From 939f122fb5d4fa2e9b39fc9870b4a8447753368a Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Thu, 29 Aug 2024 08:12:02 -0700 Subject: [PATCH] bind: Set default forwarder as systemd-resolved Closes: #1196. - systemd-resolved always contains the current list of known DNS servers taken from systemd-networkd, network-manager, or by other means. It also has fallback DNS servers. Forwarding requests to it allows correct and failsafe way to reach external DNS servers. Tests: - Freshly install bind and notice that the fowarders list is set to 127.0.0.53. - Install without the patch. Apply patch. Restart service. bind is upgraded to new version and forwarder is set to 127.0.0.53 if it is blank. Otherwise, it remains as is. Signed-off-by: Sunil Mohan Adapa Reviewed-by: Veiko Aasa --- plinth/modules/bind/__init__.py | 2 +- plinth/modules/bind/privileged.py | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/plinth/modules/bind/__init__.py b/plinth/modules/bind/__init__.py index 4f4971731..d1000cbf7 100644 --- a/plinth/modules/bind/__init__.py +++ b/plinth/modules/bind/__init__.py @@ -30,7 +30,7 @@ class BindApp(app_module.App): app_id = 'bind' - _version = 3 + _version = 4 def __init__(self) -> None: """Create components for the app.""" diff --git a/plinth/modules/bind/privileged.py b/plinth/modules/bind/privileged.py index 8e339680d..9276b9443 100644 --- a/plinth/modules/bind/privileged.py +++ b/plinth/modules/bind/privileged.py @@ -24,7 +24,7 @@ recursion yes; allow-query { goodclients; }; forwarders { - +127.0.0.53; }; forward first; @@ -32,6 +32,7 @@ auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; ''' +DEFAULT_FORWARDER = '127.0.0.53' # systemd-resolved @privileged @@ -40,8 +41,12 @@ def setup(old_version: int): if old_version == 0: with open(CONFIG_FILE, 'w', encoding='utf-8') as conf_file: conf_file.write(DEFAULT_CONFIG) - elif old_version < 3: - _remove_dnssec() + elif old_version < 4: + if not get_config()['forwarders']: + _set_forwarders(DEFAULT_FORWARDER) + + if old_version < 3: + _remove_dnssec() Path(ZONES_DIR).mkdir(exist_ok=True, parents=True)