Use DNS to force youtube into restricted mode - and Pi-Hole

General
23

I've never tested the script with duckduckgo, this was added later by @picante here. The script can't handle the output from dig, hence, the error message.

I've modified the script (I'm NOT a script guru, there might be a better way). Here is the summary of things you need to have, in order for this to work.

  1. Modify /etc/hosts, it should contain:
# restricted youtube, bing, google and duckduckgo search
216.239.38.120	restrict.youtube.com
216.239.38.119	restrictmoderate.youtube.com
216.239.38.120	forcesafesearch.google.com
204.79.197.220	strict.bing.com
46.51.179.90	safe.duckduckgo.com
  1. Create an aditional dnsmasq configuration file, for example /etc/dnsmasq.d/98-restrict.conf.
    Use any number you haven't used yet, apart from 01, 02 and 03 (see earlier for an explanation). This new file should contain the following:
# YouTube
# you can also implement a moderate setting
# replace restrict.youtube.com with restrictmoderate.youtube.com
cname=www.youtube.com,restrict.youtube.com
cname=m.youtube.com,restrict.youtube.com
cname=youtubei.googleapis.com,restrict.youtube.com
cname=youtube.googleapis.com,restrict.youtube.com
cname=www.youtube-nocookie.com,restrict.youtube.com

# SafeSearch
cname=www.google.com,forcesafesearch.google.com

# Bing Family Filter
cname=www.bing.com,strict.bing.com

# duckduckgo
cname=www.duckduckgo.com,safe.duckduckgo.com

You can test the new configuration file by running:

dnsmasq --test
  1. restart dnsmasq, if you're still using the current production version:
sudo service dnsmasq restart

if you're already using FTLDNS, restart FTLDNS (I'm not running FTLDNS, I found the restart command here):

sudo systemctl start pihole-FTL.service
  1. You might want to update the IP addresses, using a script, but I don't think this is necessary. I wrote the original guidelines over a year ago, the addresses have not changed. Here is the updated script:
#!/bin/bash

update_ip_address() {
file=/etc/hosts
if [[ $(grep $1 $file) ]]; then
	IP=$(nslookup -query=A $1 8.8.8.8 | grep 'Address:' | tail -1 | \
		grep -oE '((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){3}((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5]))')
	sed -i "/$1/ s/.*/$IP\t$1/g" $file
fi
}

update_ip_address restrict.youtube.com
update_ip_address restrictmoderate.youtube.com
update_ip_address strict.bing.com
update_ip_address forcesafesearch.google.com
update_ip_address safe.duckduckgo.com

Hope this helps...

@DL6ER: as suggested somewhere in this topic, this might be a nice feature to add to the web interface, so users can activate / deactivate safe search with a single click.

2 Likes