From patchwork Sun Mar 20 11:44:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Remco van 't Veer X-Patchwork-Id: 37954 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id F214827BBEA; Sun, 20 Mar 2022 11:45:52 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 4BC1527BBE9 for ; Sun, 20 Mar 2022 11:45:52 +0000 (GMT) Received: from localhost ([::1]:39890 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nVu0N-00084m-Dx for patchwork@mira.cbaines.net; Sun, 20 Mar 2022 07:45:51 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35688) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nVtzb-00083R-E1 for guix-patches@gnu.org; Sun, 20 Mar 2022 07:45:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:39057) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nVtza-00014G-GG for guix-patches@gnu.org; Sun, 20 Mar 2022 07:45:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nVtza-000526-A5 for guix-patches@gnu.org; Sun, 20 Mar 2022 07:45:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54352] [PATCH v2] services: dnsmasq: Add more options. References: <20220312154813.5538-1-remco@remworks.net> In-Reply-To: <20220312154813.5538-1-remco@remworks.net> Resent-From: Remco van 't Veer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 20 Mar 2022 11:45:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54352 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54352@debbugs.gnu.org Cc: Remco van 't Veer Received: via spool by 54352-submit@debbugs.gnu.org id=B54352.164777665919280 (code B ref 54352); Sun, 20 Mar 2022 11:45:02 +0000 Received: (at 54352) by debbugs.gnu.org; 20 Mar 2022 11:44:19 +0000 Received: from localhost ([127.0.0.1]:32954 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVtys-00050t-U4 for submit@debbugs.gnu.org; Sun, 20 Mar 2022 07:44:19 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:48305) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVtyr-00050h-Pz for 54352@debbugs.gnu.org; Sun, 20 Mar 2022 07:44:18 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id AA4B75C012F; Sun, 20 Mar 2022 07:44:12 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Sun, 20 Mar 2022 07:44:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to; s=fm3; bh=qNp0BtpXt8uyuPTVUwePa4wsTHTC9K6/W5wxoB 3Znpg=; b=vtKUk/yNxD97YNC9QjEhij+UbPiiua31I+yX7eE8nqYL7SNG4JNL4K RcziGh700AzKcGEHxNdSdP9s1l766fb2mFZ2gVB7PqBhqghI9Fz9WdHgnVtIG+c3 10sl7Cah1t48v7h9MOgwovZ7EwbtNmISseMNvbc9ttKxC0KwuYrvqlamDF7OGKNS konJjWJfE4tJgeIsIfVjozfOIDgd3+uLVTNOgGNJO/SYRGqpLWFwDBhnS88PrBYs 4UeNyqOTxfvtaQOqvr8/aeueQhoEvgQWHQXAo9G2MkRYQOqSVPXRKljzX/kns4Yc LewQC5GRRU2qu6KY4R5hpsdMZQnwlOZw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=qNp0Bt pXt8uyuPTVUwePa4wsTHTC9K6/W5wxoB3Znpg=; b=QBRwKltfGGeT6MgSDJVHcl 7dvnlhK4ehJltXBXdBmb058iYb0SQSg0E5i1sKXwgbNLOcpDz+aTZTQh/D4boVHH 8BfN0FX8G59buyAsiANGybOdmiRbFBiJdkep8sR5v818iQvNrV/Zrrb7RgUpUVoV 4qOyoaa+LZWto98zCor8AMBBENfHwdX/yrGFyxUnLa9MUqLh6ku1XcPV+Em1NRb/ A2JnlBl7QK08m92qg2yCrFp5P7tEgU4spC4FlJ1bHqM7xhOaEzKogdNCkKXva82f MGaB4fIiLIl/8NERUiU1J+J4wIjXM9vpVEpeCgYxFQPVcJ8z5CxKVqGsx52cs+lw == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudeguddgfedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofggtgfgsehtkeertd ertdejnecuhfhrohhmpeftvghmtghouchvrghnucdkthcugggvvghruceorhgvmhgtohes rhgvmhifohhrkhhsrdhnvghtqeenucggtffrrghtthgvrhhnpeevfedugfefueelveeltd dtteehjefhvedvuefgueektdfhudefteekuedtgefhieenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehrfihvsehfrghsthhmrghilhdrtghomh X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 20 Mar 2022 07:44:12 -0400 (EDT) From: Remco van 't Veer Date: Sun, 20 Mar 2022 12:44:05 +0100 Message-Id: <20220320114405.4702-1-remco@remworks.net> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/dns.scm (): Add forward-private-reverse-lookup?, strict-order? and additional-cpe-id options. (dnsmasq-shepherd-service): Pass added options to dnsmasq. * doc/guix.texi (Guix Services): Document options added to dnsmasq. --- doc/guix.texi | 12 +++ gnu/services/dns.scm | 178 +++++++++++++++++++++++-------------------- 2 files changed, 109 insertions(+), 81 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 4b71fb7010..a769cd1e5b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -28945,6 +28945,14 @@ The file to read the IP address of the upstream nameservers from. @item @code{no-resolv?} (default: @code{#f}) When true, don't read @var{resolv-file}. +@item @code{forward-private-reverse-lookup?} (default: @code{#t}) +When false, all reverse lookups for private IP ranges are answered with +"no such domain" rather than being forwarded upstream. + +@item @code{strict-order?} (default: @code{#f}) +When true, forces dnsmasq to try each query with each server strictly in +the order they appear in @var{servers}. + @item @code{servers} (default: @code{'()}) Specify IP address of upstream servers directly. @@ -28974,6 +28982,10 @@ disables caching. @item @code{negative-cache?} (default: @code{#t}) When false, disable negative caching. +@item @code{additional-cpe-id} (default: @code{#f}) +If set, add an arbitrary identifying string to DNS queries which are +forwarded upstream. + @item @code{tftp-enable?} (default: @code{#f}) Whether to enable the built-in TFTP server. diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm index 9b8603cc95..5add843f32 100644 --- a/gnu/services/dns.scm +++ b/gnu/services/dns.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2018 Oleg Pykhalov ;;; Copyright © 2020 Pierre Langlois ;;; Copyright © 2021 Maxime Devos +;;; Copyright © 2022 Remco van 't Veer ;;; ;;; This file is part of GNU Guix. ;;; @@ -745,6 +746,11 @@ (define-record-type* (default "/etc/resolv.conf")) ;string (no-resolv? dnsmasq-configuration-no-resolv? (default #f)) ;boolean + (forward-private-reverse-lookup? + dnsmasq-configuration-forward-private-reverse-lookup? + (default #t)) ;boolean + (strict-order? dnsmasq-configuration-strict-order? + (default #f)) ;boolean (servers dnsmasq-configuration-servers (default '())) ;list of string (addresses dnsmasq-configuration-addresses @@ -752,7 +758,9 @@ (define-record-type* (cache-size dnsmasq-configuration-cache-size (default 150)) ;integer (negative-cache? dnsmasq-configuration-negative-cache? - (default #t)) ;boolean + (default #t)) ;boolean + (additional-cpe-id dnsmasq-configuration-additional-cpe-id + (default #t)) ;string (tftp-enable? dnsmasq-configuration-tftp-enable? (default #f)) ;boolean (tftp-no-fail? dnsmasq-configuration-tftp-no-fail? @@ -776,86 +784,94 @@ (define-record-type* (tftp-unique-root dnsmasq-tftp-unique-root (default #f))) ;"" or "ip" or "mac" -(define dnsmasq-shepherd-service - (match-lambda - (($ package - no-hosts? - port local-service? listen-addresses - resolv-file no-resolv? servers - addresses cache-size negative-cache? - tftp-enable? tftp-no-fail? - tftp-single-port? tftp-secure? - tftp-max tftp-mtu tftp-no-blocksize? - tftp-lowercase? tftp-port-range - tftp-root tftp-unique-root) - (shepherd-service - (provision '(dnsmasq)) - (requirement '(networking)) - (documentation "Run the dnsmasq DNS server.") - (start #~(make-forkexec-constructor - '(#$(file-append package "/sbin/dnsmasq") - "--keep-in-foreground" - "--pid-file=/run/dnsmasq.pid" - #$@(if no-hosts? - '("--no-hosts") - '()) - #$(format #f "--port=~a" port) - #$@(if local-service? - '("--local-service") - '()) - #$@(map (cut format #f "--listen-address=~a" <>) - listen-addresses) - #$(format #f "--resolv-file=~a" resolv-file) - #$@(if no-resolv? - '("--no-resolv") - '()) - #$@(map (cut format #f "--server=~a" <>) - servers) - #$@(map (cut format #f "--address=~a" <>) - addresses) - #$(format #f "--cache-size=~a" cache-size) - #$@(if negative-cache? - '() - '("--no-negcache")) - #$@(if tftp-enable? - '("--enable-tftp") - '()) - #$@(if tftp-no-fail? - '("--tftp-no-fail") - '()) - #$@(if tftp-single-port? - '("--tftp-single-port") - '()) - #$@(if tftp-secure? - '("--tftp-secure?") - '()) - #$@(if tftp-max - (list (format #f "--tftp-max=~a" tftp-max)) - '()) - #$@(if tftp-mtu - (list (format #f "--tftp-mtu=~a" tftp-mtu)) - '()) - #$@(if tftp-no-blocksize? - '("--tftp-no-blocksize") - '()) - #$@(if tftp-lowercase? - '("--tftp-lowercase") - '()) - #$@(if tftp-port-range - (list (format #f "--tftp-port-range=~a" - tftp-port-range)) - '()) - #$@(if tftp-root - (list (format #f "--tftp-root=~a" tftp-root)) - '()) - #$@(if tftp-unique-root - (list - (if (> (length tftp-unique-root) 0) - (format #f "--tftp-unique-root=~a" tftp-unique-root) - (format #f "--tftp-unique-root"))) - '())) - #:pid-file "/run/dnsmasq.pid")) - (stop #~(make-kill-destructor)))))) +(define (dnsmasq-shepherd-service config) + (match-record config + (package + no-hosts? + port local-service? listen-addresses + resolv-file no-resolv? + forward-private-reverse-lookup? strict-order? + servers addresses cache-size negative-cache? + additional-cpe-id + tftp-enable? tftp-no-fail? + tftp-single-port? tftp-secure? + tftp-max tftp-mtu tftp-no-blocksize? + tftp-lowercase? tftp-port-range + tftp-root tftp-unique-root) + (shepherd-service + (provision '(dnsmasq)) + (requirement '(networking)) + (documentation "Run the dnsmasq DNS server.") + (start #~(make-forkexec-constructor + '(#$(file-append package "/sbin/dnsmasq") + "--keep-in-foreground" + "--pid-file=/run/dnsmasq.pid" + #$@(if no-hosts? + '("--no-hosts") + '()) + #$(format #f "--port=~a" port) + #$@(if local-service? + '("--local-service") + '()) + #$@(map (cut format #f "--listen-address=~a" <>) + listen-addresses) + #$(format #f "--resolv-file=~a" resolv-file) + #$@(if no-resolv? + '("--no-resolv") + '()) + #$@(if forward-private-reverse-lookup? + '() + '("--bogus-priv")) + #$@(map (cut format #f "--server=~a" <>) + servers) + #$@(map (cut format #f "--address=~a" <>) + addresses) + #$(format #f "--cache-size=~a" cache-size) + #$@(if negative-cache? + '() + '("--no-negcache")) + #$@(if additional-cpe-id + (list (format #f "--add-cpe-id=~a" additional-cpe-id)) + '()) + #$@(if tftp-enable? + '("--enable-tftp") + '()) + #$@(if tftp-no-fail? + '("--tftp-no-fail") + '()) + #$@(if tftp-single-port? + '("--tftp-single-port") + '()) + #$@(if tftp-secure? + '("--tftp-secure?") + '()) + #$@(if tftp-max + (list (format #f "--tftp-max=~a" tftp-max)) + '()) + #$@(if tftp-mtu + (list (format #f "--tftp-mtu=~a" tftp-mtu)) + '()) + #$@(if tftp-no-blocksize? + '("--tftp-no-blocksize") + '()) + #$@(if tftp-lowercase? + '("--tftp-lowercase") + '()) + #$@(if tftp-port-range + (list (format #f "--tftp-port-range=~a" + tftp-port-range)) + '()) + #$@(if tftp-root + (list (format #f "--tftp-root=~a" tftp-root)) + '()) + #$@(if tftp-unique-root + (list + (if (> (length tftp-unique-root) 0) + (format #f "--tftp-unique-root=~a" tftp-unique-root) + (format #f "--tftp-unique-root"))) + '())) + #:pid-file "/run/dnsmasq.pid")) + (stop #~(make-kill-destructor))))) (define (dnsmasq-activation config) #~(begin