X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=untrusted-network;h=9cbf4ab37c1d7b13530827b2888acdaf68ceef41;hb=32a1673064cfd9eaa165b4ea62fa416f02f3dfd2;hp=8fc3d7baedb561b8669d4e70e2d59b29083b2298;hpb=4c39892ef8fa3379ce36adbe870723324cb71cea;p=distro-setup

diff --git a/untrusted-network b/untrusted-network
index 8fc3d7b..9cbf4ab 100755
--- a/untrusted-network
+++ b/untrusted-network
@@ -3,17 +3,22 @@
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
-[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 
 # Usage: use when switching from a trusted network to an untrusted one,
 # like public wifi.
 
-cat >/etc/dnsmasq.d/untrusted-network.conf <<'EOF'
+if [[ ! -s /etc/dnsmasq.d/untrusted-network.conf ]]; then
+  cat >/etc/dnsmasq.d/untrusted-network.conf <<'EOF'
 server=8.8.4.4
 server=8.8.8.8
 server=2001:4860:4860::8844
 server=2001:4860:4860::8888
 no-resolv
+# https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
+stop-dns-rebind
 EOF
 
-systemctl reload dnsmasq
+  nscd -i hosts
+  systemctl reload dnsmasq
+fi