From c355b2729c01c4ea35a430dd6dfea9ae3848f816 Mon Sep 17 00:00:00 2001
From: Matt Christ <matt@christ.systems>
Date: Sat, 1 Jan 2022 08:33:51 -0600
Subject: nixos/bind: configurable "forward" setting

Sometimes it is preferable to configure forwarding only for bind
instead of relying on direct lookups.

This patch makes it possible to configure the forward setting to
either "first" (the default) or "only".
---
 nixos/modules/services/networking/bind.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix
index e44f8d4cf30..2045612ec05 100644
--- a/nixos/modules/services/networking/bind.nix
+++ b/nixos/modules/services/networking/bind.nix
@@ -59,7 +59,7 @@ let
         listen-on-v6 { ${concatMapStrings (entry: " ${entry}; ") cfg.listenOnIpv6} };
         allow-query { cachenetworks; };
         blackhole { badnetworks; };
-        forward first;
+        forward ${cfg.forward};
         forwarders { ${concatMapStrings (entry: " ${entry}; ") cfg.forwarders} };
         directory "${cfg.directory}";
         pid-file "/run/named/named.pid";
@@ -151,6 +151,14 @@ in
         ";
       };
 
+      forward = mkOption {
+        default = "first";
+        type = types.enum ["first" "only"];
+        description = "
+          Whether to forward 'first' (try forwarding but lookup directly if forwarding fails) or 'only'.
+        ";
+      };
+
       listenOn = mkOption {
         default = [ "any" ];
         type = types.listOf types.str;
-- 
cgit 1.4.1