yannstatic/static/2018/04/27/unbound-resolveur-DNS.html

2604 lines
238 KiB
HTML
Raw Permalink Normal View History

2024-10-31 20:18:37 +01:00
<!DOCTYPE html><html lang="fr">
<head><meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"><title>Résolveur DNS Unbound - YannStatic</title>
<meta name="description" content="Résolveur DNS Unbound">
<link rel="canonical" href="https://static.rnmkcy.eu/2018/04/27/unbound-resolveur-DNS.html"><link rel="alternate" type="application/rss+xml" title="YannStatic" href="/feed.xml">
<!-- - include head/favicon.html - -->
<link rel="shortcut icon" type="image/png" href="/assets/favicon/favicon.png"><link rel="stylesheet" href="/assets/css/main.css"><link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.13/css/all.css" ><!-- start custom head snippets --><link rel="stylesheet" href="/assets/css/expand.css">
<!-- end custom head snippets --><script>(function() {
window.isArray = function(val) {
return Object.prototype.toString.call(val) === '[object Array]';
};
window.isString = function(val) {
return typeof val === 'string';
};
window.hasEvent = function(event) {
return 'on'.concat(event) in window.document;
};
window.isOverallScroller = function(node) {
return node === document.documentElement || node === document.body || node === window;
};
window.isFormElement = function(node) {
var tagName = node.tagName;
return tagName === 'INPUT' || tagName === 'SELECT' || tagName === 'TEXTAREA';
};
window.pageLoad = (function () {
var loaded = false, cbs = [];
window.addEventListener('load', function () {
var i;
loaded = true;
if (cbs.length > 0) {
for (i = 0; i < cbs.length; i++) {
cbs[i]();
}
}
});
return {
then: function(cb) {
cb && (loaded ? cb() : (cbs.push(cb)));
}
};
})();
})();
(function() {
window.throttle = function(func, wait) {
var args, result, thisArg, timeoutId, lastCalled = 0;
function trailingCall() {
lastCalled = new Date;
timeoutId = null;
result = func.apply(thisArg, args);
}
return function() {
var now = new Date,
remaining = wait - (now - lastCalled);
args = arguments;
thisArg = this;
if (remaining <= 0) {
clearTimeout(timeoutId);
timeoutId = null;
lastCalled = now;
result = func.apply(thisArg, args);
} else if (!timeoutId) {
timeoutId = setTimeout(trailingCall, remaining);
}
return result;
};
};
})();
(function() {
var Set = (function() {
var add = function(item) {
var i, data = this._data;
for (i = 0; i < data.length; i++) {
if (data[i] === item) {
return;
}
}
this.size ++;
data.push(item);
return data;
};
var Set = function(data) {
this.size = 0;
this._data = [];
var i;
if (data.length > 0) {
for (i = 0; i < data.length; i++) {
add.call(this, data[i]);
}
}
};
Set.prototype.add = add;
Set.prototype.get = function(index) { return this._data[index]; };
Set.prototype.has = function(item) {
var i, data = this._data;
for (i = 0; i < data.length; i++) {
if (this.get(i) === item) {
return true;
}
}
return false;
};
Set.prototype.is = function(map) {
if (map._data.length !== this._data.length) { return false; }
var i, j, flag, tData = this._data, mData = map._data;
for (i = 0; i < tData.length; i++) {
for (flag = false, j = 0; j < mData.length; j++) {
if (tData[i] === mData[j]) {
flag = true;
break;
}
}
if (!flag) { return false; }
}
return true;
};
Set.prototype.values = function() {
return this._data;
};
return Set;
})();
window.Lazyload = (function(doc) {
var queue = {js: [], css: []}, sources = {js: {}, css: {}}, context = this;
var createNode = function(name, attrs) {
var node = doc.createElement(name), attr;
for (attr in attrs) {
if (attrs.hasOwnProperty(attr)) {
node.setAttribute(attr, attrs[attr]);
}
}
return node;
};
var end = function(type, url) {
var s, q, qi, cbs, i, j, cur, val, flag;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
s[url] = true;
for (i = 0; i < q.length; i++) {
cur = q[i];
if (cur.urls.has(url)) {
qi = cur, val = qi.urls.values();
qi && (cbs = qi.callbacks);
for (flag = true, j = 0; j < val.length; j++) {
cur = val[j];
if (!s[cur]) {
flag = false;
}
}
if (flag && cbs && cbs.length > 0) {
for (j = 0; j < cbs.length; j++) {
cbs[j].call(context);
}
qi.load = true;
}
}
}
}
};
var load = function(type, urls, callback) {
var s, q, qi, node, i, cur,
_urls = typeof urls === 'string' ? new Set([urls]) : new Set(urls), val, url;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
for (i = 0; i < q.length; i++) {
cur = q[i];
if (_urls.is(cur.urls)) {
qi = cur;
break;
}
}
val = _urls.values();
if (qi) {
callback && (qi.load || qi.callbacks.push(callback));
callback && (qi.load && callback());
} else {
q.push({
urls: _urls,
callbacks: callback ? [callback] : [],
load: false
});
for (i = 0; i < val.length; i++) {
node = null, url = val[i];
if (s[url] === undefined) {
(type === 'js' ) && (node = createNode('script', { src: url }));
(type === 'css') && (node = createNode('link', { rel: 'stylesheet', href: url }));
if (node) {
node.onload = (function(type, url) {
return function() {
end(type, url);
};
})(type, url);
(doc.head || doc.body).appendChild(node);
s[url] = false;
}
}
}
}
}
};
return {
js: function(url, callback) {
load('js', url, callback);
},
css: function(url, callback) {
load('css', url, callback);
}
};
})(this.document);
})();
</script><script>
(function() {
var TEXT_VARIABLES = {
version: '2.2.6',
sources: {
font_awesome: 'https://use.fontawesome.com/releases/v5.0.13/css/all.css',
jquery: '/assets/js/jquery.min.js',
leancloud_js_sdk: '//cdn.jsdelivr.net/npm/leancloud-storage@3.13.2/dist/av-min.js',
chart: 'https://cdn.bootcss.com/Chart.js/2.7.2/Chart.bundle.min.js',
gitalk: {
js: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.js',
css: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.css'
},
valine: 'https://unpkg.com/valine/dist/Valine.min.js'
},
site: {
toc: {
selectors: 'h1,h2,h3'
}
},
paths: {
search_js: '/assets/search.js'
}
};
window.TEXT_VARIABLES = TEXT_VARIABLES;
})();
</script>
</head>
<body>
<div class="root" data-is-touch="false">
<div class="layout--page js-page-root"><!----><div class="page__main js-page-main page__viewport hide-footer has-aside has-aside cell cell--auto">
<div class="page__main-inner"><div class="page__header d-print-none"><header class="header"><div class="main">
<div class="header__title">
<div class="header__brand"><svg id="svg" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="400" height="478.9473684210526" viewBox="0, 0, 400,478.9473684210526"><g id="svgg"><path id="path0" d="M308.400 56.805 C 306.970 56.966,303.280 57.385,300.200 57.738 C 290.906 58.803,278.299 59.676,269.200 59.887 L 260.600 60.085 259.400 61.171 C 258.010 62.428,256.198 63.600,255.645 63.600 C 255.070 63.600,252.887 65.897,252.598 66.806 C 252.460 67.243,252.206 67.600,252.034 67.600 C 251.397 67.600,247.206 71.509,247.202 72.107 C 247.201 72.275,246.390 73.190,245.400 74.138 C 243.961 75.517,243.598 76.137,243.592 77.231 C 243.579 79.293,241.785 83.966,240.470 85.364 C 239.176 86.740,238.522 88.365,237.991 91.521 C 237.631 93.665,236.114 97.200,235.554 97.200 C 234.938 97.200,232.737 102.354,232.450 104.472 C 232.158 106.625,230.879 109.226,229.535 110.400 C 228.933 110.926,228.171 113.162,226.434 119.500 C 226.178 120.435,225.795 121.200,225.584 121.200 C 225.373 121.200,225.200 121.476,225.200 121.813 C 225.200 122.149,224.885 122.541,224.500 122.683 C 223.606 123.013,223.214 123.593,223.204 124.600 C 223.183 126.555,220.763 132.911,219.410 134.562 C 218.443 135.742,217.876 136.956,217.599 138.440 C 217.041 141.424,215.177 146.434,214.532 146.681 C 214.240 146.794,214.000 147.055,214.000 147.261 C 214.000 147.467,213.550 148.086,213.000 148.636 C 212.450 149.186,212.000 149.893,212.000 150.208 C 212.000 151.386,208.441 154.450,207.597 153.998 C 206.319 153.315,204.913 150.379,204.633 147.811 C 204.365 145.357,202.848 142.147,201.759 141.729 C 200.967 141.425,199.200 137.451,199.200 135.974 C 199.200 134.629,198.435 133.224,196.660 131.311 C 195.363 129.913,194.572 128.123,193.870 125.000 C 193.623 123.900,193.236 122.793,193.010 122.540 C 190.863 120.133,190.147 118.880,188.978 115.481 C 188.100 112.928,187.151 111.003,186.254 109.955 C 185.358 108.908,184.518 107.204,183.847 105.073 C 183.280 103.273,182.497 101.329,182.108 100.753 C 181.719 100.177,180.904 98.997,180.298 98.131 C 179.693 97.265,178.939 95.576,178.624 94.378 C 178.041 92.159,177.125 90.326,175.023 87.168 C 174.375 86.196,173.619 84.539,173.342 83.486 C 172.800 81.429,171.529 79.567,170.131 78.785 C 169.654 78.517,168.697 77.511,168.006 76.549 C 167.316 75.587,166.594 74.800,166.402 74.800 C 166.210 74.800,164.869 73.633,163.421 72.206 C 160.103 68.936,161.107 69.109,146.550 69.301 C 133.437 69.474,128.581 70.162,126.618 72.124 C 126.248 72.495,125.462 72.904,124.872 73.033 C 124.282 73.163,123.088 73.536,122.219 73.863 C 121.349 74.191,119.028 74.638,117.061 74.858 C 113.514 75.254,109.970 76.350,108.782 77.419 C 107.652 78.436,100.146 80.400,97.388 80.400 C 95.775 80.400,93.167 81.360,91.200 82.679 C 90.430 83.195,89.113 83.804,88.274 84.031 C 85.875 84.681,78.799 90.910,74.400 96.243 L 73.400 97.456 73.455 106.028 C 73.526 117.055,74.527 121.238,77.820 124.263 C 78.919 125.273,80.400 127.902,80.400 128.842 C 80.400 129.202,81.075 130.256,81.900 131.186 C 83.563 133.059,85.497 136.346,86.039 138.216 C 86.233 138.886,87.203 140.207,88.196 141.153 C 89.188 142.098,90.000 143.104,90.000 143.388 C 90.000 144.337,92.129 148.594,92.869 149.123 C 93.271 149.410,93.600 149.831,93.600 150.059 C 93.600 150.286,93.932 150.771,94.337 151.136 C 94.743 151.501,95.598 153.004,96.237 154.475 C 96.877 155.947,97.760 157.351,98.200 157.596 C 98.640 157.841,99.900 159.943,101.000 162.267 C 102.207 164.817,103.327 166.644,103.825 166.876 C 104.278 167.087,105.065 168.101,105.573 169.130 C 107.658 173.348,108.097 174.093,110.006 176.647 C 111.103 178.114,112.000 179.725,112.000 180.227 C 112.000 181.048,113.425 183.163,114.678 184.200 C 115.295 184.711,117.396 188.733,117.720 190.022 C 117.855 190.562,118.603 191.633,119.381 192.402 C 120.160 193.171,121.496 195.258,122.351 197.039 C 123.206 198.820,124.167 200.378,124.487 200.501 C 124.807 200.624,125.953 202.496,127.034 204.662 C 128.114 206.828,129.676 209.299,130.505 210.153 C 131.333 211.007,132.124 212.177,132.262 212.753 C 132.618 214.239,134.291 217.048,136.288 219.5
" href="/">YannStatic</a></div><!--<button class="button button--secondary button--circle search-button js-search-toggle"><i class="fas fa-search"></i></button>--><!-- <li><button class="button button--secondary button--circle search-button js-search-toggle"><i class="fas fa-search"></i></button></li> -->
<!-- Champ de recherche -->
<div id="searchbox" class="search search--dark" style="visibility: visible">
<div class="main">
<div class="search__header"></div>
<div class="search-bar">
<div class="search-box js-search-box">
<div class="search-box__icon-search"><i class="fas fa-search"></i></div>
<input id="search-input" type="text" />
<!-- <div class="search-box__icon-clear js-icon-clear">
<a><i class="fas fa-times"></i></a>
</div> -->
</div>
</div>
</div>
</div>
<!-- Script pointing to search-script.js -->
<script>/*!
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen; i++) {
var nch = needle.charCodeAt(i);
while (j < tlen) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len; i++) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length && matches.length < opt.limit; i++) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) && strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len; i++) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 && xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' && params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object && JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '<li><a href="{url}" title="{desc}">{title}</a></li>',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' && options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len; i++) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query && query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
</script>
<!-- Configuration -->
<script>
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
json: '/search.json',
//searchResultTemplate: '<li><a href="https://static.rnmkcy.eu{url}">{date}&nbsp;{title}</a></li>'
searchResultTemplate: '<li><a href="{url}">{date}&nbsp;{title}</a></li>'
})
</script>
<!-- Fin déclaration champ de recherche --></div><nav class="navigation">
<ul><li class="navigation__item"><a href="/archive.html">Etiquettes</a></li><li class="navigation__item"><a href="/htmldoc.html">Documents</a></li><li class="navigation__item"><a href="/liens_ttrss.html">Liens</a></li><li class="navigation__item"><a href="/aide-jekyll-text-theme.html">Aide</a></li></ul>
</nav></div>
</header>
</div><div class="page__content"><div class ="main"><div class="grid grid--reverse">
<div class="col-main cell cell--auto"><!-- start custom main top snippet --><div id="results-container" class="search-result js-search-result"></div><!-- end custom main top snippet -->
<article itemscope itemtype="http://schema.org/Article"><div class="article__header"><header><h1 style="color:Tomato;">Résolveur DNS Unbound</h1></header></div><meta itemprop="headline" content="Résolveur DNS Unbound"><div class="article__info clearfix"><ul class="left-col menu"><li>
2024-11-08 14:10:33 +01:00
<a class="button button--secondary button--pill button--sm" style="color:#00FFFF" href="/archive.html?tag=dns">dns</a>
2024-10-31 20:18:37 +01:00
</li></ul><ul class="right-col menu"><li>
<i class="far fa-calendar-alt"></i>&nbsp;<span title="Création" style="color:#FF00FF">27&nbsp;avr.&nbsp;&nbsp;2018</span>
<span title="Modification" style="color:#00FF7F">16&nbsp;sept.&nbsp;2024</span></li></ul></div><meta itemprop="datePublished" content="2024-09-16T00:00:00+02:00">
<meta itemprop="keywords" content="dns"><div class="js-article-content">
<div class="layout--article"><!-- start custom article top snippet -->
<style>
#myBtn {
display: none;
position: fixed;
bottom: 10px;
right: 10px;
z-index: 99;
font-size: 12px;
font-weight: bold;
border: none;
outline: none;
background-color: white;
color: black;
cursor: pointer;
padding: 5px;
border-radius: 4px;
}
#myBtn:hover {
background-color: #555;
}
</style>
<button onclick="topFunction()" id="myBtn" title="Haut de page">&#8679;</button>
<script>
//Get the button
var mybutton = document.getElementById("myBtn");
// When the user scrolls down 20px from the top of the document, show the button
window.onscroll = function() {scrollFunction()};
function scrollFunction() {
if (document.body.scrollTop > 20 || document.documentElement.scrollTop > 20) {
mybutton.style.display = "block";
} else {
mybutton.style.display = "none";
}
}
// When the user clicks on the button, scroll to the top of the document
function topFunction() {
document.body.scrollTop = 0;
document.documentElement.scrollTop = 0;
}
</script>
<!-- end custom article top snippet -->
<div class="article__content" itemprop="articleBody"><details>
<summary><b>Afficher/cacher Sommaire</b></summary>
<!-- affichage sommaire -->
<div class="toc-aside js-toc-root"></div>
</details><h2 id="résolveur-dns-unbound">Résolveur DNS Unbound</h2>
<p><img src="/images/unbound-250.png" alt="DNS Unbound" /></p>
<p><em>Les serveurs DNS sont des machines discutant entre elles afin de se communiquer les correspondances entre nom de domaine et adresses IP.</em></p>
<h3 id="prérequis">Prérequis</h3>
<p><em>À partir de la version 209, systemd contient un démon de configuration réseau nommé <u>systemd-networkd</u> qui peut être utilisé pour la configuration basique du réseau. De plus, depuis la version 213, la résolution de nom DNS peut être prise en charge par <u>systemd-resolved</u> au lieu dun fichier /etc/resolv.conf statique. <u>Ces deux services sont activés par défaut</u></em></p>
<p class="warning">Si vous utilisez un résolveur local (par exemple bind, dnsmasq, unbound, etc), ou tout autre logiciel générant un fichier <strong>/etc/resolv.conf</strong> (par exemple <strong>resolvconf</strong>), le service <strong>systemd-resolved</strong> ne doit pas être utilisé.<br />
Pour désactiver <strong>systemd-resolved</strong>, exécutez la commande suivante : <code class="language-plaintext highlighter-rouge">sudo systemctl disable systemd-resolved</code><br />
Effacer puis recréer un fichier <code class="language-plaintext highlighter-rouge">/etc/resolv.conf</code> avec une directive dns, par exemple : <code class="language-plaintext highlighter-rouge">nameserver 1.1.1.1</code></p>
<h3 id="installation">Installation</h3>
<p>Passage en mode super utilisateur</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo -s
</code></pre></div></div>
<p>Désinstaller bind si installé</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt remove --purge bind* -y
rm -r /var/cache/bind/
</code></pre></div></div>
<p>Installation des outils dns et du paquet Unbound :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt install dnsutils unbound -y
</code></pre></div></div>
<h3 id="serveurs-de-nom-racine">Serveurs de nom racine</h3>
<p>unbound possède une liste de serveurs racine pour la résolution des adresses. Cette liste pouvant évoluer dans le temps, il est préférable d<u>installer la dernière version lors de l'installation</u><br />
Télécharger le fichier named.cache sur le site internic.net et le placer dans le répertoire /var/lib/unbound/ sous le nom root.hints</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># en mode su</span>
curl <span class="nt">-o</span> /var/lib/unbound/root.hints https://www.internic.net/domain/named.cache
<span class="nb">chown </span>unbound:unbound /var/lib/unbound/root.hints
</code></pre></div></div>
<p>Indiquer ladresse du fichier dans la configuration de unbound<br />
créer le fichier <strong>root-hints.conf</strong> :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/unbound/unbound.conf.d/root-hints.conf
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c"># Fichier des serveurs root à télécharger env tous les mois :</span>
<span class="c"># curl -o /var/lib/unbound/root.hints https://www.internic.net/domain/named.cache</span>
<span class="c"># </span>
server:
root-hints: <span class="s2">"/var/lib/unbound/root.hints"</span>
</code></pre></div></div>
<p>Vérifier le fichier</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>unbound-checkconf /etc/unbound/unbound.conf.d/root-hints.conf
</code></pre></div></div>
<p><em>unbound-checkconf: no errors in /etc/unbound/unbound.conf.d/root-hints.conf</em></p>
<p>Redémarrer unbound</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl restart unbound.service
</code></pre></div></div>
<p><u>La mise à jour du fichier "root.hints" peut-être effectuée automatiquement en utilisant systemd</u>, selon la méthode décrite ci-dessous et reprise du wiki ArchLinux unboud : <a href="https://wiki.archlinux.org/index.php/Unbound#Roothints_systemd_timer">Roothints systemd timer</a>, la mise à jour seffectuera tous les premiers samedi de chaque mois à 02h00</p>
<p>Créer un fichier service</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/systemd/system/roothints.service
</code></pre></div></div>
<div class="language-ini highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nn">[Unit]</span>
<span class="py">Description</span><span class="p">=</span><span class="s">Update root hints for unbound</span>
<span class="py">After</span><span class="p">=</span><span class="s">network.target</span>
<span class="nn">[Service]</span>
<span class="py">ExecStart</span><span class="p">=</span><span class="s">/usr/bin/curl -o /var/lib/unbound/root.hints https://www.internic.net/domain/named.cache</span>
</code></pre></div></div>
<p>Créer un fichier timer</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/systemd/system/roothints.timer
</code></pre></div></div>
<div class="language-ini highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nn">[Unit]</span>
<span class="py">Description</span><span class="p">=</span><span class="s">Run root.hints monthly</span>
<span class="nn">[Timer]</span>
<span class="py">OnCalendar</span><span class="p">=</span><span class="s">OnCalendar=Sat *-*-01..07 02:00:00</span>
<span class="py">Persistent</span><span class="p">=</span><span class="s">true </span>
<span class="nn">[Install]</span>
<span class="py">WantedBy</span><span class="p">=</span><span class="s">timers.target</span>
</code></pre></div></div>
<p>Vérifier la syntaxe avec systemd-analyze</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemd-analyze calendar "Sat *-*-01..07 02:00:00"
Normalized form: Sat *-*-01..07 02:00:00
Next elapse: Sat 2024-10-05 02:00:00 GMT
From now: 2 weeks 4 days left
</code></pre></div></div>
<p>Tester le chargement du fichier</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl daemon-reload
<span class="nb">rm</span> /var/lib/unbound/root.hints
systemctl start roothints.service
<span class="nb">ls</span> <span class="nt">-la</span> /var/lib/unbound/root.hints
<span class="c"># -rw-r--r-- 1 root root 3312 16 sept. 06:47 /var/lib/unbound/root.hints</span>
</code></pre></div></div>
<p>Activer et démarrer le timer roothints.timer</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl enable roothints.timer --now
</code></pre></div></div>
<p>Liste les “timers”<br />
<code class="language-plaintext highlighter-rouge">sudo systemctl list-timers</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>NEXT LEFT LAST PASSED UNIT ACTIVATES
[...]
Sat 2024-10-05 02:00:00 GMT 2 weeks 4 days left - - roothints.timer roothints.service
</code></pre></div></div>
<p>Liste les “timers” correspondant à un certain état :<br />
<code class="language-plaintext highlighter-rouge">sudo systemctl list-timers --state=STATE</code><br />
STATE prend les valeurs suivantes : active, failed, load, sub. Voir man systemctl pour plus de détails.</p>
<h3 id="configurer-unbound">Configurer unbound</h3>
<p>Les fichiers de configuration sont situés sous <strong>/etc/unbound/unbound.conf.d/</strong></p>
<blockquote>
<p>NOTE: La configuration par défaut est suffisante lors de la mise en place sur un serveur</p>
</blockquote>
<p>Créer un fichier de configuration <strong>unbound-iceyan.conf</strong> (<code class="language-plaintext highlighter-rouge">/etc/unbound/unbound.conf.d/unbound-iceyan.conf</code>)</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>server:
# ne rien enregistrer dans les journaux hormis les erreurs
verbosity: 0
# n'écouter que sur l'interface locale en IPv4
# unbound nécessite d'être relancé si modifié
interface: 127.0.0.1
# Adresse privée wireguard
#interface: 10.55.22.1
port: 53
# refuser tout le monde sauf les connexions locales (pas forcément
# nécessaire vu que le serveur n'écoute que sur la boucle locale en IPv4)
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.1/32 allow
# Adresse privée wireguard
#access-control: 10.55.22.0/16 allow
# par défaut, unbound ne log pas les requêtes ni les réponses
# on peut le rappeler au cas où
log-queries: no
log-replies: no
# imposer la QNAME minimisation (RFC 7816)
# Pour mieux protéger la vie privée
qname-minimisation: yes
# même si le serveur faisant autorité ne le veut pas
# après discussion, il est possible que cette option ne soit
# pas recommandée dans le cadre d'un résolveur ouvert
qname-minimisation-strict: yes
</code></pre></div></div>
<p>Pour vérifier si le fichier de configuration est valide</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>unbound-checkconf /etc/unbound/unbound.conf.d/unbound-iceyan.conf
</code></pre></div></div>
<h3 id="démarrer-et-vérifier-unbound">Démarrer et vérifier unbound</h3>
<p>Si vous nutilisez pas lapplication <strong>resolvconf</strong> pour la résolution des noms, il faut modifier le fichier <code class="language-plaintext highlighter-rouge">/etc/resolv.conf</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nameserver 127.0.0.1
</code></pre></div></div>
<p>Redémarrer le service <strong>dnsunbound</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl restart unbound
</code></pre></div></div>
<p>Les commandes suivantes ne fonctionneront que si le paquet “dnsutils” est installé sur votre système Debian!</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>dig @127.0.0.1 afnic.fr +short +dnssec
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>51.178.83.21
A 13 2 600 20241016083021 20240916030820 14683 afnic.fr. gApIxPsbAiDexraJ1FfS2gE+BMKTNox+2UnlRxPa/T6WDbb6ZdnU6KQi 0yRES7xp+iCS83zTFGnympNdxwUs8A==
</code></pre></div></div>
<p><code class="language-plaintext success highlighter-rouge">La commande dig a fonctionné, vous pouvez maintenant définir Unbound comme premier résolveur DNS</code></p>
<h2 id="options">Options</h2>
<h3 id="bloquer-la-publicité">Bloquer la publicité</h3>
<ul>
<li><a href="https://www.shaftinc.fr/blocage-pubs-unbound.html">Bloquer la publicité grâce au DNS</a></li>
<li><a href="https://framagit.org/Shaft/unbound-adblock">Blocage de pubs et traqueurs avec Unbound</a></li>
</ul>
<p>Prérequis, jq et curl installés<br />
Script /usr/local/bin/unbound-adblock</p>
<details>
<summary><b>Etendre Réduire</b></summary>
<figure class="highlight"><pre><code class="language-bash" data-lang="bash">
<span class="c">#!/bin/bash</span>
<span class="c">###############################################################################################################################</span>
<span class="c">#</span>
<span class="c"># Script construisant un fichier de configuration Unbound, à partir de listes connues</span>
<span class="c"># en vue d'en faire un bloqueur de pubs et de mouchards</span>
<span class="c">#</span>
<span class="c"># Unbound doit répondre NXDOMAIN pour toute requête portant ces domaines</span>
<span class="c">#</span>
<span class="c"># Voir ici pour les détails : https://framagit.org/Shaft/unbound-adblock/</span>
<span class="c"># et la documentation d'Unbound : https://nlnetlabs.nl/documentation/unbound/unbound.conf/</span>
<span class="c">#</span>
<span class="c"># Par Shaft, sous Licence Publique IV (https://www.shaftinc.fr/licence-publique-iv.html)</span>
<span class="c">#</span>
<span class="c">###############################################################################################################################</span>
<span class="nv">tmpErr</span><span class="o">=</span><span class="si">$(</span><span class="nb">mktemp</span><span class="si">)</span>
<span class="nv">logFile</span><span class="o">=</span><span class="s2">"/var/log/adblock.log"</span>
<span class="c"># On vérifie que le fichier de log existe et on le crée sinon</span>
<span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="nv">$logFile</span> <span class="o">]</span><span class="p">;</span> <span class="k">then
</span><span class="nb">touch</span> <span class="nv">$logFile</span> <span class="o">&amp;&amp;</span> <span class="nb">chown </span>root:adm <span class="nv">$logFile</span>
<span class="k">fi</span>
<span class="c">############### Fonctions de logs ###############</span>
<span class="c"># Vu ici : http://www.cubicrace.com/2016/03/efficient-logging-mechnism-in-shell.html</span>
<span class="k">function </span>LOG<span class="o">(){</span>
<span class="nb">local </span><span class="nv">lvl</span><span class="o">=</span><span class="nv">$1</span>
<span class="nb">local </span><span class="nv">msg</span><span class="o">=</span><span class="s2">"</span><span class="nv">$2</span><span class="s2">"</span>
<span class="nb">echo</span> <span class="nt">-e</span> <span class="s2">"</span><span class="si">$(</span><span class="nb">date</span> +<span class="s1">'%b %d %X %z'</span><span class="si">)</span><span class="s2"> </span><span class="nv">$lvl</span><span class="s2">: </span><span class="nv">$msg</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="nv">$logFile</span>
<span class="o">}</span>
<span class="k">function </span>SYSLOG<span class="o">(){</span>
<span class="nb">local </span><span class="nv">lvl</span><span class="o">=</span><span class="nv">$1</span>
<span class="nb">local </span><span class="nv">msg</span><span class="o">=</span><span class="s2">"</span><span class="nv">$2</span><span class="s2">"</span>
<span class="c"># err : error ; info ; warning</span>
logger <span class="nt">-p</span> local0.<span class="nv">$lvl</span> <span class="nt">-t</span> <span class="k">${</span><span class="nv">0</span><span class="p">##*/</span><span class="k">}</span> <span class="nt">--id</span><span class="o">=</span><span class="nv">$$</span> <span class="nv">$msg</span>
<span class="o">}</span>
<span class="c">#################################################</span>
<span class="c"># Suppresions des fichiers temporaires</span>
<span class="k">function </span>supp_temp<span class="o">(){</span>
<span class="k">for </span>temp <span class="k">in</span> <span class="k">${</span><span class="p">!tmp@</span><span class="k">}</span><span class="p">;</span><span class="k">do
</span><span class="nb">declare</span> <span class="nt">-n</span> <span class="nv">fic</span><span class="o">=</span><span class="si">$(</span><span class="nb">printf</span> <span class="nv">$temp</span><span class="si">)</span>
<span class="nb">rm</span> <span class="nv">$fic</span>
<span class="k">done</span>
<span class="o">}</span>
<span class="c"># On vérifie que les dépendances sont installées</span>
<span class="k">for </span>prog <span class="k">in </span>jq curl<span class="p">;</span> <span class="k">do
</span><span class="nb">command</span> <span class="nt">-v</span> <span class="nv">$prog</span> <span class="o">&gt;</span> /dev/null
<span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$?</span><span class="s2">"</span> <span class="nt">-ne</span> 0 <span class="o">]</span><span class="p">;</span><span class="k">then
</span>LOG ERROR <span class="s2">"</span><span class="nv">$prog</span><span class="s2"> non installé. Arrêt du script"</span>
SYSLOG err <span class="s2">"</span><span class="nv">$prog</span><span class="s2"> non installé. Arrêt du script"</span>
<span class="nb">rm</span> <span class="nv">$tmpErr</span>
<span class="nb">exit </span>1
<span class="k">fi
done</span>
<span class="c"># On vérifie qu'un paramètre est bien passé au script</span>
<span class="k">if</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span><span class="k">then
</span><span class="nb">echo</span> <span class="s2">"usage : </span><span class="nv">$0</span><span class="s2"> &lt;Fichier JSON&gt;"</span>
LOG ERROR <span class="s2">"Aucun fichier fourni en argument. Arrêt du script"</span>
SYSLOG err <span class="s2">"Aucun fichier fourni en argument. Arrêt du script"</span>
<span class="nb">rm</span> <span class="nv">$tmpErr</span>
<span class="nb">exit </span>1
<span class="k">fi
</span><span class="nv">json</span><span class="o">=</span><span class="nv">$1</span>
<span class="c"># Si le fichier json est incorrect, on arrête le script ici.</span>
jq <span class="nt">-e</span> <span class="s1">'.'</span> <span class="nv">$json</span> &amp;&gt; <span class="nv">$tmpErr</span>
<span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$?</span><span class="s2">"</span> <span class="nt">-ne</span> 0 <span class="o">]</span><span class="p">;</span><span class="k">then
</span>LOG ERROR <span class="s2">"Le fichier </span><span class="nv">$json</span><span class="s2"> est incorrect :"</span>
LOG ERROR <span class="s2">"</span><span class="si">$(</span><span class="nb">cat</span> <span class="nv">$tmpErr</span><span class="si">)</span><span class="s2">"</span>
LOG ERROR <span class="s2">"Arrêt du script"</span>
SYSLOG err <span class="s2">"Le fichier </span><span class="nv">$json</span><span class="s2"> est incorrect, voir </span><span class="nv">$logFile</span><span class="s2">. Arrêt du script."</span>
<span class="nb">rm</span> <span class="nv">$tmpErr</span>
<span class="nb">exit </span>1
<span class="k">fi
</span><span class="nv">tmpListe</span><span class="o">=</span><span class="si">$(</span><span class="nb">mktemp</span><span class="si">)</span>
<span class="nv">tmpListeClean</span><span class="o">=</span><span class="si">$(</span><span class="nb">mktemp</span><span class="si">)</span>
<span class="nv">tmpJSON</span><span class="o">=</span><span class="si">$(</span><span class="nb">mktemp</span><span class="si">)</span>
<span class="nv">filePath</span><span class="o">=</span><span class="s2">"/var/lib/unbound"</span>
<span class="nv">confFile</span><span class="o">=</span><span class="s2">"/etc/unbound/unbound.conf.d/adblock.conf"</span>
<span class="nv">listFile</span><span class="o">=</span><span class="s2">"</span><span class="nv">$filePath</span><span class="s2">/liste-ad.txt"</span>
<span class="nv">diffFile</span><span class="o">=</span><span class="s2">"</span><span class="nv">$filePath</span><span class="s2">/modif-ad.diff"</span>
<span class="nv">sauvConf</span><span class="o">=</span><span class="s2">"</span><span class="nv">$filePath</span><span class="s2">/adblock.conf.bak"</span>
<span class="nv">NbEchecs</span><span class="o">=</span>0
<span class="c"># On initialise les compteurs pour la boucle de DL des listes. Attention jq énumère à partir de 0</span>
<span class="nv">i</span><span class="o">=</span>0
<span class="nv">n</span><span class="o">=</span><span class="si">$(</span>jq <span class="s1">'. | length'</span> <span class="nv">$json</span><span class="si">)</span>
<span class="c"># On teste si le JSON est vide</span>
<span class="k">if</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$n</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span><span class="k">then
</span>LOG ERROR <span class="s2">"</span><span class="nv">$json</span><span class="s2"> semble vide, merci de vérifier le fichier. Arrêt du script"</span>
LOG ERROR <span class="s2">"Éventuellement, le télécharger en https://framagit.org/Shaft/unbound-adblock/-/raw/main/liste-adblock.json"</span>
SYSLOG err <span class="s2">"</span><span class="nv">$json</span><span class="s2"> semble vide, arrêt du script"</span>
supp_temp
<span class="nb">exit </span>1
<span class="k">fi</span>
<span class="c"># On initialise le compteur de nouvelles listes</span>
<span class="nv">listCount</span><span class="o">=</span>0
<span class="c"># Nombre de listes présentes dans le JSON lors du dernier DL</span>
<span class="nv">nbListes</span><span class="o">=</span><span class="si">$(</span><span class="nb">grep</span> <span class="nt">-s</span> <span class="s2">"Téléchargement des [0-9]* listes de domaines"</span> <span class="nv">$logFile</span>.1 <span class="nv">$logFile</span> | <span class="nb">tail</span> <span class="nt">-1</span> | <span class="nb">awk</span> <span class="s1">'{ print $8 }'</span><span class="si">)</span>
<span class="c"># Si le grep échoue ou ne renvoie tout simplement rien, on passe $n comme valeur</span>
<span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$?</span><span class="s2">"</span> <span class="nt">-ne</span> 0 <span class="o">]</span> <span class="o">||</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$nbListes</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span><span class="k">then
</span><span class="nv">nbListes</span><span class="o">=</span><span class="nv">$n</span>
<span class="k">fi</span>
<span class="c"># On copie le JSON dans le fichier temporaire</span>
<span class="nb">cp</span> <span class="nv">$json</span> <span class="nv">$tmpJSON</span>
<span class="c"># Pour alléger un peu le script, on fait une fonction pour la création de la liste finale</span>
make_liste<span class="o">(){</span>
<span class="nv">tmpConf</span><span class="o">=</span><span class="si">$(</span><span class="nb">mktemp</span><span class="si">)</span>
<span class="nb">echo</span> <span class="nt">-e</span> <span class="s2">"# Liste générée le </span><span class="si">$(</span><span class="nb">date</span><span class="si">)</span><span class="s2">"</span> <span class="o">&gt;</span> <span class="nv">$tmpConf</span>
<span class="c"># Bien penser à indiquer la directive server au début du fichier de configuration ou Unbound pourrait ne pas démarrer</span>
<span class="nb">echo</span> <span class="nt">-e</span> <span class="s2">"server:"</span> <span class="o">&gt;&gt;</span> <span class="nv">$tmpConf</span>
<span class="k">while </span><span class="nb">read </span>domaine<span class="p">;</span><span class="k">do
</span><span class="nb">echo</span> <span class="nt">-e</span> <span class="s2">"local-zone: </span><span class="se">\"</span><span class="nv">$domaine</span><span class="se">\"</span><span class="s2"> static"</span> <span class="o">&gt;&gt;</span> <span class="nv">$tmpConf</span>
<span class="k">done</span> &lt; <span class="nv">$tmpListeClean</span>
<span class="c"># Une fois le fichier crée, on vérifie l'ensemble de la configuration Unbound (avec notre fichier) et si tout est OK, on redémarre le service</span>
<span class="c"># S'il y a déjà un fichier confFile existant, on en fait un backup</span>
<span class="k">if</span> <span class="o">[</span> <span class="nt">-f</span> <span class="nv">$confFile</span> <span class="o">]</span><span class="p">;</span> <span class="k">then
</span><span class="nb">cp</span> <span class="nt">-a</span> <span class="nv">$confFile</span> <span class="nv">$sauvConf</span>
LOG INFO <span class="s2">"Sauvegarde du précédent fichier de configuration dans </span><span class="nv">$sauvConf</span><span class="s2">"</span>
<span class="k">fi
</span>LOG INFO <span class="s2">"Copie de la nouvelle configuration dans </span><span class="nv">$confFile</span><span class="s2">"</span>
<span class="nb">mv</span> <span class="nt">-f</span> <span class="nv">$tmpConf</span> <span class="nv">$confFile</span>
<span class="nb">chmod </span>644 <span class="nv">$confFile</span>
unbound-checkconf &amp;&gt; <span class="nv">$tmpErr</span>
<span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$?</span><span class="s2">"</span> <span class="nt">-ne</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then
</span>LOG ERROR <span class="s2">"La vérification de la configuration d'Unbound a échouée. Erreurs trouvées :"</span>
LOG ERROR <span class="s2">"</span><span class="si">$(</span><span class="nb">cat</span> <span class="nv">$tmpErr</span><span class="si">)</span><span class="s2">"</span>
LOG ERROR <span class="s2">"Arrêt du script."</span>
<span class="c"># Optionnel : si le script est lancé comme un service, on laisse un message dans le syslog pour avoir plus rapidement des infos</span>
SYSLOG err <span class="s2">"La vérification de la configuration d'Unbound a échouée, voir </span><span class="nv">$logFile</span><span class="s2">. Arrêt du script."</span>
supp_temp
<span class="k">if</span> <span class="o">[</span> <span class="nt">-f</span> <span class="nv">$sauvConf</span> <span class="o">]</span><span class="p">;</span> <span class="k">then
</span><span class="nb">cp</span> <span class="nv">$sauvConf</span> <span class="nv">$confFile</span>
LOG INFO <span class="s2">"Restauration du précédent fichier de configuration."</span>
<span class="k">else
</span><span class="nb">rm</span> <span class="nv">$confFile</span>
LOG INFO <span class="s2">"Suppression du fichier de configuration."</span>
<span class="k">fi
</span><span class="nb">exit </span>1
<span class="k">else
</span>LOG INFO <span class="s2">"Redémarrage d'Unbound."</span>
unbound-control reload
<span class="c"># systemctl restart unbound.service</span>
<span class="c"># On ne copie la nouvelle version de la liste que maintenant</span>
<span class="nb">mv</span> <span class="nt">-f</span> <span class="nv">$tmpListeClean</span> <span class="nv">$listFile</span>
<span class="nb">mv</span> <span class="nt">-f</span> <span class="nv">$tmpJSON</span> <span class="nv">$json</span>
<span class="nb">chmod </span>644 <span class="nv">$listFile</span>
LOG INFO <span class="s2">"Blocage de </span><span class="si">$(</span><span class="nb">wc</span> <span class="nt">-l</span> <span class="nv">$listFile</span> | <span class="nb">awk</span> <span class="s1">'{print $1}'</span><span class="si">)</span><span class="s2"> domaines."</span>
SYSLOG info <span class="s2">"Nouvelle version en place, </span><span class="si">$(</span><span class="nb">wc</span> <span class="nt">-l</span> <span class="nv">$listFile</span> | <span class="nb">awk</span> <span class="s1">'{print $1}'</span><span class="si">)</span><span class="s2"> domaines bloqués."</span>
<span class="nb">rm</span> <span class="nv">$tmpErr</span>
<span class="nb">exit </span>0
<span class="k">fi</span>
<span class="o">}</span>
<span class="c">#################################################</span>
<span class="c"># Si nbListes est supérieur à n alors une liste a été retirée du JSON</span>
<span class="c"># On réinitialise les hash dans ce dernier</span>
<span class="k">if</span> <span class="o">[</span> <span class="nv">$nbListes</span> <span class="nt">-gt</span> <span class="nv">$n</span> <span class="o">]</span><span class="p">;</span><span class="k">then
</span>LOG INFO <span class="s2">"Nombre de listes dans le JSON inférieur à celui présent lors de la dernière exécution."</span>
LOG INFO <span class="s2">"Réinitialisation des hash des listes présentes."</span>
LOG INFO <span class="s2">"Remise à zéro de </span><span class="nv">$listFile</span><span class="s2"> et suppression des .list."</span>
SYSLOG info <span class="s2">"Une liste a été retirée du JSON, réinitialisation des blocages"</span>
<span class="nb">sed</span> <span class="nt">-i</span> <span class="s1">'s/\"Hash.*/\"Hash\"\: null/g'</span> <span class="nv">$json</span>
<span class="nb">printf</span> <span class="s2">""</span> <span class="o">&gt;</span> <span class="nv">$tmpListe</span>
<span class="nb">rm</span> <span class="nt">-r</span> <span class="nv">$filePath</span>/<span class="k">*</span>.list
<span class="k">fi
</span>LOG INFO <span class="s2">"Téléchargement des </span><span class="nv">$n</span><span class="s2"> listes de domaines"</span>
<span class="c"># Boucle de téléchargement des listes, préparation et nettoyage avant de constituer la liste principale</span>
<span class="k">while</span> <span class="o">[</span> <span class="nv">$i</span> <span class="nt">-le</span> <span class="k">$((</span><span class="nv">$n</span> <span class="o">-</span> <span class="m">1</span><span class="k">))</span> <span class="o">]</span><span class="p">;</span><span class="k">do
</span><span class="nv">nom</span><span class="o">=</span><span class="si">$(</span>jq <span class="nt">--raw-output</span> .[<span class="nv">$i</span><span class="o">]</span>.Nom <span class="nv">$json</span><span class="si">)</span>
<span class="nv">url</span><span class="o">=</span><span class="si">$(</span>jq <span class="nt">--raw-output</span> .[<span class="nv">$i</span><span class="o">]</span>.URL <span class="nv">$json</span><span class="si">)</span>
<span class="nb">hash</span><span class="o">=</span><span class="si">$(</span>jq <span class="nt">--raw-output</span> .[<span class="nv">$i</span><span class="o">]</span>.Hash <span class="nv">$json</span><span class="si">)</span>
<span class="nv">tmpDL</span><span class="o">=</span><span class="si">$(</span><span class="nb">mktemp</span><span class="si">)</span>
<span class="c"># Si $nom contient des espaces, on les remplace</span>
<span class="nv">sauvList</span><span class="o">=</span><span class="s2">"</span><span class="nv">$filePath</span><span class="s2">/</span><span class="k">${</span><span class="nv">nom</span><span class="p">//\ /-</span><span class="k">}</span><span class="s2">.list"</span>
curl <span class="nt">-sSf</span> <span class="nt">--connect-timeout</span> 5 <span class="nv">$url</span> <span class="nt">-o</span> <span class="nv">$tmpDL</span> 2&gt;<span class="nv">$tmpErr</span>
<span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$?</span><span class="s2">"</span> <span class="nt">-ne</span> 0 <span class="o">]</span><span class="p">;</span><span class="k">then
</span>LOG ERROR <span class="s2">"Échec du téléchargement de liste </span><span class="nv">$nom</span><span class="s2">. L'erreur suivante a été détectée :"</span>
LOG ERROR <span class="s2">"</span><span class="si">$(</span><span class="nb">cat</span> <span class="nv">$tmpErr</span><span class="si">)</span><span class="s2">"</span>
<span class="o">((</span>NbEchecs++<span class="o">))</span>
<span class="c"># Si le téléchargement d'au moins la moitié des listes (arrondi inférieur) échoue et</span>
<span class="c"># qu'aucune nouvelle liste n'a été téléchargée, ça ne sert à rien de continuer</span>
<span class="k">if</span> <span class="o">[</span> <span class="nv">$NbEchecs</span> <span class="nt">-ge</span> <span class="k">$((</span><span class="nv">$n</span> <span class="o">/</span> <span class="m">2</span><span class="k">))</span> <span class="nt">-a</span> <span class="nv">$listCount</span> <span class="nt">-eq</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then
</span>LOG ERROR <span class="s2">"Le téléchargement de </span><span class="nv">$NbEchecs</span><span class="s2"> listes a échoué."</span>
LOG ERROR <span class="s2">"Au moins la moitié des listes en erreur. Arrêt du script"</span>
<span class="c">#Optionnel : si le script est lancé comme un service, on laisse un message dans le syslog pour avoir plus rapidement des infos</span>
SYSLOG err <span class="s2">"Le téléchargement de </span><span class="nv">$NbEchecs</span><span class="s2"> listes sur </span><span class="nv">$n</span><span class="s2"> a échoué, voir </span><span class="nv">$logFile</span><span class="s2">. Arrêt du script"</span>
supp_temp
<span class="nb">exit </span>1
<span class="k">fi
else</span>
<span class="c"># On regarde si le sha256 est différent</span>
<span class="k">if</span> <span class="o">[</span> <span class="si">$(</span><span class="nb">sha256sum</span> <span class="nv">$tmpDL</span> | <span class="nb">awk</span> <span class="s1">'{print $1}'</span><span class="si">)</span> <span class="o">=</span> <span class="nv">$hash</span> <span class="o">]</span><span class="p">;</span> <span class="k">then
</span>LOG INFO <span class="s2">"Téléchargement de la liste </span><span class="nv">$nom</span><span class="s2"> réussi. Pas de différences constatées. Liste ignorée."</span>
<span class="k">else
case</span> <span class="nv">$hash</span> <span class="k">in
</span>null<span class="p">)</span>
LOG INFO <span class="s2">"Téléchargement de la liste </span><span class="nv">$nom</span><span class="s2"> réussi. Hash nul, la liste est nouvelle."</span>
<span class="p">;;</span>
<span class="k">*</span><span class="p">)</span>
LOG INFO <span class="s2">"Téléchargement de la liste </span><span class="nv">$nom</span><span class="s2"> réussi. Différences constatées. Ajout à la nouvelle liste."</span>
<span class="p">;;</span>
<span class="k">esac</span>
<span class="o">((</span>listCount++<span class="o">))</span>
<span class="c"># On écrit le nouveau hash dans le JSON</span>
<span class="nb">cat</span> <span class="nv">$tmpJSON</span> | jq <span class="nt">--arg</span> newHash <span class="s2">"</span><span class="si">$(</span><span class="nb">sha256sum</span> <span class="nv">$tmpDL</span> | <span class="nb">awk</span> <span class="s1">'{print $1}'</span><span class="si">)</span><span class="s2">"</span> <span class="nt">--argjson</span> i <span class="s2">"</span><span class="nv">$i</span><span class="s2">"</span> <span class="s1">'.[$i].Hash = $newHash'</span> <span class="o">&gt;</span> <span class="nv">$tmpJSON</span>
<span class="c"># On teste si la liste est un fichier hosts eg.</span>
<span class="c"># il contient des lignes type "127.0.0.1 méchant.example"</span>
<span class="c"># On adapte le traitement en fonction</span>
<span class="nb">grep</span> <span class="nt">-E</span> <span class="s2">"^127</span><span class="se">\.</span><span class="s2">0</span><span class="se">\.</span><span class="s2">0</span><span class="se">\.</span><span class="s2">1|^0</span><span class="se">\.</span><span class="s2">0</span><span class="se">\.</span><span class="s2">0</span><span class="se">\.</span><span class="s2">0"</span> <span class="nv">$tmpDL</span> &amp;&gt; /dev/null
<span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$?</span><span class="s2">"</span> <span class="nt">-ne</span> 0 <span class="o">]</span><span class="p">;</span><span class="k">then
</span><span class="nb">grep</span> <span class="nt">-v</span> <span class="s2">"^#"</span> <span class="nv">$tmpDL</span> | <span class="nb">awk</span> <span class="s1">'{print $1}'</span> | <span class="nb">tr</span> <span class="nt">-d</span> <span class="s2">"</span><span class="se">\r</span><span class="s2">"</span> | <span class="nb">sed</span> <span class="s1">'/^\s*$/d'</span> <span class="o">&gt;</span> <span class="nv">$sauvList</span>
<span class="k">else</span>
<span class="c"># Il faut faire attention à enlever les lignes classiques d'un fichier hosts</span>
<span class="c"># telle que "127.0.0.1 localhost" qui peuvent rester.</span>
<span class="nb">grep</span> <span class="nt">-E</span> <span class="s2">"^127</span><span class="se">\.</span><span class="s2">0</span><span class="se">\.</span><span class="s2">0</span><span class="se">\.</span><span class="s2">1|^0</span><span class="se">\.</span><span class="s2">0</span><span class="se">\.</span><span class="s2">0</span><span class="se">\.</span><span class="s2">0"</span> <span class="nv">$tmpDL</span> | <span class="nb">awk</span> <span class="s1">'{print $2}'</span> | <span class="nb">tr</span> <span class="nt">-d</span> <span class="s2">"</span><span class="se">\r</span><span class="s2">"</span> | <span class="nb">sed</span> <span class="s1">'/^\s*$/d'</span> | <span class="nb">grep</span> <span class="nt">-Ev</span> <span class="s2">"^localhost|^localhost.localdomain|^local</span><span class="nv">$|</span><span class="s2">^127</span><span class="se">\.</span><span class="s2">0</span><span class="se">\.</span><span class="s2">0</span><span class="se">\.</span><span class="s2">1</span><span class="nv">$|</span><span class="s2">^0</span><span class="se">\.</span><span class="s2">0</span><span class="se">\.</span><span class="s2">0</span><span class="se">\.</span><span class="s2">0$"</span> <span class="o">&gt;</span> <span class="nv">$sauvList</span>
<span class="k">fi
</span>LOG INFO <span class="s2">"Sauvegarde dans </span><span class="nv">$sauvList</span><span class="s2">"</span>
<span class="k">fi
fi
</span><span class="nb">rm</span> <span class="nv">$tmpDL</span>
<span class="o">((</span>i++<span class="o">))</span>
<span class="k">done</span>
<span class="c"># On loggue le nombre d'erreurs de téléchargements, s'il y en a</span>
<span class="k">if</span> <span class="o">[</span> <span class="nv">$NbEchecs</span> <span class="nt">-gt</span> 0 <span class="o">]</span><span class="p">;</span><span class="k">then
</span>LOG WARNING <span class="s2">"Le téléchargement de </span><span class="nv">$NbEchecs</span><span class="s2"> liste(s) sur </span><span class="nv">$n</span><span class="s2"> a échoué."</span>
<span class="c">#Optionnel : si le script est lancé comme un service, on laisse un message dans le syslog pour avoir plus rapidement des infos</span>
SYSLOG warning <span class="s2">"Le téléchargement de </span><span class="nv">$NbEchecs</span><span class="s2"> liste(s) sur </span><span class="nv">$n</span><span class="s2"> a échoué, voir </span><span class="nv">$logFile</span><span class="s2">"</span>
<span class="k">fi</span>
<span class="c"># Tri et suppression des doublons de la liste.</span>
<span class="k">for </span>file <span class="k">in</span> <span class="si">$(</span><span class="nb">ls</span> <span class="nv">$filePath</span>/<span class="k">*</span>.list<span class="si">)</span><span class="p">;</span><span class="k">do
</span><span class="nb">cat</span> <span class="nv">$file</span> <span class="o">&gt;&gt;</span> <span class="nv">$tmpListe</span>
<span class="k">done
</span><span class="nb">sort</span> <span class="nt">-bfu</span> <span class="nv">$tmpListe</span> <span class="nt">-o</span> <span class="nv">$tmpListeClean</span>
<span class="nb">rm</span> <span class="nv">$tmpListe</span>
<span class="c"># On vérifie si la dernière version de la liste nettoyée est présente.</span>
<span class="c"># Si c'est le cas, on vérifie si la nouvelle présente des différences et on reconstruit le fichier de conf en fonction</span>
<span class="k">if</span> <span class="o">[</span> <span class="nt">-f</span> <span class="nv">$listFile</span> <span class="o">]</span><span class="p">;</span> <span class="k">then
if</span> <span class="o">[</span> <span class="nv">$listCount</span> <span class="nt">-eq</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then
</span>LOG INFO <span class="s2">"Pas de différences constatées avec la liste du </span><span class="si">$(</span><span class="nb">date</span> <span class="nt">-d</span> @<span class="si">$(</span><span class="nb">stat</span> <span class="nt">-c</span> %Y <span class="nv">$confFile</span><span class="si">))</span><span class="s2"> déjà présente. Arrêt du script."</span>
SYSLOG info <span class="s2">"Pas de nouvelle version, </span><span class="si">$(</span><span class="nb">wc</span> <span class="nt">-l</span> <span class="nv">$listFile</span> | <span class="nb">awk</span> <span class="s1">'{print $1}'</span><span class="si">)</span><span class="s2"> domaines bloqués."</span>
supp_temp
<span class="nb">exit </span>0
<span class="k">else
</span>LOG INFO <span class="s2">"Des différences ont été constatées avec la liste déjà présente, voir </span><span class="nv">$diffFile</span><span class="s2">"</span>
diff <span class="nv">$tmpListeClean</span> <span class="nv">$listFile</span> <span class="o">&gt;</span> <span class="nv">$diffFile</span>
LOG INFO <span class="s2">"Construction d'un nouveau fichier de configuration."</span>
make_liste
<span class="k">fi
else
</span>LOG INFO <span class="s2">"Pas de liste trouvée. Construction de celle-ci et du fichier de configuration."</span>
make_liste
<span class="k">fi</span></code></pre></figure>
</details>
<p>Droits en exécution</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>chmod +x /usr/local/bin/unbound-adblock
</code></pre></div></div>
<p>Copier <a href="https://framagit.org/Shaft/unbound-adblock/-/blob/main/liste-adblock.json">liste-adblock.json</a> dans un fichier <code class="language-plaintext highlighter-rouge">/var/lib/unbound/liste-adblock.json</code></p>
<details>
<summary><b>Etendre Réduire</b></summary>
<figure class="highlight"><pre><code class="language-json" data-lang="json"><span class="w">
</span><span class="p">[</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"Nom"</span><span class="p">:</span><span class="w"> </span><span class="s2">"MVPS"</span><span class="p">,</span><span class="w">
</span><span class="nl">"URL"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://winhelp2002.mvps.org/hosts.txt"</span><span class="p">,</span><span class="w">
</span><span class="nl">"Hash"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"Nom"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AdAway"</span><span class="p">,</span><span class="w">
</span><span class="nl">"URL"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://adaway.org/hosts.txt"</span><span class="p">,</span><span class="w">
</span><span class="nl">"Hash"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"Nom"</span><span class="p">:</span><span class="w"> </span><span class="s2">"StevenBlack Unifié"</span><span class="p">,</span><span class="w">
</span><span class="nl">"URL"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"</span><span class="p">,</span><span class="w">
</span><span class="nl">"Hash"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="p">{</span><span class="w">
</span><span class="nl">"Nom"</span><span class="p">:</span><span class="w"> </span><span class="s2">"yoyo.org"</span><span class="p">,</span><span class="w">
</span><span class="nl">"URL"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&amp;showintro=0&amp;mimetype=plaintext"</span><span class="p">,</span><span class="w">
</span><span class="nl">"Hash"</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w">
</span><span class="p">}</span><span class="w">
</span><span class="p">]</span></code></pre></figure>
</details>
<p>Copier <a href="https://framagit.org/Shaft/unbound-adblock/-/blob/main/adblock">adblock</a> dans /etc/logrotate.d/ (Attention : ne pas supprimer loption delaycompress au risque de casser la détection de retrait de liste du JSON).</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget -O /etc/logrotate.d/adblock https://framagit.org/Shaft/unbound-adblock/-/blob/main/adblock
</code></pre></div></div>
<p>Lancer le script au démarrage de la machine avec un service systemd, ainsi une relance dUnbound est moins pénalisante étant donné que redémarrer ce résolveur vide son cache.<br />
Créer <a href="https://framagit.org/Shaft/unbound-adblock/-/blob/main/adblock.service">adblock.service</a> ` /etc/systemd/system/adblock.service`</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[Unit]
Description=Unbound AdBlock List Making
After=unbound.service network-online.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/unbound-adblock /var/lib/unbound/liste-adblock.json
RemainAfterExit=yes
User=root
PrivateTmp=true
ProtectHome=true
[Install]
WantedBy=multi-user.target
</code></pre></div></div>
<p>Activer et démarrer le service</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl enable --now adblock.service
</code></pre></div></div>
<p>vérifier que tout cest bien passé via le fichier de log <code class="language-plaintext highlighter-rouge">/var/log/adblock.log</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sept. 16 08:00:19 +0000 INFO: Téléchargement des 4 listes de domaines
sept. 16 08:00:21 +0000 INFO: Téléchargement de la liste MVPS réussi. Hash nul, la liste est nouvelle.
sept. 16 08:00:21 +0000 INFO: Sauvegarde dans /var/lib/unbound/MVPS.list
sept. 16 08:00:21 +0000 INFO: Téléchargement de la liste AdAway réussi. Hash nul, la liste est nouvelle.
sept. 16 08:00:21 +0000 INFO: Sauvegarde dans /var/lib/unbound/AdAway.list
sept. 16 08:00:22 +0000 INFO: Téléchargement de la liste StevenBlack Unifié réussi. Hash nul, la liste est nouvelle.
sept. 16 08:00:22 +0000 INFO: Sauvegarde dans /var/lib/unbound/StevenBlack-Unifié.list
sept. 16 08:00:23 +0000 INFO: Téléchargement de la liste yoyo.org réussi. Hash nul, la liste est nouvelle.
sept. 16 08:00:23 +0000 INFO: Sauvegarde dans /var/lib/unbound/yoyo.org.list
sept. 16 08:00:23 +0000 INFO: Pas de liste trouvée. Construction de celle-ci et du fichier de configuration.
sept. 16 08:00:26 +0000 INFO: Copie de la nouvelle configuration dans /etc/unbound/unbound.conf.d/adblock.conf
sept. 16 08:00:26 +0000 INFO: Redémarrage d'Unbound.
sept. 16 08:00:27 +0000 INFO: Blocage de 166353 domaines.
</code></pre></div></div>
<p>Test avec un site qui est dans la liste</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>dig ad2.adfarm1.adition.com
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>; &lt;&lt;&gt;&gt; DiG 9.18.28-1~deb12u2-Debian &lt;&lt;&gt;&gt; ad2.adfarm1.adition.com
;; global options: +cmd
;; Got answer:
;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NXDOMAIN, id: 16929
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ad2.adfarm1.adition.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Sep 16 08:00:47 GMT 2024
;; MSG SIZE rcvd: 52
</code></pre></div></div>
<p><code class="language-plaintext warning highlighter-rouge">La requête DNS n'est pas servie et se voit répondre NXDOMAIN</code></p>
<h3 id="blocage-des-dmp">Blocage des DMP</h3>
<p><strong>Blocage des DMP (Data Management Platforms) avec Unbound</strong></p>
<p><em>Configuration nécessaire pour Unbound afin de bloquer certaines “Data Management Platforms” (DMP) utilisées par de plus en plus de sites (liberation.fr, oui.scnf, lemonde.fr, fnac.com…) et qui échappent pour linstant aux bloqueurs de traqueurs traditionnels (uBlock Origin ou uMatrix par exemple)</em></p>
<p><strong>Le cœur du problème</strong> <br />
Dernièrement, une conjoncture déléments est venue semer le trouble chez nos aspirateurs :</p>
<ul>
<li>Lentrée en vigueur du RGPD en Europe</li>
<li>La part de plus en plus grande dinternautes utilisant des bloqueurs de publicités</li>
<li>La volonté des éditeurs de navigateurs web (Chrome et Firefox et donc leurs dérivés) de bloquer par défaut les traqueurs ou les cookies tiers.</li>
</ul>
<p>Un mouchard est dit tiers ou 3rd-party quand on est disruptif quand il nest pas chargé depuis le domaine (ou un de ses sous domaines) que vous visitez. Par exemple quand on visite https://liberation.fr/, le script chargé depuis www.google-analytics.com est tiers. Si le même mouchard est chargé depuis un sous-domaine de liberation.fr, il est dit 1st-party (primaire a priori en bon français).
Le hic, pour nos amis start-uppers est que les mouchards/cookies tiers sont triviaux à bloquer. Ne pas charger les cookies tiers est dailleurs une option répandue dans les navigateurs depuis des années.</p>
<p><strong>La fourberie</strong><br />
La technique développée par les marketeux pour ne pas voir les juteuses données personnelles leur échapper est à la fois techniquement très simple et redoutable. Il suffit de transformer les crasses 3rd-party en 1st-party afin de les cacher sous le cyber-tapis pour reprendre lexpression de Reflets. Et pour se faire passer par le DNS et ses possiblités.</p>
<p><strong>Bloquer les indésirables avec Unbound</strong><br />
On entre dans la partie technique, pour faire court, on va décréter à Unbound que nous contrôlons les domaines indésirables (eulerian.net par exemple) afin de faire échouer la résolution DNS. La technique est <a href="https://www.shaftinc.fr/escalade-traque-eulerian.html">développée plus en détail sur un blog</a>.</p>
<p>Pour mémoire :</p>
<ul>
<li>On crée un fichier de zone (<strong>eulerian.net.zone</strong>) où lon met un enregistrement SOA.</li>
<li>On lassocie à chaque domaine à bloquer dans la configuration dUnbound (<strong>adblock-war.conf</strong>)</li>
</ul>
<p>Cette technique sera valable, pour les versions dUnbound supérieures à 1.7.0.</p>
<p>Créer un fichier <code class="language-plaintext highlighter-rouge">/var/lib/unbound/eulerian.net.zone</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$TTL 10800
eulerian.net. IN SOA localhost. nobody.invalid. (
1
3600
1200
604800
10800
)
</code></pre></div></div>
<p>Dans le détail, on indique la durée de vie par défaut des enregistrements ($TTL 10800) puis le début de lautorité pour la zone (avec le nom du serveur faisant autorité (localhost.), le mail de ladmin (nobody@invalid. le @ est un caractère particulier dans le DNS, on le remplace donc par un point) et cest tout, le reste du domaine sera vide.</p>
<p>créer 2 copies de ce fichier nommées <code class="language-plaintext highlighter-rouge">eulerian.com.zone</code> et <code class="language-plaintext highlighter-rouge">eulerian.fr.zone</code> et changer le domaine.</p>
<p>fichier <code class="language-plaintext highlighter-rouge">/var/lib/unbound/eulerian.com.zone</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$TTL 10800
eulerian.com. IN SOA localhost. nobody.invalid. (
1
3600
1200
604800
10800
)
</code></pre></div></div>
<p>fichier <code class="language-plaintext highlighter-rouge">/var/lib/unbound/eulerian.fr.zone</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$TTL 10800
eulerian.fr. IN SOA localhost. nobody.invalid. (
1
3600
1200
604800
10800
)
</code></pre></div></div>
<p>Configuration dUnbound</p>
<p>Dans un fichier .conf spécifique, typiquement <code class="language-plaintext highlighter-rouge">/etc/unbound/unbound.conf.d/block-eurelian.conf</code> sous Debian et dérivés, ajouter :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>auth-zone:
name: "eulerian.net."
zonefile: "/var/lib/unbound/eulerian.net.zone"
auth-zone:
name: "eulerian.fr."
zonefile: "/var/lib/unbound/eulerian.fr.zone"
auth-zone:
name: "eulerian.com."
zonefile: "/var/lib/unbound/eulerian.com.zone"
</code></pre></div></div>
<p>On définit donc 3 zones sur lesquelles nous décrétons avoir lautorité et pour chacune dentre elles, on dit à Unbound dutiliser les fichiers correspondants. On sauvegarde et on relance Unbound et normalement, le blocage est effectif :</p>
<p>Redémarrer unbound</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl restart unbound
</code></pre></div></div>
<p>Vérifier</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>dig v.oui.sncf
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>; &lt;&lt;&gt;&gt; DiG 9.18.28-1~deb12u2-Debian &lt;&lt;&gt;&gt; v.oui.sncf
;; global options: +cmd
;; Got answer:
;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NXDOMAIN, id: 42150
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;v.oui.sncf. IN A
;; ANSWER SECTION:
v.oui.sncf. 3600 IN CNAME voyages-sncf.eulerian.net.
;; Query time: 536 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Mon Sep 16 08:32:29 GMT 2024
;; MSG SIZE rcvd: 78
</code></pre></div></div>
<p><code class="language-plaintext warning highlighter-rouge">La requête n'est pas servie (NXDOMAIN)</code></p>
<h3 id="activer-logs-unbound">Activer logs unbound</h3>
<p>Modifier le fichier de configuration unbound</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> logfile: /var/log/unbound.log
verbosity: 1
log-queries: yes
</code></pre></div></div>
<p>Créer le fichier log avec les droits</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>touch /var/log/unbound.log
chown unbound:unbound /var/log/unbound.log
</code></pre></div></div>
<p>Relancer le service unbound</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl restart unbound
</code></pre></div></div>
<p>Visualiser les logs</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>tail -f /var/log/unbound.log
</code></pre></div></div>
<h2 id="annexe">Annexe</h2>
<h3 id="dns-debian-resolvconf">DNS Debian (resolvconf)</h3>
<ul>
<li>Article original <a href="https://coagul.org/drupal/publication/r%C3%A9solution-noms-resolvconf-sous-linux-debian">Résolution des noms avec resolvconf sous Linux Debian</a> du 27/08/2106</li>
</ul>
<p><em>En fonction du type de connexion utilisé, il est parfois nécessaire de faire appel à différents serveurs de noms (DNS). Par exemple, lors dune connexion à son lieu de travail, il faut utiliser le serveur DNS de son réseau, mais lors dune connexion à internet, il faut utiliser les serveurs DNS de son fournisseur daccès. Dans ce cas, le paquet <strong>“resolvconf”</strong> sous Debian permet de résoudre ces problèmes.</em></p>
<p><strong>Rappel sur lutilité du fichier « /etc/resolv.conf »</strong><br />
Ce fichier permet dindiquer le ou les domaines de recherche et les différents serveurs DNS à utiliser.</p>
<p>Par exemple, dans un réseau local, nous pourrions avoir un serveur DNS à ladresse 192.168.0.1 chargé de gérer le domaine « mon-domaine.local ». En cas de défaillance du DNS local, nous pourrions faire appel aux serveurs DNS de notre fournisseur daccès. Dans ce cas, le contenu du fichier « /etc/resolv.conf », pourrait ressembler à cela :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nameserver 192.168.0.1
nameserver 212.27.53.252
nameserver 212.27.52.252
search mon-domaine.local
</code></pre></div></div>
<p>La première ligne indique ladresse du serveur DNS du réseau local. En cas de défaillance de ce serveur, les serveurs suivants seront utilisés (Serveurs du fournisseur daccès à Internet).</p>
<p>La dernière ligne permet dindiquer le nom du domaine géré par le serveur DNS local. Par exemple, si nous cherchons à contacter le serveur « <strong>MonServeur</strong> », le système cherchera en fait à contacter ladresse complète « <strong>MonServeur.mon-domaine.local</strong> », car le nom du serveur indiqué ne comportait pas le domaine de recherche.</p>
<p><strong>Présentation et installation de resolvconf</strong><br />
Le programme <strong>resolvconf</strong> garde la trace des informations du système sur les serveurs de noms de domaine actuellement disponibles. Il ne faut pas le confondre avec le fichier de configuration <strong>resolv.conf</strong> qui porte malencontreusement presque le même nom. <u>Le programme resolvconf est optionnel sur les systèmes Debian.</u></p>
<p>Le fichier de configuration <strong>resolv.conf</strong> contient des informations sur les serveurs de noms de domaine que le système doit utiliser. Néanmoins, quand plusieurs programmes doivent modifer dynamiquement le fichier de configuration resolv.conf, ils peuvent se chevaucher et le fichier peut ne plus être synchronisé. Le programme resolvconf soccupe de ce problème. Il agit comme un intermédiaire entre les programmes qui fournissent des informations sur les serveurs de noms de domaine (par exemple les clients dhcp) et les programmes qui les utilisent (par exemple resolver).</p>
<p>Quand <strong>resolvconf</strong> est correctement installé, le fichier de configuration resolv.conf du répertoire <strong>/etc/resolv.conf</strong> est remplacé par un lien symbolique pointant vers le fichier /etc/resolvconf/run/resolv.conf et le résolveur utilise plutôt le fichier de configuration qui est généré dynamiquement par resolvconf à cet emplacement /etc/resolvconf/run/resolv.conf.</p>
<p>Le programme resolvconf est en général seulement nécessaire quand un système a plusieurs programmes qui ont besoin de modifier de façon dynamique les informations sur les serveurs de noms de domaine. Sur un système simple où les serveurs de noms de domaine ne changent pas souvent ou bien ne sont modifiés que par un programme, le fichier de configuration resolv.conf est suffisant.</p>
<p>Si le programme resolvconf est installé, vous naurez pas à modifier à la main le fichier de configuration resolv.conf car il sera changé de façon dynamique par les programmes. Si vous avez besoin de définir vous-même les serveurs de noms de domaine (comme avec une interface statique), ajoutez au fichier de configuration interfaces du répertoire /etc/network/interfaces une ligne comme celle-ci :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>dns-nameservers 127.0.0.1 80.67.169.12 80.67.169.40
</code></pre></div></div>
<p>Mettez la ligne indéntée dans un paragraphe iface, par exemple juste après la ligne gateway. Entrez les adresses IP des serveurs de noms de domaine dont vous avez besoin après dns-nameservers, toutes sur la même ligne, séparées par des espaces. Noubliez pas le “s” à la fin de dns-nameservers.</p>
<p>Le programme resolvconf est un ajout plutôt récent à Debian et plusieurs anciens programmes ont besoin dêtre mis à jour ou reconfigurés pour fonctionner correctement avec lui . Si vous rencontrez des problèmes, regardez <em>/usr/share/doc/resolvconf/README</em> qui contient beaucoup dinformations sur la manière de faire fonctionner resolvconf avec dautres programmes.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt install resolvconf -y
echo "nameserver 127.0.0.1" &gt;&gt; /etc/resolvconf/resolv.conf.d/head
</code></pre></div></div>
<blockquote>
<p>Une fois le paquet « <strong>resolvconf</strong> » installé, <u>il ne faut plus modifier le fichier</u> « <strong>/etc/resolv.conf</strong> », car le contenu de celui-ci sera automatiquement géré et remplacé par « <strong>resolvconf</strong> ».</p>
</blockquote>
<p>Le résultat de la commande</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nslookup afnic.fr | grep Server
</code></pre></div></div>
<p>devrait ressembler à ceci:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Server: 127.0.0.1
</code></pre></div></div>
<p>Vérifier la résolution de nom à partir du serveur :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>dig @127.0.0.1 afnic.fr
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>; &lt;&lt;&gt;&gt; DiG 9.10.3-P4-Debian &lt;&lt;&gt;&gt; @127.0.0.1 afnic.fr
; (1 server found)
...
;; SERVER: 127.0.0.1#53(127.0.0.1)
...
</code></pre></div></div>
<p>La résolution fonctionne</p>
<p><code class="language-plaintext success highlighter-rouge">Maintenant, vous disposez de votre propre résolveur DNS.</code></p>
</div>
<div class="d-print-none"><footer class="article__footer"><meta itemprop="dateModified" content="2018-04-27T00:00:00+02:00"><!-- start custom article footer snippet -->
<!-- end custom article footer snippet -->
<!--
<div align="right"><a type="application/rss+xml" href="/feed.xml" title="S'abonner"><i class="fa fa-rss fa-2x"></i></a>
&emsp;</div>
-->
</footer>
<div class="article__section-navigator clearfix"><div class="previous"><span>PRÉCÉDENT</span><a href="/2018/03/28/nano-syntaxe-highlight.html">Editeur nano syntaxe highlight</a></div><div class="next"><span>SUIVANT</span><a href="/2018/05/03/Searx-Metamoteur-Recherche-Libre.html">Searx (métamoteur de recherche libre)</a></div></div></div>
</div>
<script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
$(function() {
var $this ,$scroll;
var $articleContent = $('.js-article-content');
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var scroll = hasSidebar ? '.js-page-main' : 'html, body';
$scroll = $(scroll);
$articleContent.find('.highlight').each(function() {
$this = $(this);
$this.attr('data-lang', $this.find('code').attr('data-lang'));
});
$articleContent.find('h1[id], h2[id], h3[id], h4[id], h5[id], h6[id]').each(function() {
$this = $(this);
$this.append($('<a class="anchor d-print-none" aria-hidden="true"></a>').html('<i class="fas fa-anchor"></i>'));
});
$articleContent.on('click', '.anchor', function() {
$scroll.scrollToAnchor('#' + $(this).parent().attr('id'), 400);
});
});
});
})();
</script>
</div><section class="page__comments d-print-none"></section></article><!-- start custom main bottom snippet -->
<!-- end custom main bottom snippet -->
</div>
</div></div></div></div>
</div><script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $body = $('body'), $window = $(window);
var $pageRoot = $('.js-page-root'), $pageMain = $('.js-page-main');
var activeCount = 0;
function modal(options) {
var $root = this, visible, onChange, hideWhenWindowScroll = false;
var scrollTop;
function setOptions(options) {
var _options = options || {};
visible = _options.initialVisible === undefined ? false : show;
onChange = _options.onChange;
hideWhenWindowScroll = _options.hideWhenWindowScroll;
}
function init() {
setState(visible);
}
function setState(isShow) {
if (isShow === visible) {
return;
}
visible = isShow;
if (visible) {
activeCount++;
scrollTop = $(window).scrollTop() || $pageMain.scrollTop();
$root.addClass('modal--show');
$pageMain.scrollTop(scrollTop);
activeCount === 1 && ($pageRoot.addClass('show-modal'), $body.addClass('of-hidden'));
hideWhenWindowScroll && window.hasEvent('touchstart') && $window.on('scroll', hide);
$window.on('keyup', handleKeyup);
} else {
activeCount > 0 && activeCount--;
$root.removeClass('modal--show');
$window.scrollTop(scrollTop);
activeCount === 0 && ($pageRoot.removeClass('show-modal'), $body.removeClass('of-hidden'));
hideWhenWindowScroll && window.hasEvent('touchstart') && $window.off('scroll', hide);
$window.off('keyup', handleKeyup);
}
onChange && onChange(visible);
}
function show() {
setState(true);
}
function hide() {
setState(false);
}
function handleKeyup(e) {
// Char Code: 27 ESC
if (e.which === 27) {
hide();
}
}
setOptions(options);
init();
return {
show: show,
hide: hide,
$el: $root
};
}
$.fn.modal = modal;
});
})();
</script><div class="modal modal--overflow page__search-modal d-print-none js-page-search-modal"><script>
(function () {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
// search panel
var search = (window.search || (window.search = {}));
var useDefaultSearchBox = window.useDefaultSearchBox === undefined ?
true : window.useDefaultSearchBox ;
var $searchModal = $('.js-page-search-modal');
var $searchToggle = $('.js-search-toggle');
var searchModal = $searchModal.modal({ onChange: handleModalChange, hideWhenWindowScroll: true });
var modalVisible = false;
search.searchModal = searchModal;
var $searchBox = null;
var $searchInput = null;
var $searchClear = null;
function getModalVisible() {
return modalVisible;
}
search.getModalVisible = getModalVisible;
function handleModalChange(visible) {
modalVisible = visible;
if (visible) {
search.onShow && search.onShow();
useDefaultSearchBox && $searchInput[0] && $searchInput[0].focus();
} else {
search.onShow && search.onHide();
useDefaultSearchBox && $searchInput[0] && $searchInput[0].blur();
setTimeout(function() {
useDefaultSearchBox && ($searchInput.val(''), $searchBox.removeClass('not-empty'));
search.clear && search.clear();
window.pageAsideAffix && window.pageAsideAffix.refresh();
}, 400);
}
}
$searchToggle.on('click', function() {
modalVisible ? searchModal.hide() : searchModal.show();
});
// Char Code: 83 S, 191 /
$(window).on('keyup', function(e) {
if (!modalVisible && !window.isFormElement(e.target || e.srcElement) && (e.which === 83 || e.which === 191)) {
modalVisible || searchModal.show();
}
});
if (useDefaultSearchBox) {
$searchBox = $('.js-search-box');
$searchInput = $searchBox.children('input');
$searchClear = $searchBox.children('.js-icon-clear');
search.getSearchInput = function() {
return $searchInput.get(0);
};
search.getVal = function() {
return $searchInput.val();
};
search.setVal = function(val) {
$searchInput.val(val);
};
$searchInput.on('focus', function() {
$(this).addClass('focus');
});
$searchInput.on('blur', function() {
$(this).removeClass('focus');
});
$searchInput.on('input', window.throttle(function() {
var val = $(this).val();
if (val === '' || typeof val !== 'string') {
search.clear && search.clear();
} else {
$searchBox.addClass('not-empty');
search.onInputNotEmpty && search.onInputNotEmpty(val);
}
}, 400));
$searchClear.on('click', function() {
$searchInput.val(''); $searchBox.removeClass('not-empty');
search.clear && search.clear();
});
}
});
})();
</script><div class="search search--dark">
<div class="main">
<div class="search__header">Recherche</div>
<div class="search-bar">
<div class="search-box js-search-box">
<div class="search-box__icon-search"><i class="fas fa-search"></i></div>
<input id="search-input" type="text" />
<div class="search-box__icon-clear js-icon-clear">
<a><i class="fas fa-times"></i></a>
</div>
</div>
<button class="button button--theme-dark button--pill search__cancel js-search-toggle">
Annuler</button>
</div>
<div id="results-container" class="search-result js-search-result"></div>
</div>
</div>
<!-- Script pointing to search-script.js -->
<script>/*!
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen; i++) {
var nch = needle.charCodeAt(i);
while (j < tlen) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len; i++) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length && matches.length < opt.limit; i++) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) && strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len; i++) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 && xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' && params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object && JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '<li><a href="{url}" title="{desc}">{title}</a></li>',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' && options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len; i++) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query && query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
</script>
<!-- Configuration -->
<script>
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
noResultsText: '<p>Aucun résultat!</p>',
json: '/search.json',
searchResultTemplate: '<li><a href="{url}">{date}&nbsp;{title}</a>&nbsp;(Création {create})</li>'
})
</script>
</div></div>
<script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function scrollToAnchor(anchor, duration, callback) {
var $root = this;
$root.animate({ scrollTop: $(anchor).position().top }, duration, function() {
window.history.replaceState(null, '', window.location.href.split('#')[0] + anchor);
callback && callback();
});
}
$.fn.scrollToAnchor = scrollToAnchor;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function affix(options) {
var $root = this, $window = $(window), $scrollTarget, $scroll,
offsetBottom = 0, scrollTarget = window, scroll = window.document, disabled = false, isOverallScroller = true,
rootTop, rootLeft, rootHeight, scrollBottom, rootBottomTop,
hasInit = false, curState;
function setOptions(options) {
var _options = options || {};
_options.offsetBottom && (offsetBottom = _options.offsetBottom);
_options.scrollTarget && (scrollTarget = _options.scrollTarget);
_options.scroll && (scroll = _options.scroll);
_options.disabled !== undefined && (disabled = _options.disabled);
$scrollTarget = $(scrollTarget);
isOverallScroller = window.isOverallScroller($scrollTarget[0]);
$scroll = $(scroll);
}
function preCalc() {
top();
rootHeight = $root.outerHeight();
rootTop = $root.offset().top + (isOverallScroller ? 0 : $scrollTarget.scrollTop());
rootLeft = $root.offset().left;
}
function calc(needPreCalc) {
needPreCalc && preCalc();
scrollBottom = $scroll.outerHeight() - offsetBottom - rootHeight;
rootBottomTop = scrollBottom - rootTop;
}
function top() {
if (curState !== 'top') {
$root.removeClass('fixed').css({
left: 0,
top: 0
});
curState = 'top';
}
}
function fixed() {
if (curState !== 'fixed') {
$root.addClass('fixed').css({
left: rootLeft + 'px',
top: 0
});
curState = 'fixed';
}
}
function bottom() {
if (curState !== 'bottom') {
$root.removeClass('fixed').css({
left: 0,
top: rootBottomTop + 'px'
});
curState = 'bottom';
}
}
function setState() {
var scrollTop = $scrollTarget.scrollTop();
if (scrollTop >= rootTop && scrollTop <= scrollBottom) {
fixed();
} else if (scrollTop < rootTop) {
top();
} else {
bottom();
}
}
function init() {
if(!hasInit) {
var interval, timeout;
calc(true); setState();
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState();
});
$window.on('resize', function() {
disabled || (calc(true), setState());
});
hasInit = true;
}
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions,
refresh: function() {
calc(true, { animation: false }); setState();
}
};
}
$.fn.affix = affix;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function toc(options) {
var $root = this, $window = $(window), $scrollTarget, $scroller, $tocUl = $('<ul class="toc toc--ellipsis"></ul>'), $tocLi, $headings, $activeLast, $activeCur,
selectors = 'h1,h2,h3', container = 'body', scrollTarget = window, scroller = 'html, body', disabled = false,
headingsPos, scrolling = false, hasRendered = false, hasInit = false;
function setOptions(options) {
var _options = options || {};
_options.selectors && (selectors = _options.selectors);
_options.container && (container = _options.container);
_options.scrollTarget && (scrollTarget = _options.scrollTarget);
_options.scroller && (scroller = _options.scroller);
_options.disabled !== undefined && (disabled = _options.disabled);
$headings = $(container).find(selectors).filter('[id]');
$scrollTarget = $(scrollTarget);
$scroller = $(scroller);
}
function calc() {
headingsPos = [];
$headings.each(function() {
headingsPos.push(Math.floor($(this).position().top));
});
}
function setState(element, disabled) {
var scrollTop = $scrollTarget.scrollTop(), i;
if (disabled || !headingsPos || headingsPos.length < 1) { return; }
if (element) {
$activeCur = element;
} else {
for (i = 0; i < headingsPos.length; i++) {
if (scrollTop >= headingsPos[i]) {
$activeCur = $tocLi.eq(i);
} else {
$activeCur || ($activeCur = $tocLi.eq(i));
break;
}
}
}
$activeLast && $activeLast.removeClass('active');
($activeLast = $activeCur).addClass('active');
}
function render() {
if(!hasRendered) {
$root.append($tocUl);
$headings.each(function() {
var $this = $(this);
$tocUl.append($('<li></li>').addClass('toc-' + $this.prop('tagName').toLowerCase())
.append($('<a></a>').text($this.text()).attr('href', '#' + $this.prop('id'))));
});
$tocLi = $tocUl.children('li');
$tocUl.on('click', 'a', function(e) {
e.preventDefault();
var $this = $(this);
scrolling = true;
setState($this.parent());
$scroller.scrollToAnchor($this.attr('href'), 400, function() {
scrolling = false;
});
});
}
hasRendered = true;
}
function init() {
var interval, timeout;
if(!hasInit) {
render(); calc(); setState(null, scrolling);
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState(null, scrolling);
});
$window.on('resize', window.throttle(function() {
if (!disabled) {
render(); calc(); setState(null, scrolling);
}
}, 100));
}
hasInit = true;
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions
};
}
$.fn.toc = toc;
});
})();
/*(function () {
})();*/
</script><script>
/* toc must before affix, since affix need to konw toc' height. */(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
var TOC_SELECTOR = window.TEXT_VARIABLES.site.toc.selectors;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window);
var $articleContent = $('.js-article-content');
var $tocRoot = $('.js-toc-root'), $col2 = $('.js-col-aside');
var toc;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var hasToc = $articleContent.find(TOC_SELECTOR).length > 0;
function disabled() {
return $col2.css('display') === 'none' || !hasToc;
}
tocDisabled = disabled();
toc = $tocRoot.toc({
selectors: TOC_SELECTOR,
container: $articleContent,
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
tocDisabled = disabled();
toc && toc.setOptions({
disabled: tocDisabled
});
}, 100));
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window), $pageFooter = $('.js-page-footer');
var $pageAside = $('.js-page-aside');
var affix;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
affix = $pageAside.affix({
offsetBottom: $pageFooter.outerHeight(),
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
scroll: hasSidebar ? $('.js-page-main').children() : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
affix && affix.setOptions({
disabled: tocDisabled
});
}, 100));
window.pageAsideAffix = affix;
});
})();
</script><!---->
</div>
<script>(function () {
var $root = document.getElementsByClassName('root')[0];
if (window.hasEvent('touchstart')) {
$root.dataset.isTouch = true;
document.addEventListener('touchstart', function(){}, false);
}
})();
</script>
</body>
</html>