03/04: service: dnsmasq: Expose new options for authoritative operation.

[guix-commits]

guix_mirror_bot pushed a commit to branch master
in repository guix.

commit dc4db2273a51211e9d89b36d9e66268a219b94d9
Author: Maxim Cournoyer <ma...@guixotic.coop>
AuthorDate: Sun May 24 14:12:15 2026 +0900

    service: dnsmasq: Expose new options for authoritative operation.
    
    * gnu/services/dns.scm (<dnsmasq-configuration>)
    [authoritative-servers, authoritative-zones, host-records]: New fields.
    (dnsmasq-shepherd-service): Use them.
    * doc/guix.texi (DNS Services): Add a new example and document the new 
fields.
    
    Change-Id: Ib26c3f59e90b2a9997ecdac03c5564ae02b6754e
    Reviewed-by: Nguyễn Gia Phong <c...@loang.net>
---
 doc/guix.texi        | 30 ++++++++++++++++++++++++++++++
 gnu/services/dns.scm | 17 ++++++++++++++++-
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 63cd99ac09..b4eebc8e14 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -38112,6 +38112,21 @@ This is the type of the dnsmasq service, whose value 
should be a
            (servers '("192.168.1.1"))))
 @end lisp
 
+The following example shows a slightly more complex configuration that
+defines an authoritative DNS server on a given subdomain.
+@lisp
+(service dnsmasq-service-type
+         (dnsmasq-configuration
+           (listen-addresses '("10.1.1.1"))
+           (no-resolv? #t)
+           (no-hosts? #t)
+           (authoritative-servers '("vpn.example.com")) ;self
+           (authoritative-zones '("vpn.example.com"))
+           (host-records '("some-service.vpn.example.com,10.1.1.1"))))
+@end lisp
+
+For more examples, refer to @samp{man 8 dnsmasq.}
+
 @code{dnsmasq-service-type} provides two actions:
 
 @table @code
@@ -38213,6 +38228,21 @@ The file to read the IP address of the upstream 
nameservers from.
 @item @code{no-resolv?} (default: @code{#f})
 When true, don't read @var{resolv-file}.
 
+@item @code{authoritative-servers} (default: @code{'()})
+A list of strings corresponding to valid @option{--auth-server} values,
+such as a domain name.  This is useful to make @command{dnsmasq}
+authoritative for a given domain name or interface.
+
+@item @code{authoritative-zones} (default: @code{'()})
+A list of strings corresponding to valid @option{--auth-zone} values,
+such as a domain name.  This is useful to make @command{dnsmasq}
+authoritative for a given domain name.  Note that this must be used in
+conjunction with the @code{authoritative-servers} option.
+
+@item @code{host-records} (default: @code{'()})
+A list of strings corresponding to valid @option{--host-record} values,
+for example @code{'("some-service.example.com,10.1.1.1")}.
+
 @item @code{forward-private-reverse-lookup?} (default: @code{#t})
 When false, all reverse lookups for private IP ranges are answered with
 "no such domain" rather than being forwarded upstream.
diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm
index 52ee99789d..f5c9f3e0d0 100644
--- a/gnu/services/dns.scm
+++ b/gnu/services/dns.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2021 Maxime Devos <maximede...@telenet.be>
 ;;; Copyright © 2022 Remco van 't Veer <re...@remworks.net>
 ;;; Copyright © 2024 Sören Tempel <soe...@soeren-tempel.net>
+;;; Copyright © 2026 Maxim Cournoyer <ma...@guixotic.coop>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -68,6 +69,7 @@
             dnsmasq-configuration-ipv6?
             dnsmasq-configuration-resolv-file
             dnsmasq-configuration-no-resolv?
+            dnsmasq-configuration-authoritative-zones
             dnsmasq-configuration-forward-private-reverse-lookup?
             dnsmasq-configuration-query-servers-in-order?
             dnsmasq-configuration-locals
@@ -804,6 +806,12 @@ cache.size = 100 * MB
                     (default "/etc/resolv.conf")) ;string
   (no-resolv?       dnsmasq-configuration-no-resolv?
                     (default #f))       ;boolean
+  (authoritative-servers dnsmasq-configuration-authoritative-servers
+                       (default '()))   ;list of strings
+  (authoritative-zones dnsmasq-configuration-authoritative-zones
+                       (default '()))   ;list of strings
+  (host-records dnsmasq-configuration-host-records
+                (default '()))          ;list of strings
   (forward-private-reverse-lookup?
                     dnsmasq-configuration-forward-private-reverse-lookup?
                     (default #t))       ;boolean
@@ -870,6 +878,7 @@ cache.size = 100 * MB
      no-hosts?
      port local-service? listen-addresses ipv4? ipv6?
      resolv-file no-resolv?
+     authoritative-servers authoritative-zones host-records
      forward-private-reverse-lookup? query-servers-in-order?
      locals servers addresses servers-file
      cache-size negative-cache?
@@ -909,7 +918,13 @@ cache.size = 100 * MB
                 #$(format #f "--resolv-file=~a" resolv-file)
                 #$@(if no-resolv?
                        '("--no-resolv")
-                        '())
+                       '())
+                #$@(map (cut format #f "--auth-server=~a" <>)
+                        authoritative-servers)
+                #$@(map (cut format #f "--auth-zone=~a" <>)
+                        authoritative-zones)
+                #$@(map (cut format #f "--host-record=~a" <>)
+                        host-records)
                 #$@(if forward-private-reverse-lookup?
                        '()
                         '("--bogus-priv"))