Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unbound: optionally support DNS-over-HTTPS #108151

Merged
merged 3 commits into from Feb 25, 2021
Merged

unbound: optionally support DNS-over-HTTPS #108151

merged 3 commits into from Feb 25, 2021

Conversation

nagy
Copy link
Member

@nagy nagy commented Jan 1, 2021

Motivation for this change

unbound can be used as a DNS-over-HTTPS (DoH) server.

This is a blog post introducing the feature:

https://www.nlnetlabs.nl/news/2020/Oct/08/unbound-1.12.0-released/

Notify Maintainers

cc @ehmry @fpletz @globin

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@SuperSandro2000
Copy link
Member

Build on linux amd64.

SuperSandro2000
SuperSandro2000 approved these changes Jan 10, 2021
View reviewed changes
Copy link
Member

@SuperSandro2000 SuperSandro2000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

other than that LGTM

@mweinelt
Copy link
Member

mweinelt commented Feb 8, 2021

This looks good.

Are you possibly interested in adding a small test case to the existing nixos/tests/unbound.nix? This would help us validate the functionality of this feature going forward.

@nagy
Copy link
Member Author

nagy commented Feb 8, 2021

Are you possibly interested in adding a small test case to the existing nixos/tests/unbound.nix? This would help us validate the functionality of this feature going forward.

It would be my first nixos test but I can give it a try.

@nagy
Copy link
Member Author

nagy commented Feb 13, 2021

The introduced withDoH argument default to false, meaning that the feature itself would not be built without overriding the package.

The test in nixos/test/unbound.nix tests the default package ( which makes sense to me). Do you want to switch withDoH to `true by default or would you rather override the package in the testsuite ?

@andir
Copy link
Member

andir commented Feb 13, 2021

The introduced withDoH argument default to false, meaning that the feature itself would not be built without overriding the package.

The test in nixos/test/unbound.nix tests the default package ( which makes sense to me). Do you want to switch withDoH to `true by default or would you rather override the package in the testsuite ?

The NixOS module is using the unbound-with-systemd package by default. We could rename that package to unbound-full (or whatever) and add DoH support to it. The reason we wouldn't do this to the default unbound package is that is a common dependency for a ton of packages (including everything that somewhere in the tree depends on systemd or udev).

@nagy
Copy link
Member Author

nagy commented Feb 13, 2021

I have drafted out something which seems to pass. Do you have any suggested changes ?

@ofborg ofborg bot requested review from globin, ehmry and fpletz February 13, 2021 22:34
@tomberek tomberek merged commit 930e367 into NixOS:master Feb 25, 2021
@nagy nagy deleted the unbound-doh branch February 26, 2021 10:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mweinelt mweinelt mweinelt approved these changes

@SuperSandro2000 SuperSandro2000 SuperSandro2000 approved these changes

@globin globin Awaiting requested review from globin

@ehmry ehmry Awaiting requested review from ehmry

@fpletz fpletz Awaiting requested review from fpletz

Assignees
No one assigned
Labels
6.topic: nixos 8.has: package (new) 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10 10.rebuild-linux: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@nagy @SuperSandro2000 @mweinelt @andir @ehmry @tomberek