Merge pull request #72987 from rnhmjoj/dnschain

nixos/dnschain: use forwardZonesRecurse in pdns-recursor
2019-11-29 19:56:21 +01:00 · 2019-11-29 19:56:21 +01:00 · e37e7b413c
commit e37e7b413c
parent fcd0ea3435 38d573426a
2 changed files with 12 additions and 3 deletions
--- a/nixos/modules/services/networking/dnschain.nix
+++ b/nixos/modules/services/networking/dnschain.nix
@ -137,7 +137,7 @@ in
      ];

    services.pdns-recursor = mkIf cfgs.pdns-recursor.resolveDNSChainQueries {
-      forwardZones =
+      forwardZonesRecurse =
        { bit = "127.0.0.1:${toString cfg.dns.port}";
          dns = "127.0.0.1:${toString cfg.dns.port}";
        };
--- a/nixos/modules/services/networking/pdns-recursor.nix
+++ b/nixos/modules/services/networking/pdns-recursor.nix
@ -90,11 +90,19 @@ in {
    };

    forwardZones = mkOption {
+      type = types.attrs;
+      default = {};
+      description = ''
+        DNS zones to be forwarded to other authoritative servers.
+      '';
+    };
+
+    forwardZonesRecurse = mkOption {
      type = types.attrs;
      example = { eth = "127.0.0.1:5353"; };
      default = {};
      description = ''
-        DNS zones to be forwarded to other servers.
+        DNS zones to be forwarded to other recursive servers.
      '';
    };

@ -158,7 +166,8 @@ in {
      webserver-port       = cfg.api.port;
      webserver-allow-from = cfg.api.allowFrom;

-      forward-zones    = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZones;
+      forward-zones         = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZones;
+      forward-zones-recurse = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZonesRecurse;
      export-etc-hosts = cfg.exportHosts;
      dnssec           = cfg.dnssecValidation;
      serve-rfc1918    = cfg.serveRFC1918;