Good : full update
This commit is contained in:
80
modules/dns_config.sh
Normal file
80
modules/dns_config.sh
Normal file
@ -0,0 +1,80 @@
|
||||
#!/bin/bash
|
||||
# =============================================================================
|
||||
# DNS configuration module
|
||||
# =============================================================================
|
||||
|
||||
# Set script directory
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
|
||||
# Source common functions and variables
|
||||
source "./common.sh"
|
||||
source "./custom/custom_dns"
|
||||
|
||||
# Function to configure DNS settings
|
||||
configure_dns() {
|
||||
log_message "INFO" "Configuring DNS settings"
|
||||
|
||||
# Backup current resolv.conf
|
||||
backup_file "/etc/resolv.conf"
|
||||
|
||||
# Create systemd-resolved configuration
|
||||
local RESOLVED_CONF="/etc/systemd/resolved.conf"
|
||||
|
||||
log_message "INFO" "Creating systemd-resolved configuration"
|
||||
backup_file "$RESOLVED_CONF"
|
||||
|
||||
cat > "$RESOLVED_CONF" << EOF
|
||||
[Resolve]
|
||||
# Google and Cloudflare DNS servers
|
||||
DNS=8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1
|
||||
# Use DNS over TLS if possible
|
||||
DNSOverTLS=opportunistic
|
||||
# Default search domains
|
||||
Domains=
|
||||
# Fallback DNS
|
||||
FallbackDNS=9.9.9.9 149.112.112.112
|
||||
# Cache DNS responses
|
||||
Cache=yes
|
||||
# Try IPv4 first, then IPv6
|
||||
DNSStubListener=yes
|
||||
ReadEtcHosts=yes
|
||||
EOF
|
||||
|
||||
log_message "SUCCESS" "systemd-resolved configuration created at $RESOLVED_CONF"
|
||||
|
||||
# Restart systemd-resolved service
|
||||
if systemctl is-active systemd-resolved >/dev/null 2>&1; then
|
||||
log_message "INFO" "Restarting systemd-resolved service"
|
||||
service restart systemd-resolved
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
log_message "SUCCESS" "systemd-resolved service restarted successfully"
|
||||
else
|
||||
log_message "ERROR" "Failed to restart systemd-resolved service"
|
||||
fi
|
||||
else
|
||||
# If systemd-resolved is not active, create a static resolv.conf
|
||||
log_message "INFO" "systemd-resolved not active, creating static resolv.conf"
|
||||
|
||||
cat > "/etc/resolv.conf" << EOF
|
||||
# DNS configuration
|
||||
# Generated by security hardening script
|
||||
|
||||
nameserver 8.8.8.8
|
||||
nameserver 1.1.1.1
|
||||
nameserver 8.8.4.4
|
||||
nameserver 1.0.0.1
|
||||
options edns0 timeout:2 rotate
|
||||
|
||||
# search
|
||||
# domain
|
||||
EOF
|
||||
|
||||
log_message "SUCCESS" "Static resolv.conf created"
|
||||
fi
|
||||
}
|
||||
|
||||
# Main execution for DNS configuration
|
||||
configure_dns
|
||||
|
||||
log_message "SUCCESS" "DNS configuration completed"
|
||||
Reference in New Issue
Block a user