diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix index 0c4f4cbfa5c6..ceb9152e6de6 100644 --- a/nixos/modules/config/networking.nix +++ b/nixos/modules/config/networking.nix @@ -11,6 +11,11 @@ let config.services.dnsmasq.resolveLocalQueries; hasLocalResolver = config.services.bind.enable || dnsmasqResolve; + resolvconfOptions = + builtins.replaceStrings ["\n"] [" "] + (cfg.resolvconfOptions + + (optionalString cfg.dnsSingleRequest " single-request") + + (optionalString cfg.dnsExtensionMechanism " ends0")); in { @@ -59,6 +64,14 @@ in ''; }; + networking.resolvconfOptions = lib.mkOption { + type = types.lines; + default = ""; + example = "ndots:1 rotate"; + description = '' + Set the options in /etc/resolv.conf. + ''; + }; networking.proxy = { @@ -171,12 +184,9 @@ in # Invalidate the nscd cache whenever resolv.conf is # regenerated. libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service 2> /dev/null' - '' + optionalString cfg.dnsSingleRequest '' - # only send one DNS request at a time - resolv_conf_options+=' single-request' - '' + optionalString cfg.dnsExtensionMechanism '' - # enable extension mechanisms for DNS - resolv_conf_options+=' edns0' + '' + optionalString ((stringLength resolvconfOptions) > 0) '' + # Options as described in resolv.conf(5) + resolv_conf_options='${resolvconfOptions}' '' + optionalString hasLocalResolver '' # This hosts runs a full-blown DNS resolver. name_servers='127.0.0.1'