#!/bin/bash
# =============================================================================
# DNS configuration module
# =============================================================================

# Set script directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

# Source common functions and variables
source "./common.sh"
source "./custom/custom_dns"

# Function to configure DNS settings
configure_dns() {
  log_message "INFO" "Configuring DNS settings"
  
  # Backup current resolv.conf
  backup_file "/etc/resolv.conf"
  
  # Create systemd-resolved configuration
  local RESOLVED_CONF="/etc/systemd/resolved.conf"
  
  log_message "INFO" "Creating systemd-resolved configuration"
  backup_file "$RESOLVED_CONF"
  
  cat > "$RESOLVED_CONF" << EOF
[Resolve]
# Google and Cloudflare DNS servers
DNS=8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1
# Use DNS over TLS if possible
DNSOverTLS=opportunistic
# Default search domains
Domains=
# Fallback DNS
FallbackDNS=9.9.9.9 149.112.112.112
# Cache DNS responses
Cache=yes
# Try IPv4 first, then IPv6
DNSStubListener=yes
ReadEtcHosts=yes
EOF

  log_message "SUCCESS" "systemd-resolved configuration created at $RESOLVED_CONF"
  
  # Restart systemd-resolved service
  if systemctl is-active systemd-resolved >/dev/null 2>&1; then
    log_message "INFO" "Restarting systemd-resolved service"
    service restart systemd-resolved
    
    if [ $? -eq 0 ]; then
      log_message "SUCCESS" "systemd-resolved service restarted successfully"
    else
      log_message "ERROR" "Failed to restart systemd-resolved service"
    fi
  else
    # If systemd-resolved is not active, create a static resolv.conf
    log_message "INFO" "systemd-resolved not active, creating static resolv.conf"
    
    cat > "/etc/resolv.conf" << EOF
# DNS configuration
# Generated by security hardening script

nameserver 8.8.8.8
nameserver 1.1.1.1
nameserver 8.8.4.4
nameserver 1.0.0.1
options edns0 timeout:2 rotate

# search
# domain
EOF

    log_message "SUCCESS" "Static resolv.conf created"
  fi
}

#
log_message "SCRIPT" "dns_config.sh"

# Main execution for DNS configuration
configure_dns

log_message "SUCCESS" "DNS configuration completed"