From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id IPtpAu4TN2IKZAAAgWs5BA (envelope-from ) for ; Sun, 20 Mar 2022 12:45:50 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id oOyIOu0TN2I9hAEAauVa8A (envelope-from ) for ; Sun, 20 Mar 2022 12:45:49 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9925F183D7 for ; Sun, 20 Mar 2022 12:45:45 +0100 (CET) Received: from localhost ([::1]:39890 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nVu0E-00084m-Tx for larch@yhetil.org; Sun, 20 Mar 2022 07:45:44 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35688) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nVtzb-00083R-E1 for guix-patches@gnu.org; Sun, 20 Mar 2022 07:45:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:39057) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nVtza-00014G-GG for guix-patches@gnu.org; Sun, 20 Mar 2022 07:45:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nVtza-000526-A5 for guix-patches@gnu.org; Sun, 20 Mar 2022 07:45:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54352] [PATCH v2] services: dnsmasq: Add more options. References: <20220312154813.5538-1-remco@remworks.net> In-Reply-To: <20220312154813.5538-1-remco@remworks.net> Resent-From: Remco van 't Veer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 20 Mar 2022 11:45:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54352 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54352@debbugs.gnu.org Cc: Remco van 't Veer Received: via spool by 54352-submit@debbugs.gnu.org id=B54352.164777665919280 (code B ref 54352); Sun, 20 Mar 2022 11:45:02 +0000 Received: (at 54352) by debbugs.gnu.org; 20 Mar 2022 11:44:19 +0000 Received: from localhost ([127.0.0.1]:32954 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVtys-00050t-U4 for submit@debbugs.gnu.org; Sun, 20 Mar 2022 07:44:19 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:48305) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVtyr-00050h-Pz for 54352@debbugs.gnu.org; Sun, 20 Mar 2022 07:44:18 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id AA4B75C012F; Sun, 20 Mar 2022 07:44:12 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Sun, 20 Mar 2022 07:44:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to; s=fm3; bh=qNp0BtpXt8uyuPTVUwePa4wsTHTC9K6/W5wxoB 3Znpg=; b=vtKUk/yNxD97YNC9QjEhij+UbPiiua31I+yX7eE8nqYL7SNG4JNL4K RcziGh700AzKcGEHxNdSdP9s1l766fb2mFZ2gVB7PqBhqghI9Fz9WdHgnVtIG+c3 10sl7Cah1t48v7h9MOgwovZ7EwbtNmISseMNvbc9ttKxC0KwuYrvqlamDF7OGKNS konJjWJfE4tJgeIsIfVjozfOIDgd3+uLVTNOgGNJO/SYRGqpLWFwDBhnS88PrBYs 4UeNyqOTxfvtaQOqvr8/aeueQhoEvgQWHQXAo9G2MkRYQOqSVPXRKljzX/kns4Yc LewQC5GRRU2qu6KY4R5hpsdMZQnwlOZw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=qNp0Bt pXt8uyuPTVUwePa4wsTHTC9K6/W5wxoB3Znpg=; b=QBRwKltfGGeT6MgSDJVHcl 7dvnlhK4ehJltXBXdBmb058iYb0SQSg0E5i1sKXwgbNLOcpDz+aTZTQh/D4boVHH 8BfN0FX8G59buyAsiANGybOdmiRbFBiJdkep8sR5v818iQvNrV/Zrrb7RgUpUVoV 4qOyoaa+LZWto98zCor8AMBBENfHwdX/yrGFyxUnLa9MUqLh6ku1XcPV+Em1NRb/ A2JnlBl7QK08m92qg2yCrFp5P7tEgU4spC4FlJ1bHqM7xhOaEzKogdNCkKXva82f MGaB4fIiLIl/8NERUiU1J+J4wIjXM9vpVEpeCgYxFQPVcJ8z5CxKVqGsx52cs+lw == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudeguddgfedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofggtgfgsehtkeertd ertdejnecuhfhrohhmpeftvghmtghouchvrghnucdkthcugggvvghruceorhgvmhgtohes rhgvmhifohhrkhhsrdhnvghtqeenucggtffrrghtthgvrhhnpeevfedugfefueelveeltd dtteehjefhvedvuefgueektdfhudefteekuedtgefhieenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehrfihvsehfrghsthhmrghilhdrtghomh X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 20 Mar 2022 07:44:12 -0400 (EDT) From: Remco van 't Veer Date: Sun, 20 Mar 2022 12:44:05 +0100 Message-Id: <20220320114405.4702-1-remco@remworks.net> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1647776745; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=qNp0BtpXt8uyuPTVUwePa4wsTHTC9K6/W5wxoB3Znpg=; b=IqV0IWUeeOuqJsQRjy5GoZmSmLScQ1kcVYuFKMEHLMSA+W9c1zuXnHNYfpYCKF1CfwEqAp NUeYaQ8zNwo4CxoWY5LE342zdIJdzHuj/weZQ8XHXDd6GZO1hoZ31r3OnY9FnedmJFw7bq uJ3oZzxT4hCFGJ5rNZ0LWJumNI8ZwNiIaecpfGC+OuVfwJDt6Zyc2RS6ZgJz1euQDabeui bSC3OmQJ5/2adS3tK/Gyq8UKGcfC96B6oQThEDMuP5PSsLLXws327kC+0aBaqy5gLMqFXj LueK0VExbERXVsw/L/WV+OwhGTpIY//t6TPvYBQNY2j62hxt6thy7qGzLvkkGA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1647776745; a=rsa-sha256; cv=none; b=Z1MVnpeUwfuAZ/o6JG4afit7JD1BLZmC00tKMRApgGwN+IUGGh6Yv0oX/j4BvP2UdXqrkx J3YHNOMfvBnE9NXfdRZs6Pi2hOQmnk4c2srpuZyCuxWf60scMorUe24j/JNGw7tLEUvAXw HkzYgHZIr5zi5O4PVXjoGg4MrRk7tHm2GdMn2XJHVzy4NDHn/6r7NRsN5oB0uRe57nuPFv PAo9MZMMFVdb4qq0aekgcDDrZpZDBMg0C8sGMW6CJgz2FFQTCZlkv1o9lz+e13tHLGl18I oV1vEUpionsksQ3GXuoHRgIJtCO2rrV5Y8RMJLCawpYX7ziz9GbzDK+DIy/YEg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=remworks.net header.s=fm3 header.b="vtKUk/yN"; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b=QBRwKltf; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -0.03 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=remworks.net header.s=fm3 header.b="vtKUk/yN"; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b=QBRwKltf; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 9925F183D7 X-Spam-Score: -0.03 X-Migadu-Scanner: scn0.migadu.com X-TUID: /HkN1mNs0Zph * gnu/services/dns.scm (): Add forward-private-reverse-lookup?, strict-order? and additional-cpe-id options. (dnsmasq-shepherd-service): Pass added options to dnsmasq. * doc/guix.texi (Guix Services): Document options added to dnsmasq. --- doc/guix.texi | 12 +++ gnu/services/dns.scm | 178 +++++++++++++++++++++++-------------------- 2 files changed, 109 insertions(+), 81 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 4b71fb7010..a769cd1e5b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -28945,6 +28945,14 @@ The file to read the IP address of the upstream nameservers from. @item @code{no-resolv?} (default: @code{#f}) When true, don't read @var{resolv-file}. +@item @code{forward-private-reverse-lookup?} (default: @code{#t}) +When false, all reverse lookups for private IP ranges are answered with +"no such domain" rather than being forwarded upstream. + +@item @code{strict-order?} (default: @code{#f}) +When true, forces dnsmasq to try each query with each server strictly in +the order they appear in @var{servers}. + @item @code{servers} (default: @code{'()}) Specify IP address of upstream servers directly. @@ -28974,6 +28982,10 @@ disables caching. @item @code{negative-cache?} (default: @code{#t}) When false, disable negative caching. +@item @code{additional-cpe-id} (default: @code{#f}) +If set, add an arbitrary identifying string to DNS queries which are +forwarded upstream. + @item @code{tftp-enable?} (default: @code{#f}) Whether to enable the built-in TFTP server. diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm index 9b8603cc95..5add843f32 100644 --- a/gnu/services/dns.scm +++ b/gnu/services/dns.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2018 Oleg Pykhalov ;;; Copyright © 2020 Pierre Langlois ;;; Copyright © 2021 Maxime Devos +;;; Copyright © 2022 Remco van 't Veer ;;; ;;; This file is part of GNU Guix. ;;; @@ -745,6 +746,11 @@ (define-record-type* (default "/etc/resolv.conf")) ;string (no-resolv? dnsmasq-configuration-no-resolv? (default #f)) ;boolean + (forward-private-reverse-lookup? + dnsmasq-configuration-forward-private-reverse-lookup? + (default #t)) ;boolean + (strict-order? dnsmasq-configuration-strict-order? + (default #f)) ;boolean (servers dnsmasq-configuration-servers (default '())) ;list of string (addresses dnsmasq-configuration-addresses @@ -752,7 +758,9 @@ (define-record-type* (cache-size dnsmasq-configuration-cache-size (default 150)) ;integer (negative-cache? dnsmasq-configuration-negative-cache? - (default #t)) ;boolean + (default #t)) ;boolean + (additional-cpe-id dnsmasq-configuration-additional-cpe-id + (default #t)) ;string (tftp-enable? dnsmasq-configuration-tftp-enable? (default #f)) ;boolean (tftp-no-fail? dnsmasq-configuration-tftp-no-fail? @@ -776,86 +784,94 @@ (define-record-type* (tftp-unique-root dnsmasq-tftp-unique-root (default #f))) ;"" or "ip" or "mac" -(define dnsmasq-shepherd-service - (match-lambda - (($ package - no-hosts? - port local-service? listen-addresses - resolv-file no-resolv? servers - addresses cache-size negative-cache? - tftp-enable? tftp-no-fail? - tftp-single-port? tftp-secure? - tftp-max tftp-mtu tftp-no-blocksize? - tftp-lowercase? tftp-port-range - tftp-root tftp-unique-root) - (shepherd-service - (provision '(dnsmasq)) - (requirement '(networking)) - (documentation "Run the dnsmasq DNS server.") - (start #~(make-forkexec-constructor - '(#$(file-append package "/sbin/dnsmasq") - "--keep-in-foreground" - "--pid-file=/run/dnsmasq.pid" - #$@(if no-hosts? - '("--no-hosts") - '()) - #$(format #f "--port=~a" port) - #$@(if local-service? - '("--local-service") - '()) - #$@(map (cut format #f "--listen-address=~a" <>) - listen-addresses) - #$(format #f "--resolv-file=~a" resolv-file) - #$@(if no-resolv? - '("--no-resolv") - '()) - #$@(map (cut format #f "--server=~a" <>) - servers) - #$@(map (cut format #f "--address=~a" <>) - addresses) - #$(format #f "--cache-size=~a" cache-size) - #$@(if negative-cache? - '() - '("--no-negcache")) - #$@(if tftp-enable? - '("--enable-tftp") - '()) - #$@(if tftp-no-fail? - '("--tftp-no-fail") - '()) - #$@(if tftp-single-port? - '("--tftp-single-port") - '()) - #$@(if tftp-secure? - '("--tftp-secure?") - '()) - #$@(if tftp-max - (list (format #f "--tftp-max=~a" tftp-max)) - '()) - #$@(if tftp-mtu - (list (format #f "--tftp-mtu=~a" tftp-mtu)) - '()) - #$@(if tftp-no-blocksize? - '("--tftp-no-blocksize") - '()) - #$@(if tftp-lowercase? - '("--tftp-lowercase") - '()) - #$@(if tftp-port-range - (list (format #f "--tftp-port-range=~a" - tftp-port-range)) - '()) - #$@(if tftp-root - (list (format #f "--tftp-root=~a" tftp-root)) - '()) - #$@(if tftp-unique-root - (list - (if (> (length tftp-unique-root) 0) - (format #f "--tftp-unique-root=~a" tftp-unique-root) - (format #f "--tftp-unique-root"))) - '())) - #:pid-file "/run/dnsmasq.pid")) - (stop #~(make-kill-destructor)))))) +(define (dnsmasq-shepherd-service config) + (match-record config + (package + no-hosts? + port local-service? listen-addresses + resolv-file no-resolv? + forward-private-reverse-lookup? strict-order? + servers addresses cache-size negative-cache? + additional-cpe-id + tftp-enable? tftp-no-fail? + tftp-single-port? tftp-secure? + tftp-max tftp-mtu tftp-no-blocksize? + tftp-lowercase? tftp-port-range + tftp-root tftp-unique-root) + (shepherd-service + (provision '(dnsmasq)) + (requirement '(networking)) + (documentation "Run the dnsmasq DNS server.") + (start #~(make-forkexec-constructor + '(#$(file-append package "/sbin/dnsmasq") + "--keep-in-foreground" + "--pid-file=/run/dnsmasq.pid" + #$@(if no-hosts? + '("--no-hosts") + '()) + #$(format #f "--port=~a" port) + #$@(if local-service? + '("--local-service") + '()) + #$@(map (cut format #f "--listen-address=~a" <>) + listen-addresses) + #$(format #f "--resolv-file=~a" resolv-file) + #$@(if no-resolv? + '("--no-resolv") + '()) + #$@(if forward-private-reverse-lookup? + '() + '("--bogus-priv")) + #$@(map (cut format #f "--server=~a" <>) + servers) + #$@(map (cut format #f "--address=~a" <>) + addresses) + #$(format #f "--cache-size=~a" cache-size) + #$@(if negative-cache? + '() + '("--no-negcache")) + #$@(if additional-cpe-id + (list (format #f "--add-cpe-id=~a" additional-cpe-id)) + '()) + #$@(if tftp-enable? + '("--enable-tftp") + '()) + #$@(if tftp-no-fail? + '("--tftp-no-fail") + '()) + #$@(if tftp-single-port? + '("--tftp-single-port") + '()) + #$@(if tftp-secure? + '("--tftp-secure?") + '()) + #$@(if tftp-max + (list (format #f "--tftp-max=~a" tftp-max)) + '()) + #$@(if tftp-mtu + (list (format #f "--tftp-mtu=~a" tftp-mtu)) + '()) + #$@(if tftp-no-blocksize? + '("--tftp-no-blocksize") + '()) + #$@(if tftp-lowercase? + '("--tftp-lowercase") + '()) + #$@(if tftp-port-range + (list (format #f "--tftp-port-range=~a" + tftp-port-range)) + '()) + #$@(if tftp-root + (list (format #f "--tftp-root=~a" tftp-root)) + '()) + #$@(if tftp-unique-root + (list + (if (> (length tftp-unique-root) 0) + (format #f "--tftp-unique-root=~a" tftp-unique-root) + (format #f "--tftp-unique-root"))) + '())) + #:pid-file "/run/dnsmasq.pid")) + (stop #~(make-kill-destructor))))) (define (dnsmasq-activation config) #~(begin -- 2.34.0