nixos/bind: configurable "forward" setting

Sometimes it is preferable to configure forwarding only for bind instead of relying on direct lookups. This patch makes it possible to configure the forward setting to either "first" (the default) or "only".
2 years ago · c355b2729c
parent df2c21de51
commit c355b2729c
1 changed files with 9 additions and 1 deletions
--- a/nixos/modules/services/networking/bind.nix
+++ b/nixos/modules/services/networking/bind.nix
@ -59,7 +59,7 @@ let
        listen-on-v6 { ${concatMapStrings (entry: " ${entry}; ") cfg.listenOnIpv6} };
        allow-query { cachenetworks; };
        blackhole { badnetworks; };
-        forward first;
+        forward ${cfg.forward};
        forwarders { ${concatMapStrings (entry: " ${entry}; ") cfg.forwarders} };
        directory "${cfg.directory}";
        pid-file "/run/named/named.pid";
@ -151,6 +151,14 @@ in
        ";
      };

+      forward = mkOption {
+        default = "first";
+        type = types.enum ["first" "only"];
+        description = "
+          Whether to forward 'first' (try forwarding but lookup directly if forwarding fails) or 'only'.
+        ";
+      };
+
      listenOn = mkOption {
        default = [ "any" ];
        type = types.listOf types.str;