Tips-Of-Mine/Hardening-Linux-Debian-Ubuntu
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Hardening-Linux-Debian-Ubuntu/modules/dns_config.sh
hcornet 8587224cde Update
2025-04-25 10:26:05 +02:00

83 lines
2.1 KiB
Bash
Raw Blame History

#!/bin/bash
# =============================================================================
# DNS configuration module
# =============================================================================
# Set script directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# Source common functions and variables
source "./common.sh"
source "./custom/custom_dns"
# Function to configure DNS settings
configure_dns() {
log_message "INFO" "Configuring DNS settings"
# Backup current resolv.conf
backup_file "/etc/resolv.conf"
# Create systemd-resolved configuration
local RESOLVED_CONF="/etc/systemd/resolved.conf"
log_message "INFO" "Creating systemd-resolved configuration"
backup_file "$RESOLVED_CONF"
cat > "$RESOLVED_CONF" << EOF
[Resolve]
# Google and Cloudflare DNS servers
DNS=8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1
# Use DNS over TLS if possible
DNSOverTLS=opportunistic
# Default search domains
Domains=
# Fallback DNS
FallbackDNS=9.9.9.9 149.112.112.112
# Cache DNS responses
Cache=yes
# Try IPv4 first, then IPv6
DNSStubListener=yes
ReadEtcHosts=yes
EOF
log_message "SUCCESS" "systemd-resolved configuration created at $RESOLVED_CONF"
# Restart systemd-resolved service
if systemctl is-active systemd-resolved >/dev/null 2>&1; then
log_message "INFO" "Restarting systemd-resolved service"
service restart systemd-resolved
if [ $? -eq 0 ]; then
log_message "SUCCESS" "systemd-resolved service restarted successfully"
else
log_message "ERROR" "Failed to restart systemd-resolved service"
fi
else
# If systemd-resolved is not active, create a static resolv.conf
log_message "INFO" "systemd-resolved not active, creating static resolv.conf"
cat > "/etc/resolv.conf" << EOF
# DNS configuration
# Generated by security hardening script
nameserver 8.8.8.8
nameserver 1.1.1.1
nameserver 8.8.4.4
nameserver 1.0.0.1
options edns0 timeout:2 rotate
# search
# domain
EOF
log_message "SUCCESS" "Static resolv.conf created"
fi
}
#
log_message "SCRIPT" "dns_config.sh"
# Main execution for DNS configuration
configure_dns
log_message "SUCCESS" "DNS configuration completed"
Reference in New Issue View Git Blame Copy Permalink