diff --git a/doc/guix.texi b/doc/guix.texi index 77bdaa50eb..e1353842e4 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -16405,7 +16405,11 @@ saved to @code{/etc/letsencrypt/live/@var{name}/privkey.pem}. The @code{(gnu services dns)} module provides services related to the @dfn{domain name system} (DNS). It provides a server service for hosting an @emph{authoritative} DNS server for multiple zones, slave or master. -This service uses @uref{https://www.knot-dns.cz/, Knot DNS}. +This service uses @uref{https://www.knot-dns.cz/, Knot DNS}. And also a +caching and forwarding DNS server for the LAN, which uses +@uref{http://www.thekelleys.org.uk/dnsmasq/doc.html, dnsmasq}. + +@subsubheading Knot Service An example configuration of an authoritative server for two zones, one master and one slave, is: @@ -16800,6 +16804,59 @@ The list of knot-zone-configuration used by this configuration. @end table @end deftp +@subsubheading Dnsmasq Service + +@deffn {Scheme Variable} dnsmasq-service-type +This is the type of the dnsmasq service, whose value should be an +@code{dnsmasq-configuration} object as in this example: + +@example +(service dnsmasq-service-type + (dnsmasq-configuration + (no-resolv? #t) + (servers '("192.168.1.1")))) +@end example +@end deffn + +@deftp {Data Type} dnsmasq-configuration +Data type representing the configuration of dnsmasq. + +@table @asis +@item @code{package} (default: @var{dnsmasq}) +Package object of the dnsmasq server. + +@item @code{no-hosts?} (default: @code{#f}) +When true, don't read the hostnames in /etc/hosts. + +@item @code{port} (default: @code{53}) +The port to listen on. Setting this to zero completely disables DNS +funtion, leaving only DHCP and/or TFTP. + +@item @code{local-service?} (default: @code{#t}) +Accept DNS queries only from hosts whose address is on a local subnet, +ie a subnet for which an interface exists on the server. + +@item @code{listen-addresses} (default: @code{'()}) +Listen on the given IP addresses. + +@item @code{resolv-file} (default: @code{"/etc/resolv.conf"}) +The file to read the IP address of the upstream nameservers from. + +@item @code{no-resolv?} (default: @code{#f}) +When true, don't read @var{resolv-file}. + +@item @code{servers} (default: @code{'()}) +Specify IP address of upstream servers directly. + +@item @code{cache-size} (default: @code{150}) +Set the size of dnsmasq's cache. Setting the cache size to zero +disables caching. + +@item @code{no-negcache?} (default: @code{#f}) +When true, disable negative caching. + +@end table +@end deftp @node VPN Services @subsubsection VPN Services diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm index 673ab1a98d..d0913e90ed 100644 --- a/gnu/services/dns.scm +++ b/gnu/services/dns.scm @@ -27,6 +27,7 @@ #:use-module (guix records) #:use-module (guix gexp) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-26) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) #:use-module (ice-9 match) @@ -41,7 +42,10 @@ knot-configuration define-zone-entries zone-file - zone-entry)) + zone-entry + + dnsmasq-service-type + dnsmasq-configuration)) ;;; ;;; Knot DNS. @@ -591,3 +595,76 @@ knot-activation) (service-extension account-service-type (const %knot-accounts)))))) + + +;;; +;;; Dnsmasq. +;;; + +(define-record-type* + dnsmasq-configuration make-dnsmasq-configuration + dnsmasq-configuration? + (package dnsmasq-configuration-package + (default dnsmasq)) ;package + (no-hosts? dnsmasq-configuration-no-hosts? + (default #f)) ;boolean + (port dnsmasq-configuration-port + (default 53)) ;integer + (local-service? dnsmasq-configuration-local-service? + (default #t)) ;boolean + (listen-addresses dnsmasq-configuration-listen-address + (default '())) ;list of string + (resolv-file dnsmasq-configuration-resolv-file + (default "/etc/resolv.conf")) ;string + (no-resolv? dnsmasq-configuration-no-resolv? + (default #f)) ;boolean + (servers dnsmasq-configuration-servers + (default '())) ;list of string + (cache-size dnsmasq-configuration-cache-size + (default 150)) ;integer + (no-negcache? dnsmasq-configuration-no-negcache? + (default #f))) ;boolean + +(define dnsmasq-shepherd-service + (match-lambda + (($ package + no-hosts? + port local-service? listen-addresses + resolv-file no-resolv? servers + cache-size no-negcache?) + (shepherd-service + (provision '(dnsmasq)) + (requirement '(networking)) + (documentation "Run the dnsmasq DNS server.") + (start #~(make-forkexec-constructor + '(#$(file-append package "/sbin/dnsmasq") + "--keep-in-foreground" + "--pid-file=/run/dnsmasq.pid" + #$@(if no-hosts? + '("--no-hosts") + '()) + #$(format #f "--port=~a" port) + #$@(if local-service? + '("--local-service") + '()) + #$@(map (cut format #f "--listen-address=~a" <>) + listen-addresses) + #$(format #f "--resolv-file=~a" resolv-file) + #$@(if no-resolv? + '("--no-resolv") + '()) + #$@(map (cut format #f "--server=~a" <>) + servers) + #$(format #f "--cache-size=~a" cache-size) + #$@(if no-negcache? + '("--no-negcache") + '())) + #:pid-file "/run/dnsmasq.pid")) + (stop #~(make-kill-destructor)))))) + +(define dnsmasq-service-type + (service-type + (name 'dnsmasq) + (extensions + (list (service-extension shepherd-root-service-type + (compose list dnsmasq-shepherd-service))))))