nixos/bind: Allow to set extra options #40053
Closed
+38
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BIND doesn't allow the options section (or any section I'd guess) to be defined more than once, so whenever you want to set an additional option you're stuck using weird hacks like this: services.bind.forwarders = lib.mkForce [ "}; empty-zones-enable no; #" ]; This basically exploits the fact that values coming from the module options aren't escaped and thus works in a similar vain to how SQL injection works. Another option would be to just set configFile to a file that includes all the options, including zones. That obviously makes the configuration way less extensible and more awkward to use with the module system. To make sure this change does work correctly I added a small test just for that. The test could use some improvements, but better to have a test rather than none at all. For a future improvement the test could be merged with the NSD test, because both use the same zone file format. Signed-off-by: aszlig <aszlig@nix.build> Cc: @peti, @edolstra
aszlig
added
0.kind: enhancement
GrahamcOfBorg
added
10.rebuild-darwin: 0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
BIND doesn't allow the options section (or any section I'd guess) to be defined more than once, so whenever you want to set an additional option you're stuck using weird hacks like this:
This basically exploits the fact that values coming from the module options aren't escaped and thus works in a similar vain to how SQL injection works.
Another option would be to just set
configFileto a file that includes all the options, including zones. That obviously makes the configuration way less extensible and more awkward to use with the module system.To make sure this change does work correctly I added a small test just for that. The test could use some improvements, but better to have a test rather than none at all. For a future improvement the test could be merged with the NSD test, because both use the same zone file format.