nixos/pdns-recursor: update default values

1. Update the default values of several addresses-related settings that have been changed by upstream. 2. Make `dns.address` take multiple addresses. This is needed for dual stack, now working by default.
2022-04-13 17:40:11 +02:00 · 2022-04-13 17:40:11 +02:00 · fd480f55df
parent cb80b946a4
commit fd480f55df
1 changed files with 12 additions and 7 deletions
--- a/nixos/modules/services/networking/pdns-recursor.nix
+++ b/nixos/modules/services/networking/pdns-recursor.nix
@ -30,10 +30,10 @@ in {
    enable = mkEnableOption "PowerDNS Recursor, a recursive DNS server";
    dns.address = mkOption {
-      type = types.str;
+      type = oneOrMore types.str;
-      default = "0.0.0.0";
+      default = [ "::" "0.0.0.0" ];
      description = ''
-        IP address Recursor DNS server will bind to.
+        IP addresses Recursor DNS server will bind to.
      '';
    };
@ -47,8 +47,12 @@ in {
    dns.allowFrom = mkOption {
      type = types.listOf types.str;
-      default = [ "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" ];
+      default = [
-      example = [ "0.0.0.0/0" ];
+        "127.0.0.0/8" "10.0.0.0/8" "100.64.0.0/10"
        "169.254.0.0/16" "192.168.0.0/16" "172.16.0.0/12"
        "::1/128" "fc00::/7" "fe80::/10"
      ];
      example = [ "0.0.0.0/0" "::/0" ];
      description = ''
        IP address ranges of clients allowed to make DNS queries.
      '';
@ -72,7 +76,8 @@ in {
    api.allowFrom = mkOption {
      type = types.listOf types.str;
-      default = [ "0.0.0.0/0" ];
+      default = [ "127.0.0.1" "::1" ];
      example = [ "0.0.0.0/0" "::/0" ];
      description = ''
        IP address ranges of clients allowed to make API requests.
      '';
@ -96,7 +101,7 @@ in {
    forwardZonesRecurse = mkOption {
      type = types.attrs;
-      example = { eth = "127.0.0.1:5353"; };
+      example = { eth = "[::1]:5353"; };
      default = {};
      description = ''
        DNS zones to be forwarded to other recursive servers.