nixos/bind: fix listenOnPort option

2026-06-05 21:03:40 +00:00 · 2025-10-24 14:36:27 +02:00
parent 4c34eb0096
commit fa252e8eb5
2 changed files with 53 additions and 22 deletions
--- a/nixos/modules/services/networking/bind.nix
+++ b/nixos/modules/services/networking/bind.nix
@@ -107,8 +107,12 @@ let
      acl badnetworks { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.blockedNetworks} };

      options {
-        listen-on { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.listenOn} };
-        listen-on-v6 { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.listenOnIpv6} };
+        listen-on port ${toString cfg.listenOnPort} { ${
+          lib.concatMapStrings (entry: " ${entry}; ") cfg.listenOn
+        } };
+        listen-on-v6 port ${toString cfg.listenOnIpv6Port} { ${
+          lib.concatMapStrings (entry: " ${entry}; ") cfg.listenOnIpv6
+        } };
        allow-query-cache { cachenetworks; };
        blackhole { badnetworks; };
        forward ${cfg.forward};
--- a/nixos/tests/bind.nix
+++ b/nixos/tests/bind.nix
@@ -1,30 +1,57 @@
-{ ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  zones = lib.singleton {
+    name = ".";
+    master = true;
+    file = pkgs.writeText "root.zone" ''
+      $TTL 3600
+      . IN SOA ns.example.org. admin.example.org. ( 1 3h 1h 1w 1d )
+      . IN NS ns.example.org.
+
+      ns.example.org. IN A    192.168.0.1
+      ns.example.org. IN AAAA abcd::1
+
+      1.0.168.192.in-addr.arpa IN PTR ns.example.org.
+    '';
+  };
+in
 {
  name = "bind";

-  nodes.machine =
-    { pkgs, lib, ... }:
-    {
-      services.bind.enable = true;
-      services.bind.extraOptions = "empty-zones-enable no;";
-      services.bind.zones = lib.singleton {
-        name = ".";
-        master = true;
-        file = pkgs.writeText "root.zone" ''
-          $TTL 3600
-          . IN SOA ns.example.org. admin.example.org. ( 1 3h 1h 1w 1d )
-          . IN NS ns.example.org.
+  nodes = {
+    machine = {
+      services.bind = {
+        enable = true;

-          ns.example.org. IN A    192.168.0.1
-          ns.example.org. IN AAAA abcd::1
-
-          1.0.168.192.in-addr.arpa IN PTR ns.example.org.
-        '';
+        extraOptions = "empty-zones-enable no;";
+        inherit zones;
      };
    };

+    machineNonDefaultPort = {
+      services.bind = {
+        enable = true;
+
+        extraOptions = "empty-zones-enable no;";
+        inherit zones;
+
+        listenOnPort = 9053;
+      };
+    };
+  };
+
  testScript = ''
-    machine.wait_for_unit("bind.service")
-    machine.succeed("host 192.168.0.1 127.0.0.1 | grep -qF ns.example.org")
+    with subtest("Bind starts and responds"):
+      machine.wait_for_unit("bind.service")
+      machine.succeed("host 192.168.0.1 127.0.0.1 | grep -qF ns.example.org")
+
+    with subtest("Bind starts and responds on nondefault port"):
+      machineNonDefaultPort.wait_for_unit("bind.service")
+      machineNonDefaultPort.succeed("host -p 9053 192.168.0.1 127.0.0.1 | grep -qF ns.example.org")
  '';
 }