colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

bind: configure minimal logging

Browse Source
This commit is contained in:
Colin
2025-06-07 09:14:11 +00:00
parent e2b4f317fb
commit 3c71e2f363
2 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
hosts/common/net/dns/bind.nix
View File

@@ -1,10 +1,20 @@
# debugging: # debugging:
## config
# - `man named` # - `man named`
# - `man named.conf` # - `man named.conf`
# - show defaults with: `named -C`
# - defaults live in <repo:isc-projects/bind:bin/named/config.c>
# - per-option docs live in <repo:isc-projects/bind:bind9/doc/arm/reference.rst>
#
## statistics
# - `netstat --statistics --udp`
#
## interactive debugging
# - `systemctl stop bind` # - `systemctl stop bind`
# - `sudo /nix/store/0zpdy93sd3fgbxgvf8dsxhn8fbbya8d2-bind-9.18.28/sbin/named -g -u named -4 -c /nix/store/f1mp0myzmfms71h9vinwxpn2i9362a9a-named.conf` # - `sudo /nix/store/0zpdy93sd3fgbxgvf8dsxhn8fbbya8d2-bind-9.18.28/sbin/named -g -u named -4 -c /nix/store/f1mp0myzmfms71h9vinwxpn2i9362a9a-named.conf`
# - `-g` = don't fork # - `-g` = don't fork
# - `-u named` = start as superuser (to claim port 53), then drop to user `named` # - `-u named` = start as superuser (to claim port 53), then drop to user `named`
#
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
hostCfg = config.sane.hosts.by-name."${config.networking.hostName}"; hostCfg = config.sane.hosts.by-name."${config.networking.hostName}";
@@ -53,6 +63,10 @@ in
# listen-on port 953 { any; }; # listen-on port 953 { any; };
# ''; # '';
services.bind.extraArgs = [
"-d" "4" # debug logging level: higher = more verbose
];
networking.resolvconf.useLocalResolver = false; #< we manage resolvconf explicitly, above networking.resolvconf.useLocalResolver = false; #< we manage resolvconf explicitly, above
# TODO: how to exempt `pool.ntp.org` from DNSSEC checks, as i did when using unbound? # TODO: how to exempt `pool.ntp.org` from DNSSEC checks, as i did when using unbound?

7
pkgs/by-name/nixpkgs-bootstrap/patches.nix
View File

@@ -29,6 +29,13 @@ let
); );
in in
[ [
(fetchpatch' {
# TODO: send upstream. branch `pr-bind-extraArgs` on flowy.
name = ''nixos/bind: add an "extraArgs" option'';
saneCommit = "ab65c92241bd4acab25aad19d0fea4873c1bc3b7";
hash = "sha256-2yAXtbLOm5dOmLrLKOYwzw7drSz44akyAy9aDyKXsUI=";
})
(fetchpatch' { (fetchpatch' {
name = "conky: 1.19.6 -> 1.22.1, fix cross and docs, and modernize"; name = "conky: 1.19.6 -> 1.22.1, fix cross and docs, and modernize";
prUrl = "https://github.com/NixOS/nixpkgs/pull/400497"; prUrl = "https://github.com/NixOS/nixpkgs/pull/400497";