bind: configure minimal logging

2025-06-07 09:14:11 +00:00
parent e2b4f317fb
commit 3c71e2f363
2 changed files with 21 additions and 0 deletions
--- a/hosts/common/net/dns/bind.nix
+++ b/hosts/common/net/dns/bind.nix
@@ -1,10 +1,20 @@
 # debugging:
+## config
 # - `man named`
 # - `man named.conf`
+#   - show defaults with: `named -C`
+#   - defaults live in <repo:isc-projects/bind:bin/named/config.c>
+#   - per-option docs live in <repo:isc-projects/bind:bind9/doc/arm/reference.rst>
+#
+## statistics
+# - `netstat --statistics --udp`
+#
+## interactive debugging
 # - `systemctl stop bind`
 # - `sudo /nix/store/0zpdy93sd3fgbxgvf8dsxhn8fbbya8d2-bind-9.18.28/sbin/named -g -u named -4 -c /nix/store/f1mp0myzmfms71h9vinwxpn2i9362a9a-named.conf`
 #   - `-g` = don't fork
 #   - `-u named` = start as superuser (to claim port 53), then drop to user `named`
+#
 { config, lib, pkgs, ... }:
 let
  hostCfg = config.sane.hosts.by-name."${config.networking.hostName}";
@@ -53,6 +63,10 @@ in
    #   listen-on port 953 { any; };
    # '';

+    services.bind.extraArgs = [
+      "-d" "4"  # debug logging level: higher = more verbose
+    ];
+
    networking.resolvconf.useLocalResolver = false;  #< we manage resolvconf explicitly, above

    # TODO: how to exempt `pool.ntp.org` from DNSSEC checks, as i did when using unbound?
--- a/pkgs/by-name/nixpkgs-bootstrap/patches.nix
+++ b/pkgs/by-name/nixpkgs-bootstrap/patches.nix
@@ -29,6 +29,13 @@ let
    );
 in
 [
+  (fetchpatch' {
+    # TODO: send upstream. branch `pr-bind-extraArgs` on flowy.
+    name = ''nixos/bind: add an "extraArgs" option'';
+    saneCommit = "ab65c92241bd4acab25aad19d0fea4873c1bc3b7";
+    hash = "sha256-2yAXtbLOm5dOmLrLKOYwzw7drSz44akyAy9aDyKXsUI=";
+  })
+
  (fetchpatch' {
    name = "conky: 1.19.6 -> 1.22.1, fix cross and docs, and modernize";
    prUrl = "https://github.com/NixOS/nixpkgs/pull/400497";