nixos: add option for bind to not resolve local queries (#29503)

When the user specifies the networking.nameservers setting in the configuration file, it must take precedence over automatically derived settings. The culprit was services.bind that made the resolver set to 127.0.0.1 and ignore the nameserver setting. This patch adds a flag to services.bind to override the nameserver to localhost. It defaults to true. Setting this to false prevents the service.bind and dnsmasq.resolveLocalQueries settings from overriding the users' settings. Also, when the user specifies a domain to search, it must be set in the resolver configuration, even if the user does not specify any nameservers.
NixOS · Sep 18, 2017 · 670b4e2 · 670b4e2
1 parent 3ff962d
commit 670b4e2
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 3 deletions.
diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix
@@ -9,7 +9,9 @@ let
   cfg = config.networking;
   dnsmasqResolve = config.services.dnsmasq.enable &&
                    config.services.dnsmasq.resolveLocalQueries;
-  hasLocalResolver = config.services.bind.enable || dnsmasqResolve;
+  bindResolve =    config.services.bind.enable &&
+                   config.services.bind.resolveLocalQueries;
+  hasLocalResolver = bindResolve || dnsmasqResolve;
 
   resolvconfOptions = cfg.resolvconfOptions
     ++ optional cfg.dnsSingleRequest "single-request"

diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix
@@ -151,6 +151,15 @@ in
         ";
       };
 
+      resolveLocalQueries = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Whether bind should resolve local queries (i.e. add 127.0.0.1 to
+          /etc/resolv.conf, overriding networking.nameserver).
+        '';
+      };
+
     };
 
   };

diff --git a/nixos/modules/services/networking/dnsmasq.nix b/nixos/modules/services/networking/dnsmasq.nix
@@ -42,7 +42,7 @@ in
         default = true;
         description = ''
           Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to
-          /etc/resolv.conf).
+          /etc/resolv.conf overriding networking.nameservers).
         '';
       };
 

diff --git a/nixos/modules/tasks/network-interfaces-scripted.nix b/nixos/modules/tasks/network-interfaces-scripted.nix
@@ -102,7 +102,7 @@ let
               ''
                 # Set the static DNS configuration, if given.
                 ${pkgs.openresolv}/sbin/resolvconf -m 1 -a static <<EOF
-                ${optionalString (cfg.nameservers != [] && cfg.domain != null) ''
+                ${optionalString (cfg.domain != null) ''
                   domain ${cfg.domain}
                 ''}
                 ${optionalString (cfg.search != []) ("search " + concatStringsSep " " cfg.search)}