WIP: enable BIND DNS recursive resolver

2024-12-30 03:15:42 +00:00
parent d2540f97ee
commit 424f61f782
3 changed files with 18 additions and 0 deletions
--- a/hosts/common/ids.nix
+++ b/hosts/common/ids.nix
@@ -89,6 +89,8 @@
  sane.ids.smartd.gid = 2010;
  sane.ids.radicale.uid = 2011;
  sane.ids.radicale.gid = 2011;
+  sane.ids.named.uid = 2012;
+  sane.ids.named.gid = 2012;

  # found on graphical hosts
  sane.ids.nm-iodine.uid = 2101;  # desko/moby/lappy
--- a/hosts/common/net/dns/bind.nix
+++ b/hosts/common/net/dns/bind.nix
@@ -0,0 +1,15 @@
+{ lib, ... }:
+{
+  services.bind.enable = lib.mkDefault true;
+  services.bind.forwarders = [];  #< don't forward queries to upstream resolvers
+  services.bind.cacheNetworks = [
+    "127.0.0.0/24"
+    "::1/128"
+    "10.0.0.0/16"
+  ];
+  services.bind.extraOptions = ''
+    port 953;
+  '';
+
+  networking.resolvconf.useLocalResolver = false;  #< undo bind making this default true
+}
--- a/hosts/common/net/dns/default.nix
+++ b/hosts/common/net/dns/default.nix
@@ -23,6 +23,7 @@
 { config, pkgs, ... }:
 {
  imports = [
+    ./bind.nix
    ./hickory-dns.nix
    ./unbound.nix
  ];