nixos/bind: configurable "forward" setting

Sometimes it is preferable to configure forwarding only for bind
instead of relying on direct lookups.

This patch makes it possible to configure the forward setting to
either "first" (the default) or "only".

1 files changed, 9 insertions, 1 deletions

diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix
index e44f8d4cf30..2045612ec05 100644
--- a/nixos/modules/services/networking/bind.nix
+++ b/nixos/modules/services/networking/bind.nix
@@ -59,7 +59,7 @@ let
         listen-on-v6 { ${concatMapStrings (entry: " ${entry}; ") cfg.listenOnIpv6} };
         allow-query { cachenetworks; };
         blackhole { badnetworks; };
-        forward first;
+        forward ${cfg.forward};
         forwarders { ${concatMapStrings (entry: " ${entry}; ") cfg.forwarders} };
         directory "${cfg.directory}";
         pid-file "/run/named/named.pid";
@@ -151,6 +151,14 @@ in
         ";
       };
 
+      forward = mkOption {
+        default = "first";
+        type = types.enum ["first" "only"];
+        description = "
+          Whether to forward 'first' (try forwarding but lookup directly if forwarding fails) or 'only'.
+        ";
+      };
+
       listenOn = mkOption {
         default = [ "any" ];
         type = types.listOf types.str;