From patchwork Tue Aug 15 15:20:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tobias Geerinckx-Rice X-Patchwork-Id: 52850 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id A75AA27BBEA; Tue, 15 Aug 2023 16:21:24 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id A719827BBE2 for ; Tue, 15 Aug 2023 16:21:21 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qVvqy-0001UK-NZ; Tue, 15 Aug 2023 11:21:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qVvqw-0001QZ-Ic for guix-patches@gnu.org; Tue, 15 Aug 2023 11:21:02 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qVvqw-0003wm-A9 for guix-patches@gnu.org; Tue, 15 Aug 2023 11:21:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qVvqv-0000ZK-UY for guix-patches@gnu.org; Tue, 15 Aug 2023 11:21:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61869] gnu: services: Add more dnsmasq options. References: In-Reply-To: Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 15 Aug 2023 15:21:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61869 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 61869@debbugs.gnu.org Received: via spool by 61869-submit@debbugs.gnu.org id=B61869.16921128132119 (code B ref 61869); Tue, 15 Aug 2023 15:21:01 +0000 Received: (at 61869) by debbugs.gnu.org; 15 Aug 2023 15:20:13 +0000 Received: from localhost ([127.0.0.1]:36493 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qVvq8-0000Y5-5U for submit@debbugs.gnu.org; Tue, 15 Aug 2023 11:20:13 -0400 Received: from tobias.gr ([80.241.217.52]:49794) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qVvq2-0000Xs-FC for 61869@debbugs.gnu.org; Tue, 15 Aug 2023 11:20:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=ovQUfKVNRPsWT bieQepMrB9Xoe2tEKLgZ5RVtLKxpZM=; h=subject:to:from:date; d=tobias.gr; b=djORHW8d2CiFR6SoIyIuYmsa5+F3rgFuHmmvhPz8cxbDvd6FS7MXFvmnJCSi3tvXb/Ii UA04jLyY7q8f9Ca5MGMAgc/1HJMUGvT6rF7lj9+mwjooU/VKKr7084tASLlKGFltznfxmH Ir7H4Nq4GHnR3Z6QlhTmOdYVmVjyZx6HpiGD3GrXMI0Tir78U77IxMJfH5wrLt6xkDeAv7 T2KQ02Y4yNW0LnY/bNhB8pbVCFKlVAPvVoP7MtdRrlBBaCfYtPMtyYqqSQ+ee3ZnEgUY+0 sbBMdswxbBjI+XM5k8DXGbwOZcz+kUHhWa4PaFIBDryY7LbjI1ShQp37NNNJm+Sg== Received: by submission.tobias.gr (OpenSMTPD) with ESMTP id 3ed262d1 for <61869@debbugs.gnu.org>; Tue, 15 Aug 2023 15:20:03 +0000 (UTC) MIME-Version: 1.0 Date: Tue, 15 Aug 2023 17:20:03 +0200 Message-ID: <3506a89b1948f9d1cd30aa72a8c56a26@tobias.gr> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via From: Tobias Geerinckx-Rice Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Hi Gabriel, I've rebased this patch onto current master (attached). I've also made some changes in a third patch that I'd like *you* to review, and ideally test. Some remarks: - For the commit message, I prefer ‘services: foo:’ to ‘gnu: services:’. - Use the previous Texinfo @node{} title in the commit message. - I added bind-interfaces? only because it occurs in my documentation for another new option. - I don't use the dnsmasq service so I'm not 100% confident about some of my changes. Please let me know if, for example, something doesn't make sense as a list. Thanks! T G-R Sent from a Web browser. Excuse or enjoy my brevity. From ba0c0fd40a4efc72681d3fe6d8ab229fcaff8781 Mon Sep 17 00:00:00 2001 Message-ID: In-Reply-To: References: From: Tobias Geerinckx-Rice Date: Sun, 13 Aug 2023 02:00:00 +0200 Subject: [PATCH 3/3] f dnsmasq --- doc/guix.texi | 96 +++++++++++++++++++++++++++++++++++--------- gnu/services/dns.scm | 47 +++++++++++----------- 2 files changed, 99 insertions(+), 44 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index a64ba36b5d..8ce1408508 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32465,42 +32465,98 @@ DNS Services queries which are forwarded upstream. @item @code{domain-needed?} (default: @code{#f}) -Whether to forward queries with no domain part. +@code{#t} tells dnsmasq to never forward A or AAAA queries for plain +names, without dots or domain parts, to upstream nameservers. +If the name is not known from @file{/etc/hosts} or DHCP then a ``not found'' +answer is returned. @item @code{bogus-priv?} (default: @code{#f}) -Whether to fake reverse lookups for RFC1918 private address ranges. +Whether to fake bogus reverse lookups for RFC6303 private address ranges. +All reverse lookups for private IP ranges (e.g. 192.168.x.x) which are not +found in @file{/etc/hosts} or the DHCP leases file are answered with +``no such domain'' rather than being forwarded upstream. @item @code{filterwin2k?} (default: @code{#f}) -Whether to forward spurious DNS requests from Windows hosts. +Whether to block spurious DNS requests periodically made by hosts running +Windows, which don't get sensible answers from the public DNS. @item @code{poll?} (default: @code{#t}) -Continuously reads @file{/etc/resolv.conf} when @code{#true}, otherwise only -does so on SIGHUP. +When @code{#t}, continuously check @file{/etc/resolv.conf} for changes. +Otherwise do so only on SIGHUP. -@item @code{local} (default: @code{#f}) -A string representing domains where nothing will be forwarded to -@code{"/domain/"}). +@item @code{interfaces} (default: @code{'()}) +Listen only on the specified list of interfaces, such as @code{"wlp3"} +or @code{"lan0"}. The local (loopback) interface is added automatically. +If this list is empty, listen on all available interfaces. -@item @code{interface} (default: @code{#f}) -The interface(s) dnsmasq works on (like @code{"wlp3"} or @code{"lan0"}. -Multiple names can be specified as strings separated by commas. +When @code{bind-dynamic?} is set on Linux, IP alias interface labels +such as @code{"eth1:0"} will be checked rather than interface names. + +@item @code{bind-interfaces?} (default: @code{#f}) +XXX TODO @item @code{bind-dynamic?} (default: @code{#f}) -Bind to interfaces in use - check for new interfaces. +When @code{#t}, bind to the address of the network interfaces +currently in use, allowing for multiple Dnsmasq instances. +Moreover, automatically listen on any new interfaces or addresses +that appear later on---subject to access control configuration. + +This mode is available only on Linux. On other kernels, it will fall +back to @code{bind-interfaces?} mode. @item @code{expand-hosts?} (default: @code{#f}) -Expand simple names in @file{/etc/hosts} with domain-suffix. +Add the domain to simple names (those without a period) in +@file{/etc/hosts} in the same way as for DHCP-derived names. This does +not apply to domain names in cnames, PTR records, TXT records, etc. -@item @code{domain} (default: @code{#f}) -Specify the domain to be assigned in DHCP leases. +@item @code{domains} (default: @code{'()}) +A list of strings describing DNS domains for the DHCP server. Domains +may be be given unconditionally (without the IP range) or for limited +IP ranges. + +This has two effects; firstly it causes the DHCP server to return the +domain to any hosts which request it, and secondly it sets the domain +which it is legal for DHCP-configured hosts to claim. + +If a domain suffix is specified, then hostnames with a domain part are +allowed, provided the domain part matches the suffix. Hostnames +without a domain part have the suffix added as an optional domain part. + +If no domain suffix is specified, then any DHCP hostname with a domain +part (i.e., with a period) will be disallowed and logged. -@item @code{dhcp-range} (default: @code{#f}) -Enable DHCP in the range given with lease duration, the format is -@code{,,,}, e.g. -@code{192.0.2.50,192.0.2.150,255.255.255.0,1h}. +@item @code{dhcp-ranges} (default: @code{'()}) +Whether to enable the DHCP server for the given range(s). Each range +is a string that commonly follows the format +@code{,[,[,]]}, e.g. +@code{"192.0.2.50,192.0.2.150,255.255.255.0,1h"}. + +IP addresses will be given out (``leased'') from the range +@code{} to @code{}, with an optional +@code{}. +@comment …and from statically defined addresses given in --dhcp-host options. + +@code{} is optional. If given, leases will be valid +for that length of time: in seconds if no unit is given (e.g., +@code{45m}, @code{12h}, @code{7d}, @code{1w}), or @code{infinite}. + +Refer to the dnsmasq(8) man page for more options and information. @item @code{dhcp-options} (default: @code{'()}) -A list of options to be passed along. +A list of DHCP option strings as listed in the output of +@command{dnsmasq --help dhcp} and @command{dnsmasq --help dhcp6}. + +You can use both numerical options and their readable names: + +@lisp +;; This friendly list… +(list "option:router,1.2.3.4" + "option6:dns-server,[::],[1234::88]") + +;; …is equivalent to this one. +(list "3,1.2.3.4" + "23,[::],[1234::88]") +@end lisp @item @code{tftp-enable?} (default: @code{#f}) Whether to enable the built-in TFTP server. diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm index fc70834deb..4a0e29413f 100644 --- a/gnu/services/dns.scm +++ b/gnu/services/dns.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2021 Maxime Devos ;;; Copyright © 2022 Remco van 't Veer ;;; Copyright © 2023 Gabriel Wicki +;;; Copyright © 2023 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. ;;; @@ -774,19 +775,19 @@ (define-record-type* (default #f)) ;boolean (poll? dnsmasq-configuration-poll? (default #t)) ;boolean - (local dnsmasq-configuration-local - (default #f)) ;string - (interface dnsmasq-configuration-interface - (default #f)) ;string + (interfaces dnsmasq-configuration-interfaces + (default '())) ;list of string + (bind-interfaces? dnsmasq-configuration-bind-interfaces? + (default #f)) ;boolean (bind-dynamic? dnsmasq-configuration-bind-dynamic? (default #f)) ;boolean (expand-hosts? dnsmasq-configuration-expand-hosts? (default #f)) ;boolean - (domain dnsmasq-configuration-domain - (default #f)) ;string - (dhcp-range dnsmasq-configuration-dhcp-range - (default #f)) ;string - (dhcp-options dnsmasq-configuration-dhcp-options + (domains dnsmasq-configuration-domains + (default '())) ;list of string + (dhcp-ranges dnsmasq-configuration-dhcp-ranges + (default '())) ;list of string + (dhcp-options dnsmasq-configuration-dhcp-options (default '())) ;list of string (tftp-enable? dnsmasq-configuration-tftp-enable? (default #f)) ;boolean @@ -822,10 +823,10 @@ (define (dnsmasq-shepherd-service config) cache-size negative-cache? cpe-id domain-needed? bogus-priv? filterwin2k? poll? - local interface - bind-dynamic? expand-hosts? - domain - dhcp-range dhcp-options + interfaces + bind-interfaces? bind-dynamic? expand-hosts? + domains + dhcp-ranges dhcp-options tftp-enable? tftp-no-fail? tftp-single-port? tftp-secure? tftp-max tftp-mtu tftp-no-blocksize? @@ -885,11 +886,11 @@ (define (dnsmasq-shepherd-service config) #$@(if poll? '() '("--no-poll")) - #$@(if local - (list (format #f "--local=~a" local)) - '()) - #$@(if interface - (list (format #f "--interface=~a" interface)) + #$@(if (null? interfaces) + '() + (list (format #f "--interface=~{~a~^,~}" interfaces))) + #$@(if bind-interfaces? + '("--bind-interfaces") '()) #$@(if bind-dynamic? '("--bind-dynamic") @@ -897,12 +898,10 @@ (define (dnsmasq-shepherd-service config) #$@(if expand-hosts? '("--expand-hosts") '()) - #$@(if domain - (list (format #f "--domain=~a" domain)) - '()) - #$@(if dhcp-range - (list (format #f "--dhcp-range=~a" dhcp-range)) - '()) + #$@(map (cut format #f "--domain=~a" <>) + domains) + #$@(map (cut format #f "--dhcp-range=~a" <>) + dhcp-ranges) #$@(map (cut format #f "--dhcp-option=~a" <>) dhcp-options) #$@(if tftp-enable? -- 2.41.0