Reference for domain names here and here
Create a file /etc/dnsmasq.d/05-restrict.conf, us a higher number if you already have a 05 entry. Don't use 01 (pihole core) 02 (pihole dhcp) or 03 (pihole wildcards):
# reference: https://support.opendns.com/hc/en-us/articles/227986807-How-to-Enforcing-Google-SafeSearch-YouTube-and-Bing
# YouTube
# you can also implement a moderate setting
# replace restrict.youtube.com with restrictmoderate.youtube.com
cname=www.youtube.com,restrict.youtube.com
cname=m.youtube.com,restrict.youtube.com
cname=youtubei.googleapis.com,restrict.youtube.com
cname=youtube.googleapis.com,restrict.youtube.com
cname=www.youtube-nocookie.com,restrict.youtube.com
# SafeSearch
cname=www.google.com,forcesafesearch.google.com
# Bing Family Filter
cname=www.bing.com,strict.bing.com
test (for typo's) - should report dnsmasq: syntax check OK.
dnsmasq --test
edit your hosts file
sudo nano /etc/hosts
enter the following entries (leave the original content, just add the following)
216.239.38.120 restrict.youtube.com
216.239.38.119 restrictmoderate.youtube.com
216.239.38.120 forcesafesearch.google.com
204.79.197.220 strict.bing.com
restart the dns service
sudo service dnsmasq restart
I don't think it's really necessary to update the addresses regularly, since it would brake protection for a lot of people worldwide, if they changed, but you can run (from time to time) the script that's listed above. The script has changed to allow for the additional entries to be processed correctly!
haven't tried safe search or youtube (kingmoocow seems to have had good results) but bing produces this:
