diff options
author | gwitmond <guido@witmond.nl> | 2017-09-18 13:21:44 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-09-18 22:54:29 +0200 |
commit | bd52618c9d4a2620882cd03ecb15a1eb028827b7 (patch) | |
tree | fdf0e98cdeecd77a1839b4abd3594d410e6e19b6 | |
parent | 38c14d71329c3fa760ea602f09b380b3cd0bdbc2 (diff) |
nixos: add option for bind to not resolve local queries (#29503)
When the user specifies the networking.nameservers setting in the configuration file, it must take precedence over automatically derived settings. The culprit was services.bind that made the resolver set to 127.0.0.1 and ignore the nameserver setting. This patch adds a flag to services.bind to override the nameserver to localhost. It defaults to true. Setting this to false prevents the service.bind and dnsmasq.resolveLocalQueries settings from overriding the users' settings. Also, when the user specifies a domain to search, it must be set in the resolver configuration, even if the user does not specify any nameservers. (cherry picked from commit 670b4e29adc16e0a29aa5b4c126703dcca56aeb6) This commit was accidentally merged to 17.09 but was intended for master. This is the cherry-pick to master.
-rw-r--r-- | nixos/modules/config/networking.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/networking/bind.nix | 9 | ||||
-rw-r--r-- | nixos/modules/services/networking/dnsmasq.nix | 2 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces-scripted.nix | 2 |
4 files changed, 14 insertions, 3 deletions
diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix index 619f36cd5150e..5fa91ec9cfbcc 100644 --- a/nixos/modules/config/networking.nix +++ b/nixos/modules/config/networking.nix @@ -9,7 +9,9 @@ let cfg = config.networking; dnsmasqResolve = config.services.dnsmasq.enable && config.services.dnsmasq.resolveLocalQueries; - hasLocalResolver = config.services.bind.enable || dnsmasqResolve; + bindResolve = config.services.bind.enable && + config.services.bind.resolveLocalQueries; + hasLocalResolver = bindResolve || dnsmasqResolve; resolvconfOptions = cfg.resolvconfOptions ++ optional cfg.dnsSingleRequest "single-request" diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix index 763283dfe7a22..9f533eedf6e1f 100644 --- a/nixos/modules/services/networking/bind.nix +++ b/nixos/modules/services/networking/bind.nix @@ -151,6 +151,15 @@ in "; }; + resolveLocalQueries = mkOption { + type = types.bool; + default = true; + description = '' + Whether bind should resolve local queries (i.e. add 127.0.0.1 to + /etc/resolv.conf, overriding networking.nameserver). + ''; + }; + }; }; diff --git a/nixos/modules/services/networking/dnsmasq.nix b/nixos/modules/services/networking/dnsmasq.nix index fcf5aa5f175b7..3d1b931de07e6 100644 --- a/nixos/modules/services/networking/dnsmasq.nix +++ b/nixos/modules/services/networking/dnsmasq.nix @@ -42,7 +42,7 @@ in default = true; description = '' Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to - /etc/resolv.conf). + /etc/resolv.conf overriding networking.nameservers). ''; }; diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix index 7ede8752bcc38..adc048f3ca2cc 100644 --- a/nixos/modules/tasks/network-interfaces-scripted.nix +++ b/nixos/modules/tasks/network-interfaces-scripted.nix @@ -105,7 +105,7 @@ let '' # Set the static DNS configuration, if given. ${pkgs.openresolv}/sbin/resolvconf -m 1 -a static <<EOF - ${optionalString (cfg.nameservers != [] && cfg.domain != null) '' + ${optionalString (cfg.domain != null) '' domain ${cfg.domain} ''} ${optionalString (cfg.search != []) ("search " + concatStringsSep " " cfg.search)} |