Page 1 of 1
SysV and systemd script to change DNS servers
Posted: Fri Sep 10, 2021 3:01 am
by TimothySimon
Hello all.
I need to make a fully GUI app using Qt/C++ (Intended for users with no CLI knowledge).
It is a parental control app (it SHOULD NOT be usable for non-root users).
It needs to change DNS servers on one hand and restore them to automatic on the other hand (based on the options given).
For this, it writes a shell script and launches it as root (via su-to-root , which is bundled in the final AppImage)
Now, it is required to support old systems with SysV init (and I want to support distros like MX/antiX too).
We can change the DNS servers by removing /etc/resolv.conf , editing it and then making it chattr +i
In systemd, we can restore automatic (ISP) DNS by
Code: Select all
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
(Ref:
https://wiki.archlinux.org/title/Systemd-resolved)
in SysV, we can restore automatic (ISP) DNS with:
Code: Select all
ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
(This works on MX Linux with SysV, because /etc/resolv.conf is managed by resolvconf on )
Is there a better way to do it on SysV systems ?
I think this may cause breakage on switching between SysV and systemd (like in MX Linux).
Is there a better way to do it on such systems as MX Linux (with both SysV and systemd) ?
Re: SysV and systemd script to change DNS servers
Posted: Fri Sep 10, 2021 7:27 am
by dolphin_oracle
I might be wrong, but I think on mx19 that resolvconf manages the /run/resolvconf/resolv.conf file, and that /etc/resolv.conf is already a symlink. in both systemd and sysvinit.
as far as how other folks do it...I don't think there are other folks that allow a choice of systemd vs. sysvinit at boot time anymore.
Re: SysV and systemd script to change DNS servers
Posted: Fri Sep 10, 2021 7:50 am
by nXecure
As an average user (not a real programmer), I would recommend you store the original symlink in a file and then restore it from it when needed, instead of playing guesswork.
Some network managers (like connman) will take control of the /etc/resolv.conf symlink, so there are more than 2 possible cases. Better just restore the original symlink and add a notice that "a reboot may be required", just in case you need the service to restart (and you don't know which service is in control of resolving DNS).
Re: SysV and systemd script to change DNS servers
Posted: Fri Sep 10, 2021 2:48 pm
by TimothySimon
dolphin_oracle wrote: ↑Fri Sep 10, 2021 7:27 am
I might be wrong, but I think on mx19 that resolvconf manages the /run/resolvconf/resolv.conf file, and that /etc/resolv.conf is already a symlink. in both systemd and sysvinit.
as far as how other folks do it...I don't think there are other folks that allow a choice of systemd vs. sysvinit at boot time anymore.
Thank you. I asked in this forum because I really want to support MX Linux too (and that requires some more tweaking).
So, I think
Code: Select all
ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
would be guaranteed to work for MX Linux in SysV mode.
Re: SysV and systemd script to change DNS servers
Posted: Fri Sep 10, 2021 2:58 pm
by TimothySimon
nXecure wrote: ↑Fri Sep 10, 2021 7:50 am
As an average user (not a real programmer), I would recommend you store the original symlink in a file and then restore it from it when needed, instead of playing guesswork.
Some network managers (like connman) will take control of the /etc/resolv.conf symlink, so there are more than 2 possible cases. Better just restore the original symlink and add a notice that "a reboot may be required", just in case you need the service to restart (and you don't know which service is in control of resolving DNS).
Thank you so much. I think that is the more sensible way.
Is it reasonable to assume that /etc/resolv.conf will be a symlink to some other, fairly constant location ?
Is there a better way to change DNS servers with a script / API / system call etc., ?
BTW: I'm not a real programmer yet. God willing, this app is going to be my undergrad project.
Re: SysV and systemd script to change DNS servers
Posted: Fri Sep 10, 2021 3:07 pm
by dolphin_oracle
TimothySimon wrote: ↑Fri Sep 10, 2021 2:48 pm
dolphin_oracle wrote: ↑Fri Sep 10, 2021 7:27 am
I might be wrong, but I think on mx19 that resolvconf manages the /run/resolvconf/resolv.conf file, and that /etc/resolv.conf is already a symlink. in both systemd and sysvinit.
as far as how other folks do it...I don't think there are other folks that allow a choice of systemd vs. sysvinit at boot time anymore.
Thank you. I asked in this forum because I really want to support MX Linux too (and that requires some more tweaking).
So, I think
Code: Select all
ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
would be guaranteed to work for MX Linux in SysV mode.
that is the default on mx19.
Re: SysV and systemd script to change DNS servers
Posted: Fri Sep 10, 2021 3:12 pm
by TimothySimon
TimothySimon wrote: ↑Fri Sep 10, 2021 2:58 pm
Is it reasonable to assume that /etc/resolv.conf will be a symlink to some other, fairly constant location ?
Is there a better way to change DNS servers with a script / API / system call etc., ?
Would that assumption be a reasonable one, and is there a better way ?
Re: SysV and systemd script to change DNS servers
Posted: Fri Sep 10, 2021 3:20 pm
by dolphin_oracle
I don't think there is any reason to delete any files, just write whatever nameserver information you want to /etc/resolv.conf and you are good to go. on mx19, /etc/resolv.conf is a symlink to /run/resolvconf/resolv.conf. on mx21 it will be just a file /etc/resolv.conf. either way, you can write the information directly. for instance, if you want to replace what's in there with google's dns, you could
Code: Select all
echo "nameserver 8.8.8.8" > /etc/resolv.conf
and similar to place your usually information back.
Code: Select all
echo "nameserver w.h.a.t.e.v.e.r." > /etc/resolv.conf
echo "line 2 " >>/etc/resolv.conf
echo "line 3" >>/etc/resolv.conf
or you could keep two files, one with each of your desired settings, and copy it back and forth to /run/resolvconf/resolv.conf. the only trick then is the chattr step to keep the file from being overwritten by simply disconnecting and reconnecting with the network manager gui.
you would also need to remove the kids accounts from the "sudo" user group, or else as soon as they learn about sudo all this is for naught.
if they are on there own PC, it may be easier to set limits in the router controls rather than on the PC.
Re: SysV and systemd script to change DNS servers
Posted: Fri Sep 10, 2021 3:44 pm
by TimothySimon
dolphin_oracle wrote: ↑Fri Sep 10, 2021 3:20 pm
I don't think there is any reason to delete any files, just write whatever nameserver information you want to /etc/resolv.conf and you are good to go. on mx19, /etc/resolv.conf is a symlink to /run/resolvconf/resolv.conf. on mx21 it will be just a file /etc/resolv.conf. either way, you can write the information directly. for instance, if you want to replace what's in there with google's dns, you could
Code: Select all
echo "nameserver 8.8.8.8" > /etc/resolv.conf
and similar to place your usually information back.
Code: Select all
echo "nameserver w.h.a.t.e.v.e.r." > /etc/resolv.conf
echo "line 2 " >>/etc/resolv.conf
echo "line 3" >>/etc/resolv.conf
or you could keep two files, one with each of your desired settings, and copy it back and forth to /run/resolvconf/resolv.conf. the only trick then is the chattr step to keep the file from being overwritten by simply disconnecting and reconnecting with the network manager gui.
This is what I'm doing now:
(For your kind review)
To change DNS:
Code: Select all
#!/bin/sh
chattr -i /etc/resolv.conf
rm -f /etc/resolv.conf
echo "# DNS nameservers set by your administrator" > /etc/resolv.conf"
echo "nameserver $DNS_1" >> /etc/resolv.conf
echo "nameserver $DNS_2" >> /etc/resolv.conf
# Make /etc/resolv.conf immutable
chattr +i /etc/resolv.conf
exit 0
To Restore DNS :
Code: Select all
#!/bin/sh
chattr -i /etc/resolv.conf
rm -f /etc/resolv.conf
if pidof systemd ; then
# Ref: https://wiki.archlinux.org/title/Systemd-resolved
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
else
ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
fi
exit 0
dolphin_oracle wrote: ↑Fri Sep 10, 2021 3:20 pm
you would also need to remove the kids accounts from the "sudo" user group, or else as soon as they learn about sudo all this is for naught.
Surely. in the first screen itself, I provide step-by-step instructions for doing that in Windows, macOS and Linux.
dolphin_oracle wrote: ↑Fri Sep 10, 2021 3:20 pm
if they are on there own PC, it may be easier to set limits in the router controls rather than on the PC.
But this app is aimed at less tech-savvy people, who may not know to access the router controls and change the DNS.
This app also does a lot many things apart from changing the DNS.
Re: SysV and systemd script to change DNS servers
Posted: Sat Sep 11, 2021 12:53 pm
by nXecure
TimothySimon wrote: ↑Fri Sep 10, 2021 2:58 pm
Is it reasonable to assume that /etc/resolv.conf will be a symlink to some other, fairly constant location ?
Is there a better way to change DNS servers with a script / API / system call etc., ?
Normally it is symlinked to a program that manages it. Depending on what the program does, adding the dns servers to the file without blocking it will only survive the session (and once the system reboots, the entries will disappear).
I think your idea of locking the /etc/resolv.conf to a file and not a symlink for the dns parental control is better than "echoing" the servers to /etc/resolv.conf (for the reason that it may not survive a reboot).
I would first check if the /etc/resolv.conf is a symlink (and save the symlink to a file for later restoring), and replace it with your current idea, but if it is instead a file, save the contents for later restoration.
Anyway, you need to select what you think is the better method. The code is under your control and you will be the one who will maintain it.
TimothySimon wrote: ↑Fri Sep 10, 2021 2:58 pm
BTW: I'm not a real programmer yet. God willing, this app is going to be my undergrad project.
Real programmers create programs for real people. If you do so, you are a real programmer (sorry, robot programmers).
Re: SysV and systemd script to change DNS servers
Posted: Sun Sep 12, 2021 2:16 pm
by TimothySimon
nXecure wrote: ↑Sat Sep 11, 2021 12:53 pm
if it is instead a file, save the contents for later restoration.
Thank you so much for this too. If you are willing, please enlighten me.
BTW: I now updated the code to do these:
If [ "$(realpath /etc/resolv.conf)" != "/etc/resolv.conf" ] ; backup $(realpath /etc/resolv.conf) before removing it.
Else, if /etc/resolv.conf doesn't contain a comment (that my app adds on top of the nameservers) ; then, backup the contents of /etc/resolv.conf
On trying to restore automatic DNS , try these 2 ways in that order.
nXecure wrote: ↑Sat Sep 11, 2021 12:53 pm
Real programmers create programs for real people. If you do so, you are a real programmer (sorry, robot programmers).
As per your opinion, do I fall into the category of "real" or "robot" programmers ?
Re: SysV and systemd script to change DNS servers
Posted: Sun Sep 12, 2021 3:20 pm
by figueroa
In your initial post, you describe much of what I do manually as sysadmin at a small school where we are 75% through migrating the desktop computers and computer lab from Mint to MX. You are not crazy; just going against the flow. Do you really have safe nameservers? Would you share?
I backup to tar /etc/resolv.conf,
Code: Select all
tar cpf /root/resolv.conf.tar /etc/resolv.conf
Then delete it, hand jam the /etc/resolv.conf file I as I want it to be, then
Additionally, I hand jam the network settings for the interface in /etc/network/interfaces using a static IP. Doing this disables network manager the interface.
Of course, all of the other steps to deny the other users root access of any kind.
Re: SysV and systemd script to change DNS servers
Posted: Mon Sep 13, 2021 3:38 am
by TimothySimon
figueroa wrote: ↑Sun Sep 12, 2021 3:20 pm
In your initial post, you describe much of what I do manually as sysadmin at a small school where we are 75% through migrating the desktop computers and computer lab from Mint to MX. You are not crazy; just going against the flow. Do you really have safe nameservers? Would you share?
I backup to tar /etc/resolv.conf,
Code: Select all
tar cpf /root/resolv.conf.tar /etc/resolv.conf
Then delete it, hand jam the /etc/resolv.conf file I as I want it to be, then
Additionally, I hand jam the network settings for the interface in /etc/network/interfaces using a static IP. Doing this disables network manager the interface.
Of course, all of the other steps to deny the other users root access of any kind.
@figueroa You and your little scripts are a treasure-trove of knowledge (both here and on Gentoo).
I'm changing my code to incude this (tar, chattr -i, remove, edit, chown, chmod and then chattr +i).
(The tar step is only done on the first run).
AFAIK, some applications (like browsers etc.,) need to read the hosts file, resolv.conf etc.,
So, this may be better:
figueroa wrote: ↑Sun Sep 12, 2021 3:20 pm
Do you really have safe nameservers? Would you share?
https://en.wikipedia.org/wiki/Public_re ... ame_server ( a pretty impartial comparison of public DNSes )
My favorite public DNS is familyshield.opendns.com ( 208.67.222.123 and 208.67.220.123 ).
Good hosts file blocklists (and safe search enforcement in the hosts file) are MUCH better for children's safety.
Here is my script for that:
Code: Select all
#!/bin/bash
# Apply various hosts file based blocklists
# Enforce (using the hosts file) strict safe search in Google, Bing, YouTube and DuckDuckGo
# Depends on:
# bash, wget, sed, coreutils
# Perl is recommended (just to filter out valid domains). Else, the line using perl can just be deleted.
# Exit on errors
set -e
function wget_clean_and_append {
# wget the URL, then add it to the file, which is then cleaned, sorted and deduplicated.
# Allow only valid domains (the perl regex, used only if perl is available)
# Accept all lists starting with 0.0.0.0 or 127.0.0.1 or raw lists of domain names
# Output raw domain list
wget "$1" -qO - | cat "$2" - | \
sed 's/#.*$//g' | \
strings | \
sed '/ localhost$/d' | \
sed '/ localhost.localdomain$/d' | \
sed '/ local$/d' | \
sed '/ broadcasthost$/d' | \
sed '/ ip6-localhost$/d' | \
sed '/ ip6-loopback$/d' | \
sed '/ ip6-localnet$/d' | \
sed '/ ip6-mcastprefix$/d' | \
sed '/ ip6-allnodes$/d' | \
sed '/ ip6-allrouters$/d' | \
sed '/ ip6-allhosts$/d' | \
sed '/^$/d' | \
sed 's/[\t]/ /g' | \
sed 's/ / /g' | \
sed 's/^127\.0\.0\.1 /0\.0\.0\.0 /g' | \
sed 's/^0\.0\.0\.0 //g' | \
sed 's/ //g' | \
perl -ne 'print if /(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$)/' | \
tr -d '\015' | \
sort -u \
>> "$2".temp
mv -f "$2".temp "$2"
}
MARKER_START="# BEGIN websites blocked by your administrator"
MARKER_END="# END websites blocked by your administrator"
if [ "$(pwd)" = "/etc" ] ; then
echo "This script cannot be run in /etc."
echo "Please change your directory to elsewhere."
exit 1
fi
# Truncate old files
echo '' > blocklist
echo "Please wait...... Downloading blocklists"
# StevenBlack's hosts list ( https://github.com/StevenBlack/hosts ) with FakeNews, Gambling and Pornography extensions
wget_clean_and_append "https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts" blocklist
# Some of Shalla's lists
wget_clean_and_append "https://raw.githubusercontent.com/cbuijs/shallalist/master/sex/lingerie/domains" blocklist
wget_clean_and_append "https://raw.githubusercontent.com/cbuijs/shallalist/master/violence/domains" blocklist
wget_clean_and_append "https://raw.githubusercontent.com/cbuijs/shallalist/master/models/domains" blocklist
# DeveloperDans's dating blocklist
wget_clean_and_append "https://www.github.developerdan.com/hosts/lists/dating-services-extended.txt" blocklist
# Shalla's dating blocklist
wget_clean_and_append "https://raw.githubusercontent.com/cbuijs/shallalist/master/dating/domains" blocklist
# disconnect.me blocklist
wget_clean_and_append "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" blocklist
wget_clean_and_append "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" blocklist
# Block various bypass methods (Proxies, VPN websites etc.,)
wget_clean_and_append "https://raw.githubusercontent.com/mark4409/DNS-Blocklists/master/blocklist-combined-bypassmethods.txt" blocklist
wget_clean_and_append "https://raw.githubusercontent.com/nextdns/metadata/master/parentalcontrol/bypass-methods" blocklist
# Block a lot of Online Games
# https://github.com/dupontjean/pihole-blocklist
wget_clean_and_append "https://raw.githubusercontent.com/dupontjean/pihole-blocklist/master/game.txt" blocklist
# https://github.com/blocklistproject/Lists
wget_clean_and_append "https://blocklistproject.github.io/Lists/ransomware.txt" blocklist
# Wally3K 's blocklist
wget_clean_and_append "https://v.firebog.net/hosts/static/w3kbl.txt" blocklist
# https://github.com/chadmayfield/pihole-blocklists
wget_clean_and_append "https://raw.githubusercontent.com/chadmayfield/pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list" blocklist
# Block cryptomining
# https://github.com/hoshsadiq/adblock-nocoin-list
wget_clean_and_append "https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt" blocklist
# Block cryptomining
# https://gitlab.com/ZeroDot1/CoinBlockerLists/
wget_clean_and_append "https://gitlab.com/ZeroDot1/CoinBlockerLists/-/raw/master/hosts_browser" blocklist
# DeveloperDan's "Hate & Junk" blocklist
wget_clean_and_append "https://www.github.developerdan.com/hosts/lists/hate-and-junk-extended.txt" blocklist
# Search engines not supporting safe search enforcement with the hosts file
wget_clean_and_append "https://raw.githubusercontent.com/nextdns/metadata/master/parentalcontrol/safesearch-not-supported" blocklist
sed -e "/$MARKER_START/,/$MARKER_END/d" /etc/hosts > ./hosts
echo "$MARKER_START" >> ./hosts
# Various search engines' and youtube's strict safe search.
cat << EOF >> ./hosts
# Google Safe Search Host List
# Ref: https://support.google.com/websearch/answer/186669?hl=en
# Generated on Wed 11 Aug 2021 09:10:52 AM UTC
# From: https://www.google.com/supported_domains
216.239.38.120 forcesafesearch.google.com
216.239.38.120 google.com
216.239.38.120 google.ad
216.239.38.120 google.ae
216.239.38.120 google.com.af
216.239.38.120 google.com.ag
216.239.38.120 google.com.ai
216.239.38.120 google.al
216.239.38.120 google.am
216.239.38.120 google.co.ao
216.239.38.120 google.com.ar
216.239.38.120 google.as
216.239.38.120 google.at
216.239.38.120 google.com.au
216.239.38.120 google.az
216.239.38.120 google.ba
216.239.38.120 google.com.bd
216.239.38.120 google.be
216.239.38.120 google.bf
216.239.38.120 google.bg
216.239.38.120 google.com.bh
216.239.38.120 google.bi
216.239.38.120 google.bj
216.239.38.120 google.com.bn
216.239.38.120 google.com.bo
216.239.38.120 google.com.br
216.239.38.120 google.bs
216.239.38.120 google.bt
216.239.38.120 google.co.bw
216.239.38.120 google.by
216.239.38.120 google.com.bz
216.239.38.120 google.ca
216.239.38.120 google.cd
216.239.38.120 google.cf
216.239.38.120 google.cg
216.239.38.120 google.ch
216.239.38.120 google.ci
216.239.38.120 google.co.ck
216.239.38.120 google.cl
216.239.38.120 google.cm
216.239.38.120 google.cn
216.239.38.120 google.com.co
216.239.38.120 google.co.cr
216.239.38.120 google.com.cu
216.239.38.120 google.cv
216.239.38.120 google.com.cy
216.239.38.120 google.cz
216.239.38.120 google.de
216.239.38.120 google.dj
216.239.38.120 google.dk
216.239.38.120 google.dm
216.239.38.120 google.com.do
216.239.38.120 google.dz
216.239.38.120 google.com.ec
216.239.38.120 google.ee
216.239.38.120 google.com.eg
216.239.38.120 google.es
216.239.38.120 google.com.et
216.239.38.120 google.fi
216.239.38.120 google.com.fj
216.239.38.120 google.fm
216.239.38.120 google.fr
216.239.38.120 google.ga
216.239.38.120 google.ge
216.239.38.120 google.gg
216.239.38.120 google.com.gh
216.239.38.120 google.com.gi
216.239.38.120 google.gl
216.239.38.120 google.gm
216.239.38.120 google.gr
216.239.38.120 google.com.gt
216.239.38.120 google.gy
216.239.38.120 google.com.hk
216.239.38.120 google.hn
216.239.38.120 google.hr
216.239.38.120 google.ht
216.239.38.120 google.hu
216.239.38.120 google.co.id
216.239.38.120 google.ie
216.239.38.120 google.co.il
216.239.38.120 google.im
216.239.38.120 google.co.in
216.239.38.120 google.iq
216.239.38.120 google.is
216.239.38.120 google.it
216.239.38.120 google.je
216.239.38.120 google.com.jm
216.239.38.120 google.jo
216.239.38.120 google.co.jp
216.239.38.120 google.co.ke
216.239.38.120 google.com.kh
216.239.38.120 google.ki
216.239.38.120 google.kg
216.239.38.120 google.co.kr
216.239.38.120 google.com.kw
216.239.38.120 google.kz
216.239.38.120 google.la
216.239.38.120 google.com.lb
216.239.38.120 google.li
216.239.38.120 google.lk
216.239.38.120 google.co.ls
216.239.38.120 google.lt
216.239.38.120 google.lu
216.239.38.120 google.lv
216.239.38.120 google.com.ly
216.239.38.120 google.co.ma
216.239.38.120 google.md
216.239.38.120 google.me
216.239.38.120 google.mg
216.239.38.120 google.mk
216.239.38.120 google.ml
216.239.38.120 google.com.mm
216.239.38.120 google.mn
216.239.38.120 google.ms
216.239.38.120 google.com.mt
216.239.38.120 google.mu
216.239.38.120 google.mv
216.239.38.120 google.mw
216.239.38.120 google.com.mx
216.239.38.120 google.com.my
216.239.38.120 google.co.mz
216.239.38.120 google.com.na
216.239.38.120 google.com.ng
216.239.38.120 google.com.ni
216.239.38.120 google.ne
216.239.38.120 google.nl
216.239.38.120 google.no
216.239.38.120 google.com.np
216.239.38.120 google.nr
216.239.38.120 google.nu
216.239.38.120 google.co.nz
216.239.38.120 google.com.om
216.239.38.120 google.com.pa
216.239.38.120 google.com.pe
216.239.38.120 google.com.pg
216.239.38.120 google.com.ph
216.239.38.120 google.com.pk
216.239.38.120 google.pl
216.239.38.120 google.pn
216.239.38.120 google.com.pr
216.239.38.120 google.ps
216.239.38.120 google.pt
216.239.38.120 google.com.py
216.239.38.120 google.com.qa
216.239.38.120 google.ro
216.239.38.120 google.ru
216.239.38.120 google.rw
216.239.38.120 google.com.sa
216.239.38.120 google.com.sb
216.239.38.120 google.sc
216.239.38.120 google.se
216.239.38.120 google.com.sg
216.239.38.120 google.sh
216.239.38.120 google.si
216.239.38.120 google.sk
216.239.38.120 google.com.sl
216.239.38.120 google.sn
216.239.38.120 google.so
216.239.38.120 google.sm
216.239.38.120 google.sr
216.239.38.120 google.st
216.239.38.120 google.com.sv
216.239.38.120 google.td
216.239.38.120 google.tg
216.239.38.120 google.co.th
216.239.38.120 google.com.tj
216.239.38.120 google.tl
216.239.38.120 google.tm
216.239.38.120 google.tn
216.239.38.120 google.to
216.239.38.120 google.com.tr
216.239.38.120 google.tt
216.239.38.120 google.com.tw
216.239.38.120 google.co.tz
216.239.38.120 google.com.ua
216.239.38.120 google.co.ug
216.239.38.120 google.co.uk
216.239.38.120 google.com.uy
216.239.38.120 google.co.uz
216.239.38.120 google.com.vc
216.239.38.120 google.co.ve
216.239.38.120 google.vg
216.239.38.120 google.co.vi
216.239.38.120 google.com.vn
216.239.38.120 google.vu
216.239.38.120 google.ws
216.239.38.120 google.rs
216.239.38.120 google.co.za
216.239.38.120 google.co.zm
216.239.38.120 google.co.zw
216.239.38.120 google.cat
216.239.38.120 www.google.com
216.239.38.120 www.google.ad
216.239.38.120 www.google.ae
216.239.38.120 www.google.com.af
216.239.38.120 www.google.com.ag
216.239.38.120 www.google.com.ai
216.239.38.120 www.google.al
216.239.38.120 www.google.am
216.239.38.120 www.google.co.ao
216.239.38.120 www.google.com.ar
216.239.38.120 www.google.as
216.239.38.120 www.google.at
216.239.38.120 www.google.com.au
216.239.38.120 www.google.az
216.239.38.120 www.google.ba
216.239.38.120 www.google.com.bd
216.239.38.120 www.google.be
216.239.38.120 www.google.bf
216.239.38.120 www.google.bg
216.239.38.120 www.google.com.bh
216.239.38.120 www.google.bi
216.239.38.120 www.google.bj
216.239.38.120 www.google.com.bn
216.239.38.120 www.google.com.bo
216.239.38.120 www.google.com.br
216.239.38.120 www.google.bs
216.239.38.120 www.google.bt
216.239.38.120 www.google.co.bw
216.239.38.120 www.google.by
216.239.38.120 www.google.com.bz
216.239.38.120 www.google.ca
216.239.38.120 www.google.cd
216.239.38.120 www.google.cf
216.239.38.120 www.google.cg
216.239.38.120 www.google.ch
216.239.38.120 www.google.ci
216.239.38.120 www.google.co.ck
216.239.38.120 www.google.cl
216.239.38.120 www.google.cm
216.239.38.120 www.google.cn
216.239.38.120 www.google.com.co
216.239.38.120 www.google.co.cr
216.239.38.120 www.google.com.cu
216.239.38.120 www.google.cv
216.239.38.120 www.google.com.cy
216.239.38.120 www.google.cz
216.239.38.120 www.google.de
216.239.38.120 www.google.dj
216.239.38.120 www.google.dk
216.239.38.120 www.google.dm
216.239.38.120 www.google.com.do
216.239.38.120 www.google.dz
216.239.38.120 www.google.com.ec
216.239.38.120 www.google.ee
216.239.38.120 www.google.com.eg
216.239.38.120 www.google.es
216.239.38.120 www.google.com.et
216.239.38.120 www.google.fi
216.239.38.120 www.google.com.fj
216.239.38.120 www.google.fm
216.239.38.120 www.google.fr
216.239.38.120 www.google.ga
216.239.38.120 www.google.ge
216.239.38.120 www.google.gg
216.239.38.120 www.google.com.gh
216.239.38.120 www.google.com.gi
216.239.38.120 www.google.gl
216.239.38.120 www.google.gm
216.239.38.120 www.google.gr
216.239.38.120 www.google.com.gt
216.239.38.120 www.google.gy
216.239.38.120 www.google.com.hk
216.239.38.120 www.google.hn
216.239.38.120 www.google.hr
216.239.38.120 www.google.ht
216.239.38.120 www.google.hu
216.239.38.120 www.google.co.id
216.239.38.120 www.google.ie
216.239.38.120 www.google.co.il
216.239.38.120 www.google.im
216.239.38.120 www.google.co.in
216.239.38.120 www.google.iq
216.239.38.120 www.google.is
216.239.38.120 www.google.it
216.239.38.120 www.google.je
216.239.38.120 www.google.com.jm
216.239.38.120 www.google.jo
216.239.38.120 www.google.co.jp
216.239.38.120 www.google.co.ke
216.239.38.120 www.google.com.kh
216.239.38.120 www.google.ki
216.239.38.120 www.google.kg
216.239.38.120 www.google.co.kr
216.239.38.120 www.google.com.kw
216.239.38.120 www.google.kz
216.239.38.120 www.google.la
216.239.38.120 www.google.com.lb
216.239.38.120 www.google.li
216.239.38.120 www.google.lk
216.239.38.120 www.google.co.ls
216.239.38.120 www.google.lt
216.239.38.120 www.google.lu
216.239.38.120 www.google.lv
216.239.38.120 www.google.com.ly
216.239.38.120 www.google.co.ma
216.239.38.120 www.google.md
216.239.38.120 www.google.me
216.239.38.120 www.google.mg
216.239.38.120 www.google.mk
216.239.38.120 www.google.ml
216.239.38.120 www.google.com.mm
216.239.38.120 www.google.mn
216.239.38.120 www.google.ms
216.239.38.120 www.google.com.mt
216.239.38.120 www.google.mu
216.239.38.120 www.google.mv
216.239.38.120 www.google.mw
216.239.38.120 www.google.com.mx
216.239.38.120 www.google.com.my
216.239.38.120 www.google.co.mz
216.239.38.120 www.google.com.na
216.239.38.120 www.google.com.ng
216.239.38.120 www.google.com.ni
216.239.38.120 www.google.ne
216.239.38.120 www.google.nl
216.239.38.120 www.google.no
216.239.38.120 www.google.com.np
216.239.38.120 www.google.nr
216.239.38.120 www.google.nu
216.239.38.120 www.google.co.nz
216.239.38.120 www.google.com.om
216.239.38.120 www.google.com.pa
216.239.38.120 www.google.com.pe
216.239.38.120 www.google.com.pg
216.239.38.120 www.google.com.ph
216.239.38.120 www.google.com.pk
216.239.38.120 www.google.pl
216.239.38.120 www.google.pn
216.239.38.120 www.google.com.pr
216.239.38.120 www.google.ps
216.239.38.120 www.google.pt
216.239.38.120 www.google.com.py
216.239.38.120 www.google.com.qa
216.239.38.120 www.google.ro
216.239.38.120 www.google.ru
216.239.38.120 www.google.rw
216.239.38.120 www.google.com.sa
216.239.38.120 www.google.com.sb
216.239.38.120 www.google.sc
216.239.38.120 www.google.se
216.239.38.120 www.google.com.sg
216.239.38.120 www.google.sh
216.239.38.120 www.google.si
216.239.38.120 www.google.sk
216.239.38.120 www.google.com.sl
216.239.38.120 www.google.sn
216.239.38.120 www.google.so
216.239.38.120 www.google.sm
216.239.38.120 www.google.sr
216.239.38.120 www.google.st
216.239.38.120 www.google.com.sv
216.239.38.120 www.google.td
216.239.38.120 www.google.tg
216.239.38.120 www.google.co.th
216.239.38.120 www.google.com.tj
216.239.38.120 www.google.tl
216.239.38.120 www.google.tm
216.239.38.120 www.google.tn
216.239.38.120 www.google.to
216.239.38.120 www.google.com.tr
216.239.38.120 www.google.tt
216.239.38.120 www.google.com.tw
216.239.38.120 www.google.co.tz
216.239.38.120 www.google.com.ua
216.239.38.120 www.google.co.ug
216.239.38.120 www.google.co.uk
216.239.38.120 www.google.com.uy
216.239.38.120 www.google.co.uz
216.239.38.120 www.google.com.vc
216.239.38.120 www.google.co.ve
216.239.38.120 www.google.vg
216.239.38.120 www.google.co.vi
216.239.38.120 www.google.com.vn
216.239.38.120 www.google.vu
216.239.38.120 www.google.ws
216.239.38.120 www.google.rs
216.239.38.120 www.google.co.za
216.239.38.120 www.google.co.zm
216.239.38.120 www.google.co.zw
216.239.38.120 www.google.cat
# Bing Safe Search Hosts List
# Ref: https://help.ads.microsoft.com/apex/index/18/de-US/10003
# IP: 204.79.197.220
204.79.197.220 www.bing.com
204.79.197.220 bing.com
204.79.197.220 www2.bing.com
204.79.197.220 www3.bing.com
# DuckDuckGo Safe Search hosts list
# Ref: https://help.duckduckgo.com/duckduckgo-help-pages/features/safe-search/ says to use safe.duckduckgo.com
# https://www.leowkahman.com/2017/09/11/enforce-safe-search-on-google-youtube-bing/ (Also mentions about DuckDuckGo)
# nslookup safe.duckduckgo.com 208.67.222.123 -> Address: 40.81.93.196
# nslookup safe.duckduckgo.com 208.67.220.123 -> Address: 40.81.93.196
# Note: 208.67.220.123 and 208.67.222.123 are OpenDNS FamilyShield DNS's ( https://www.opendns.com/setupguide/#familyshield )
# IP: 40.81.93.196
40.81.93.196 safe.duckduckgo.com
40.81.93.196 www.duckduckgo.com
40.81.93.196 duckduckgo.com
40.81.93.196 start.duckduckgo.com
40.81.93.196 ac.duckduckgo.com
# YouTube strict resricted mode
# Ref: https://support.google.com/a/answer/6214622
# nslookup restrict.youtube.com 8.8.8.8 -> Address: 216.239.38.120
216.239.38.120 www.youtube.com
216.239.38.120 m.youtube.com
216.239.38.120 youtubei.googleapis.com
216.239.38.120 youtube.googleapis.com
216.239.38.120 www.youtube-nocookie.com
EOF
# Pack 9 domains/line and add the "0.0.0.0 " at the beginning.
cat ./blocklist | paste -d' ' - - - - - - - - - | sed 's/^/0\.0\.0\.0 /' >> ./hosts
echo "$MARKER_END" >> ./hosts
# Copy it to /etc/hosts
if [ "$(whoami)" != "root" ] ; then
sudo cp -f ./hosts /etc/hosts
else
cp -f ./hosts /etc/hosts
fi
echo "Done"
exit 0
A PiHole is also superb for website blocking.
Re: SysV and systemd script to change DNS servers
Posted: Mon Sep 13, 2021 12:47 pm
by TimothySimon
figueroa wrote: ↑Sun Sep 12, 2021 3:20 pm
Of course, all of the other steps to deny the other users root access of any kind.
Can you please detail......
figueroa wrote: ↑Sun Sep 12, 2021 3:20 pm
.....
I hope restoration of /etc/resolv.conf means
Code: Select all
cd /etc
chattr -i resolv.conf || true
[ -e resolv.conf ] && rm -rf resolv.conf
tar -xpf /root/resolv.conf.tar
cd -
Please enlighten me on the topic of DNS, Parental Controls etc.,
Re: SysV and systemd script to change DNS servers
Posted: Mon Sep 13, 2021 2:52 pm
by figueroa
@TimothySimon
You are right, I typed carelessly. I do use:
In your script, the file at /root/resolv.conf.tar may contain and use the path on being extracted. But, I'm sure you will test your scripts. More in subsequent reply.
Re: SysV and systemd script to change DNS servers
Posted: Mon Sep 13, 2021 6:30 pm
by figueroa
TimothySimon wrote: ↑Mon Sep 13, 2021 12:47 pm
Please enlighten me on the topic of DNS, Parental Controls etc.,
I'm not very enlightened, though I've been trying for it for 20 years or so. I didn't even know about OpenDNS's Family Shield, though I've been an OpenDNS customer privately and for a school for many years. I do use the AdGuard nameservers. I think that the best protection comes from using the swiss cheese model; in other words, multiple layers.
I have a self managed 230,000 plus line /etc/hosts file. Here are some other sources that might be considered with which to populate the hosts file:
Code: Select all
https://adaway.org/hosts.txt
https://getadhell.com/standard-package.txt
https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt
https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt
* https://blocklistproject.github.io/Lists/ads.txt
https://blocklistproject.github.io/Lists/tracking.txt
https://blocklistproject.github.io/Lists/scam.txt
https://blocklistproject.github.io/Lists/redirect.txt
https://blocklistproject.github.io/Lists/ransomware.txt
https://blocklistproject.github.io/Lists/porn.txt
https://blocklistproject.github.io/Lists/piracy.txt
https://blocklistproject.github.io/Lists/phishing.txt
https://blocklistproject.github.io/Lists/malware.txt
https://blocklistproject.github.io/Lists/fraud.txt
https://blocklistproject.github.io/Lists/crypto.txt
https://blocklistproject.github.io/Lists/abuse.txt
The ones I actually use are:
Code: Select all
wget 'https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext' -O ~/hosts/hosts-yoyo.txt
wget http://winhelp2002.mvps.org/hosts.txt -O ~/hosts/hosts-mvps.txt
wget http://someonewhocares.org/hosts/zero/hosts -O ~/hosts/hosts-someonewhocares.src
wget https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts -O ~/hosts/hosts-stevenblack.src
wget https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt -O ~/hosts/hosts-adaway.txt
wget https://blocklistproject.github.io/Lists/ads.txt -O ~/hosts/hosts-ads.txt
wget https://blocklistproject.github.io/Lists/tracking.txt -O ~/hosts/hosts-tracking.txt
My scripts for retrieving and building the additions to /etc/hosts are posted in these forums.
Re: SysV and systemd script to change DNS servers
Posted: Tue Sep 14, 2021 6:05 am
by TimothySimon
figueroa wrote: ↑Mon Sep 13, 2021 2:52 pm
@TimothySimon
You are right, I typed carelessly. I do use:
In your script, the file at /root/resolv.conf.tar may contain and use the path on being extracted. But, I'm sure you will test your scripts. More in subsequent reply.
I'm now using /etc/resolv.conf.bak.tar to store the backup on first run.
Code: Select all
if [ ! -r /etc/resolv.conf.bak.tar ]; then
[ -e /etc/resolv.conf.bak.tar ] && rm -rf /etc/resolv.conf.bak.tar
cd /etc ; tar -c -p -f /etc/resolv.conf.bak.tar /etc/resolv.conf ; cd -
chmod 644 /etc/resolv.conf.bak.tar
fi
To change DNS, remove /etc/resolv.conf , write the nameservers and then:
Code: Select all
chown root:root /etc/resolv.conf
chmod 444 /etc/resolv.conf
chattr +i /etc/resolv.conf
To restore DNS, remove /etc/resolv.conf and then:
Code: Select all
if [ -r /etc/resolv.conf.bak.tar ]; then
cd /etc ; tar -x -p -f /etc/resolv.conf.bak.tar ; cd -
elif pidof systemd ; then
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
else
ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
fi
Kindly give your valuable comments and suggestions.
Re: SysV and systemd script to change DNS servers
Posted: Tue Sep 14, 2021 12:54 pm
by figueroa
@TimothySimon , you lost some of your code-wrapped tag in the last stanza of your script.
Have you tested through at last two iterations on a live machine running under both of your use cases? If yes, call it beta and keep moving forward with care. It's a heavy hammer, but some use cases need such a tool.
Re: SysV and systemd script to change DNS servers
Posted: Wed Feb 02, 2022 11:38 pm
by galaxysurfer
Sorry to chime in on old thread. I am attempting to fix same problem. I don't know if isp is overriding my settings or something else.
I use a vpn & default through their dns ip addresses via router. This works fine for Win pc but fails on Mx Linux. I also have google dns blocked.
The only thing in my resolv config is
nameserver 192.168.1.1.
I would like to add another neutral dns server. When I went through your suggested script I get error message when I attempt to define chattr. It says that isn't allowed.
Suggestions on how to handle this?