summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--doc/guix.texi13
-rw-r--r--gnu/services/dns.scm183
2 files changed, 115 insertions, 81 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 44b0f9f1ea..e8ef4286be 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -100,6 +100,7 @@ Copyright @copyright{} 2021 Josselin Poiret@*
 Copyright @copyright{} 2021 Andrew Tropin@*
 Copyright @copyright{} 2021 Sarah Morgensen@*
 Copyright @copyright{} 2021 Josselin Poiret@*
+Copyright @copyright{} 2022 Remco van 't Veer@*
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -28945,6 +28946,14 @@ The file to read the IP address of the upstream nameservers from.
 @item @code{no-resolv?} (default: @code{#f})
 When true, don't read @var{resolv-file}.
 
+@item @code{forward-private-reverse-lookup?} (default: @code{#t})
+When false, all reverse lookups for private IP ranges are answered with
+"no such domain" rather than being forwarded upstream.
+
+@item @code{query-servers-in-order?} (default: @code{#f})
+When true, dnsmasq queries the servers in the same order as they appear
+in @var{servers}.
+
 @item @code{servers} (default: @code{'()})
 Specify IP address of upstream servers directly.
 
@@ -28974,6 +28983,10 @@ disables caching.
 @item @code{negative-cache?} (default: @code{#t})
 When false, disable negative caching.
 
+@item @code{cpe-id} (default: @code{#f})
+If set, add a CPE (Customer-Premises Equipment) identifier to DNS
+queries which are forwarded upstream.
+
 @item @code{tftp-enable?} (default: @code{#f})
 Whether to enable the built-in TFTP server.
 
diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm
index 9b8603cc95..a220b33f15 100644
--- a/gnu/services/dns.scm
+++ b/gnu/services/dns.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com>
 ;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
+;;; Copyright © 2022 Remco van 't Veer <remco@remworks.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -745,6 +746,12 @@ cache.size = 100 * MB
                     (default "/etc/resolv.conf")) ;string
   (no-resolv?       dnsmasq-configuration-no-resolv?
                     (default #f))       ;boolean
+  (forward-private-reverse-lookup?
+                    dnsmasq-configuration-forward-private-reverse-lookup?
+                    (default #t))       ;boolean
+  (query-servers-in-order?
+                    dnsmasq-configuration-query-servers-in-order?
+                    (default #f))       ;boolean
   (servers          dnsmasq-configuration-servers
                     (default '()))      ;list of string
   (addresses        dnsmasq-configuration-addresses
@@ -752,7 +759,9 @@ cache.size = 100 * MB
   (cache-size       dnsmasq-configuration-cache-size
                     (default 150))      ;integer
   (negative-cache?  dnsmasq-configuration-negative-cache?
-                    (default #t))      ;boolean
+                    (default #t))       ;boolean
+  (cpe-id           dnsmasq-configuration-cpe-id
+                    (default #t))       ;string
   (tftp-enable?     dnsmasq-configuration-tftp-enable?
                     (default #f))       ;boolean
   (tftp-no-fail?    dnsmasq-configuration-tftp-no-fail?
@@ -776,86 +785,98 @@ cache.size = 100 * MB
   (tftp-unique-root dnsmasq-tftp-unique-root
                     (default #f)))      ;"" or "ip" or "mac"
 
-(define dnsmasq-shepherd-service
-  (match-lambda
-    (($ <dnsmasq-configuration> package
-                                no-hosts?
-                                port local-service? listen-addresses
-                                resolv-file no-resolv? servers
-                                addresses cache-size negative-cache?
-                                tftp-enable? tftp-no-fail?
-                                tftp-single-port? tftp-secure?
-                                tftp-max tftp-mtu tftp-no-blocksize?
-                                tftp-lowercase? tftp-port-range
-                                tftp-root tftp-unique-root)
-     (shepherd-service
-      (provision '(dnsmasq))
-      (requirement '(networking))
-      (documentation "Run the dnsmasq DNS server.")
-      (start #~(make-forkexec-constructor
-                '(#$(file-append package "/sbin/dnsmasq")
-                  "--keep-in-foreground"
-                  "--pid-file=/run/dnsmasq.pid"
-                  #$@(if no-hosts?
-                         '("--no-hosts")
-                         '())
-                  #$(format #f "--port=~a" port)
-                  #$@(if local-service?
-                         '("--local-service")
-                         '())
-                  #$@(map (cut format #f "--listen-address=~a" <>)
-                          listen-addresses)
-                  #$(format #f "--resolv-file=~a" resolv-file)
-                  #$@(if no-resolv?
-                         '("--no-resolv")
-                         '())
-                  #$@(map (cut format #f "--server=~a" <>)
-                          servers)
-                  #$@(map (cut format #f "--address=~a" <>)
-                          addresses)
-                  #$(format #f "--cache-size=~a" cache-size)
-                  #$@(if negative-cache?
-                         '()
-                         '("--no-negcache"))
-                  #$@(if tftp-enable?
-                         '("--enable-tftp")
-                         '())
-                  #$@(if tftp-no-fail?
-                         '("--tftp-no-fail")
-                         '())
-                  #$@(if tftp-single-port?
-                         '("--tftp-single-port")
-                         '())
-                  #$@(if tftp-secure?
-                         '("--tftp-secure?")
-                         '())
-                  #$@(if tftp-max
-                         (list (format #f "--tftp-max=~a" tftp-max))
-                         '())
-                  #$@(if tftp-mtu
-                         (list (format #f "--tftp-mtu=~a" tftp-mtu))
-                         '())
-                  #$@(if tftp-no-blocksize?
-                         '("--tftp-no-blocksize")
-                         '())
-                  #$@(if tftp-lowercase?
-                         '("--tftp-lowercase")
-                         '())
-                  #$@(if tftp-port-range
-                         (list (format #f "--tftp-port-range=~a"
-                                          tftp-port-range))
-                         '())
-                  #$@(if tftp-root
-                         (list (format #f "--tftp-root=~a" tftp-root))
-                         '())
-                  #$@(if tftp-unique-root
-                         (list
-                          (if (> (length tftp-unique-root) 0)
-                              (format #f "--tftp-unique-root=~a" tftp-unique-root)
-                              (format #f "--tftp-unique-root")))
-                         '()))
-                #:pid-file "/run/dnsmasq.pid"))
-      (stop #~(make-kill-destructor))))))
+(define (dnsmasq-shepherd-service config)
+  (match-record config <dnsmasq-configuration>
+    (package
+     no-hosts?
+     port local-service? listen-addresses
+     resolv-file no-resolv?
+     forward-private-reverse-lookup? query-servers-in-order?
+     servers addresses
+     cache-size negative-cache?
+     cpe-id
+     tftp-enable? tftp-no-fail?
+     tftp-single-port? tftp-secure?
+     tftp-max tftp-mtu tftp-no-blocksize?
+     tftp-lowercase? tftp-port-range
+     tftp-root tftp-unique-root)
+    (shepherd-service
+     (provision '(dnsmasq))
+     (requirement '(networking))
+     (documentation "Run the dnsmasq DNS server.")
+     (start #~(make-forkexec-constructor
+               '(#$(file-append package "/sbin/dnsmasq")
+                 "--keep-in-foreground"
+                 "--pid-file=/run/dnsmasq.pid"
+                 #$@(if no-hosts?
+                        '("--no-hosts")
+                        '())
+                 #$(format #f "--port=~a" port)
+                 #$@(if local-service?
+                        '("--local-service")
+                        '())
+                 #$@(map (cut format #f "--listen-address=~a" <>)
+                         listen-addresses)
+                 #$(format #f "--resolv-file=~a" resolv-file)
+                 #$@(if no-resolv?
+                        '("--no-resolv")
+                        '())
+                 #$@(if forward-private-reverse-lookup?
+                        '()
+                        '("--bogus-priv"))
+                 #$@(if query-servers-in-order?
+                        '("--strict-order")
+                        '())
+                 #$@(map (cut format #f "--server=~a" <>)
+                         servers)
+                 #$@(map (cut format #f "--address=~a" <>)
+                         addresses)
+                 #$(format #f "--cache-size=~a" cache-size)
+                 #$@(if negative-cache?
+                        '()
+                        '("--no-negcache"))
+                 #$@(if cpe-id
+                        (list (format #f "--add-cpe-id=~a" cpe-id))
+                        '())
+                 #$@(if tftp-enable?
+                        '("--enable-tftp")
+                        '())
+                 #$@(if tftp-no-fail?
+                        '("--tftp-no-fail")
+                        '())
+                 #$@(if tftp-single-port?
+                        '("--tftp-single-port")
+                        '())
+                 #$@(if tftp-secure?
+                        '("--tftp-secure?")
+                        '())
+                 #$@(if tftp-max
+                        (list (format #f "--tftp-max=~a" tftp-max))
+                        '())
+                 #$@(if tftp-mtu
+                        (list (format #f "--tftp-mtu=~a" tftp-mtu))
+                        '())
+                 #$@(if tftp-no-blocksize?
+                        '("--tftp-no-blocksize")
+                        '())
+                 #$@(if tftp-lowercase?
+                        '("--tftp-lowercase")
+                        '())
+                 #$@(if tftp-port-range
+                        (list (format #f "--tftp-port-range=~a"
+                                      tftp-port-range))
+                        '())
+                 #$@(if tftp-root
+                        (list (format #f "--tftp-root=~a" tftp-root))
+                        '())
+                 #$@(if tftp-unique-root
+                        (list
+                         (if (> (length tftp-unique-root) 0)
+                             (format #f "--tftp-unique-root=~a" tftp-unique-root)
+                             (format #f "--tftp-unique-root")))
+                        '()))
+               #:pid-file "/run/dnsmasq.pid"))
+     (stop #~(make-kill-destructor)))))
 
 (define (dnsmasq-activation config)
   #~(begin