./hosts

# Copy it to /etc/hosts
if [ "$(whoami)" != "root" ] ; then
 sudo cp -f ./hosts /etc/hosts
else
 cp -f ./hosts /etc/hosts
fi

echo "Done"

exit 0
A PiHole is also superb for website blocking.
Top
TimothySimon
Posts: 93
Joined: Fri Sep 10, 2021 2:16 am

Re: SysV and systemd script to change DNS servers

#14 Post by TimothySimon »

figueroa wrote: Sun Sep 12, 2021 3:20 pm Of course, all of the other steps to deny the other users root access of any kind.
Can you please detail......
figueroa wrote: Sun Sep 12, 2021 3:20 pm .....
I hope restoration of /etc/resolv.conf means

Code: Select all

cd /etc
chattr -i resolv.conf || true
[ -e resolv.conf ] && rm -rf resolv.conf
tar -xpf /root/resolv.conf.tar
cd -
Please enlighten me on the topic of DNS, Parental Controls etc.,
Top
User avatar
figueroa
Posts: 1097
Joined: Thu Dec 20, 2018 11:20 pm

Re: SysV and systemd script to change DNS servers

#15 Post by figueroa »

@TimothySimon
You are right, I typed carelessly. I do use:

Code: Select all

chmod 444 /etc/resolv.conf
In your script, the file at /root/resolv.conf.tar may contain and use the path on being extracted. But, I'm sure you will test your scripts. More in subsequent reply.
Andy Figueroa
Using Unix from 1984; GNU/Linux from 1993
Top
User avatar
figueroa
Posts: 1097
Joined: Thu Dec 20, 2018 11:20 pm

Re: SysV and systemd script to change DNS servers

#16 Post by figueroa »

TimothySimon wrote: Mon Sep 13, 2021 12:47 pm Please enlighten me on the topic of DNS, Parental Controls etc.,
I'm not very enlightened, though I've been trying for it for 20 years or so. I didn't even know about OpenDNS's Family Shield, though I've been an OpenDNS customer privately and for a school for many years. I do use the AdGuard nameservers. I think that the best protection comes from using the swiss cheese model; in other words, multiple layers.

I have a self managed 230,000 plus line /etc/hosts file. Here are some other sources that might be considered with which to populate the hosts file:

Code: Select all

https://adaway.org/hosts.txt

https://getadhell.com/standard-package.txt

https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt

https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt
* https://blocklistproject.github.io/Lists/ads.txt

https://blocklistproject.github.io/Lists/tracking.txt
https://blocklistproject.github.io/Lists/scam.txt
https://blocklistproject.github.io/Lists/redirect.txt
https://blocklistproject.github.io/Lists/ransomware.txt
https://blocklistproject.github.io/Lists/porn.txt
https://blocklistproject.github.io/Lists/piracy.txt
https://blocklistproject.github.io/Lists/phishing.txt
https://blocklistproject.github.io/Lists/malware.txt
https://blocklistproject.github.io/Lists/fraud.txt
https://blocklistproject.github.io/Lists/crypto.txt
https://blocklistproject.github.io/Lists/abuse.txt
The ones I actually use are:

Code: Select all

wget 'https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext' -O ~/hosts/hosts-yoyo.txt
wget http://winhelp2002.mvps.org/hosts.txt -O ~/hosts/hosts-mvps.txt
wget http://someonewhocares.org/hosts/zero/hosts -O ~/hosts/hosts-someonewhocares.src
wget https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts -O ~/hosts/hosts-stevenblack.src
wget https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt -O ~/hosts/hosts-adaway.txt
wget https://blocklistproject.github.io/Lists/ads.txt -O ~/hosts/hosts-ads.txt
wget https://blocklistproject.github.io/Lists/tracking.txt -O ~/hosts/hosts-tracking.txt
My scripts for retrieving and building the additions to /etc/hosts are posted in these forums.
Andy Figueroa
Using Unix from 1984; GNU/Linux from 1993
Top
TimothySimon
Posts: 93
Joined: Fri Sep 10, 2021 2:16 am

Re: SysV and systemd script to change DNS servers

#17 Post by TimothySimon »

figueroa wrote: Mon Sep 13, 2021 2:52 pm @TimothySimon
You are right, I typed carelessly. I do use:

Code: Select all

chmod 444 /etc/resolv.conf
In your script, the file at /root/resolv.conf.tar may contain and use the path on being extracted. But, I'm sure you will test your scripts. More in subsequent reply.
I'm now using /etc/resolv.conf.bak.tar to store the backup on first run.

Code: Select all

if [ ! -r /etc/resolv.conf.bak.tar ]; then
 [ -e /etc/resolv.conf.bak.tar ] && rm -rf /etc/resolv.conf.bak.tar
 cd /etc ; tar -c -p -f /etc/resolv.conf.bak.tar /etc/resolv.conf ; cd -
 chmod 644 /etc/resolv.conf.bak.tar
fi
To change DNS, remove /etc/resolv.conf , write the nameservers and then:

Code: Select all

chown root:root /etc/resolv.conf
chmod 444 /etc/resolv.conf

chattr +i /etc/resolv.conf
To restore DNS, remove /etc/resolv.conf and then:

Code: Select all

if [ -r /etc/resolv.conf.bak.tar ]; then
 cd /etc ; tar -x -p -f /etc/resolv.conf.bak.tar ; cd -
elif pidof systemd ; then
 ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
else
 ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
fi
Kindly give your valuable comments and suggestions.
Last edited by TimothySimon on Tue Sep 14, 2021 1:09 pm, edited 1 time in total.
Top
User avatar
figueroa
Posts: 1097
Joined: Thu Dec 20, 2018 11:20 pm

Re: SysV and systemd script to change DNS servers

#18 Post by figueroa »

@TimothySimon , you lost some of your code-wrapped tag in the last stanza of your script.

Have you tested through at last two iterations on a live machine running under both of your use cases? If yes, call it beta and keep moving forward with care. It's a heavy hammer, but some use cases need such a tool.
Andy Figueroa
Using Unix from 1984; GNU/Linux from 1993
Top
User avatar
galaxysurfer
Posts: 206
Joined: Mon Jul 16, 2018 5:14 am

Re: SysV and systemd script to change DNS servers

#19 Post by galaxysurfer »

Sorry to chime in on old thread. I am attempting to fix same problem. I don't know if isp is overriding my settings or something else.

I use a vpn & default through their dns ip addresses via router. This works fine for Win pc but fails on Mx Linux. I also have google dns blocked.

The only thing in my resolv config is

nameserver 192.168.1.1.

I would like to add another neutral dns server. When I went through your suggested script I get error message when I attempt to define chattr. It says that isn't allowed.

Suggestions on how to handle this?
Top
Post Reply

Return to “General”