From 424f61f782f9d8caac32735a28d516d43c7aee30 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Mon, 30 Dec 2024 03:15:42 +0000
Subject: [PATCH] WIP: enable BIND DNS recursive resolver

---
 hosts/common/ids.nix             |  2 ++
 hosts/common/net/dns/bind.nix    | 15 +++++++++++++++
 hosts/common/net/dns/default.nix |  1 +
 3 files changed, 18 insertions(+)
 create mode 100644 hosts/common/net/dns/bind.nix

diff --git a/hosts/common/ids.nix b/hosts/common/ids.nix
index 4f2fa6bb1..78e417f25 100644
--- a/hosts/common/ids.nix
+++ b/hosts/common/ids.nix
@@ -89,6 +89,8 @@
   sane.ids.smartd.gid = 2010;
   sane.ids.radicale.uid = 2011;
   sane.ids.radicale.gid = 2011;
+  sane.ids.named.uid = 2012;
+  sane.ids.named.gid = 2012;
 
   # found on graphical hosts
   sane.ids.nm-iodine.uid = 2101;  # desko/moby/lappy
diff --git a/hosts/common/net/dns/bind.nix b/hosts/common/net/dns/bind.nix
new file mode 100644
index 000000000..4d2d80c17
--- /dev/null
+++ b/hosts/common/net/dns/bind.nix
@@ -0,0 +1,15 @@
+{ lib, ... }:
+{
+  services.bind.enable = lib.mkDefault true;
+  services.bind.forwarders = [];  #< don't forward queries to upstream resolvers
+  services.bind.cacheNetworks = [
+    "127.0.0.0/24"
+    "::1/128"
+    "10.0.0.0/16"
+  ];
+  services.bind.extraOptions = ''
+    port 953;
+  '';
+
+  networking.resolvconf.useLocalResolver = false;  #< undo bind making this default true
+}
diff --git a/hosts/common/net/dns/default.nix b/hosts/common/net/dns/default.nix
index 3dca6ed86..505f366e4 100644
--- a/hosts/common/net/dns/default.nix
+++ b/hosts/common/net/dns/default.nix
@@ -23,6 +23,7 @@
 { config, pkgs, ... }:
 {
   imports = [
+    ./bind.nix
     ./hickory-dns.nix
     ./unbound.nix
   ];