2022-07-31 11:03:59 +02:00
|
|
|
{ pkgs, ... }:
|
2022-08-25 15:41:15 +02:00
|
|
|
let
|
|
|
|
|
loggingConfig = ''
|
|
|
|
|
logging {
|
|
|
|
|
channel default_file {
|
|
|
|
|
file "/var/log/named/default.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel general_file {
|
|
|
|
|
file "/var/log/named/general.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel database_file {
|
|
|
|
|
file "/var/log/named/database.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel security_file {
|
|
|
|
|
file "/var/log/named/security.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel config_file {
|
|
|
|
|
file "/var/log/named/config.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel resolver_file {
|
|
|
|
|
file "/var/log/named/resolver.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel xfer-in_file {
|
|
|
|
|
file "/var/log/named/xfer-in.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel xfer-out_file {
|
|
|
|
|
file "/var/log/named/xfer-out.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel notify_file {
|
|
|
|
|
file "/var/log/named/notify.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel client_file {
|
|
|
|
|
file "/var/log/named/client.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel unmatched_file {
|
|
|
|
|
file "/var/log/named/unmatched.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel queries_file {
|
|
|
|
|
file "/var/log/named/queries.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel network_file {
|
|
|
|
|
file "/var/log/named/network.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel update_file {
|
|
|
|
|
file "/var/log/named/update.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel dispatch_file {
|
|
|
|
|
file "/var/log/named/dispatch.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel dnssec_file {
|
|
|
|
|
file "/var/log/named/dnssec.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
channel lame-servers_file {
|
|
|
|
|
file "/var/log/named/lame-servers.log" versions 3 size 5m;
|
|
|
|
|
severity dynamic;
|
|
|
|
|
print-time yes;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
category default { default_file; };
|
|
|
|
|
category general { general_file; };
|
|
|
|
|
category database { database_file; };
|
|
|
|
|
category security { security_file; };
|
|
|
|
|
category config { config_file; };
|
|
|
|
|
category resolver { resolver_file; };
|
|
|
|
|
category xfer-in { xfer-in_file; };
|
|
|
|
|
category xfer-out { xfer-out_file; };
|
|
|
|
|
category notify { notify_file; };
|
|
|
|
|
category client { client_file; };
|
|
|
|
|
category unmatched { unmatched_file; };
|
|
|
|
|
category queries { queries_file; };
|
|
|
|
|
category network { network_file; };
|
|
|
|
|
category update { update_file; };
|
|
|
|
|
category dispatch { dispatch_file; };
|
|
|
|
|
category dnssec { dnssec_file; };
|
|
|
|
|
category lame-servers { lame-servers_file; };
|
|
|
|
|
};
|
|
|
|
|
'';
|
|
|
|
|
in
|
2022-07-31 11:03:59 +02:00
|
|
|
{
|
2022-08-25 15:41:15 +02:00
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
|
"d /var/log/named 0750 named named - -"
|
|
|
|
|
];
|
|
|
|
|
|
2022-07-31 11:03:59 +02:00
|
|
|
services.bind = {
|
|
|
|
|
enable = true;
|
|
|
|
|
forwarders = [
|
2022-08-25 15:41:15 +02:00
|
|
|
"127.0.0.1 port 5353"
|
2022-07-31 11:03:59 +02:00
|
|
|
];
|
|
|
|
|
zones = {
|
|
|
|
|
"vault.in.redalder.org" = {
|
|
|
|
|
file = ./zones/vault.in.redalder.org.zone;
|
|
|
|
|
master = true;
|
|
|
|
|
};
|
2022-08-25 19:43:16 +02:00
|
|
|
"hosts.in.redalder.org" = {
|
|
|
|
|
file = ./zones/hosts.in.redalder.org.zone;
|
|
|
|
|
master = true;
|
|
|
|
|
};
|
2022-09-26 18:42:26 +02:00
|
|
|
"youtube.com" = {
|
|
|
|
|
file = ./zones/blocked.zone;
|
|
|
|
|
master = true;
|
|
|
|
|
};
|
2022-07-31 11:03:59 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
cacheNetworks = [
|
|
|
|
|
"127.0.0.0/8"
|
2022-08-25 15:41:15 +02:00
|
|
|
"10.64.2.0/24"
|
2022-07-31 11:03:59 +02:00
|
|
|
"10.64.1.0/24"
|
|
|
|
|
"10.64.0.0/24"
|
2022-08-25 19:43:16 +02:00
|
|
|
"172.26.64.0/20"
|
2022-07-31 11:03:59 +02:00
|
|
|
];
|
2022-08-25 15:41:15 +02:00
|
|
|
extraConfig = ''
|
|
|
|
|
${loggingConfig}
|
|
|
|
|
'';
|
2022-07-31 11:03:59 +02:00
|
|
|
extraOptions = ''
|
|
|
|
|
recursion yes;
|
2022-08-25 15:41:15 +02:00
|
|
|
dnssec-validation auto;
|
2022-07-31 11:03:59 +02:00
|
|
|
'';
|
2022-08-25 15:41:15 +02:00
|
|
|
# extraConfig = ''
|
|
|
|
|
# zone "consul.in.redalder.org" IN {
|
|
|
|
|
# type forward;
|
|
|
|
|
# forward only;
|
|
|
|
|
# forwarders { 10.64.1.201 port 8600; };
|
|
|
|
|
# };
|
|
|
|
|
# '';
|
2022-07-31 11:03:59 +02:00
|
|
|
};
|
|
|
|
|
|
2022-11-27 20:21:53 +01:00
|
|
|
systemd.services.bind = {
|
|
|
|
|
before = [ "network-online.target" ];
|
|
|
|
|
};
|
|
|
|
|
|
2022-07-31 11:03:59 +02:00
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
|
53
|
|
|
|
|
];
|
|
|
|
|
networking.firewall.allowedUDPPorts = [
|
|
|
|
|
53
|
|
|
|
|
];
|
|
|
|
|
}
|
