mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-26 04:43:09 +03:00
nixos: add 'networking.dnsExtensionMechanism' option to enable edns0 (for DNSSEC)
Set this option to 'true' (default: 'false') to enable extension mechanisms for DNS (EDNS) in your local glibc resolver. This is required for supporting DNSSEC, for example. Implementation detail: the patch changes assignments to "resolv_conf_options" to use "+=" instead of "=" to ensure that multiple users of that variable don't overwrite each other. The generated config file is a shell script, after all, so this should work fine. Closes https://github.com/NixOS/nixpkgs/issues/12470.
This commit is contained in:
parent
8871de95f5
commit
5e468b96b4
@ -39,6 +39,17 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
networking.dnsExtensionMechanism = lib.mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Enable the <code>edns0</code> option in <filename>resolv.conf</filename>. With
|
||||
that option set, <code>glibc</code> supports use of the extension mechanisms for
|
||||
DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC,
|
||||
which does not work without it.
|
||||
'';
|
||||
};
|
||||
|
||||
networking.extraResolvconfConf = lib.mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
@ -162,7 +173,10 @@ in
|
||||
libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service 2> /dev/null'
|
||||
'' + optionalString cfg.dnsSingleRequest ''
|
||||
# only send one DNS request at a time
|
||||
resolv_conf_options='single-request'
|
||||
resolv_conf_options+=' single-request'
|
||||
'' + optionalString dnsExtensionMechanism ''
|
||||
# enable extension mechanisms for DNS
|
||||
resolv_conf_options+=' edns0'
|
||||
'' + optionalString hasLocalResolver ''
|
||||
# This hosts runs a full-blown DNS resolver.
|
||||
name_servers='127.0.0.1'
|
||||
|
Loading…
Reference in New Issue
Block a user