diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix
index 816234506593..4e51725b19de 100644
--- a/nixos/modules/services/networking/networkmanager.nix
+++ b/nixos/modules/services/networking/networkmanager.nix
@@ -9,18 +9,11 @@ let
# /var/lib/misc is for dnsmasq.leases.
stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc";
- dns =
- if cfg.dns == "none" then "none"
- else if cfg.dns == "dnsmasq" then "dnsmasq"
- else if config.services.resolved.enable then "systemd-resolved"
- else if config.services.unbound.enable then "unbound"
- else "default";
-
configFile = writeText "NetworkManager.conf" ''
[main]
plugins=keyfile
dhcp=${cfg.dhcp}
- dns=${dns}
+ dns=${cfg.dns}
[keyfile]
${optionalString (cfg.unmanaged != [])
@@ -217,19 +210,73 @@ in {
};
dns = mkOption {
- type = types.enum [ "auto" "dnsmasq" "none" ];
- default = "auto";
+ type = types.enum [ "default" "dnsmasq" "unbound" "systemd-resolved" "none" ];
+ default = "default";
description = ''
+ Set the DNS (resolv.conf) processing mode.
+
+
Options:
- - auto: Check for systemd-resolved, unbound, or use default.
- - dnsmasq:
- Enable NetworkManager's dnsmasq integration. NetworkManager will run
- dnsmasq as a local caching nameserver, using a "split DNS"
- configuration if you are connected to a VPN, and then update
- resolv.conf to point to the local nameserver.
- - none:
- Disable NetworkManager's DNS integration completely.
- It will not touch your /etc/resolv.conf.
+
+
+ "default"
+
+ NetworkManager will update /etc/resolv.conf to
+ reflect the nameservers provided by currently active connections.
+
+
+
+ "dnsmasq"
+
+
+ Enable NetworkManager's dnsmasq integration. NetworkManager will
+ run dnsmasq as a local caching nameserver, using a "split DNS"
+ configuration if you are connected to a VPN, and then update
+ resolv.conf to point to the local nameserver.
+
+
+ It is possible to pass custom options to the dnsmasq instance by
+ adding them to files in the
+ /etc/NetworkManager/dnsmasq.d/ directory.
+
+
+ When multiple upstream servers are available, dnsmasq will
+ initially contact them in parallel and then use the fastest to
+ respond, probing again other servers after some time. This
+ behavior can be modified passing the
+ all-servers or strict-order
+ options to dnsmasq (see the manual page for more details).
+
+
+ Note that this option causes NetworkManager to launch and manage
+ its own instance of the dnsmasq daemon, which is
+ not the same as setting
+ services.dnsmasq.enable = true;.
+
+
+
+
+ "unbound"
+
+ NetworkManager will talk to unbound and dnssec-triggerd,
+ providing a "split DNS" configuration with DNSSEC support.
+ /etc/resolv.conf will be managed by
+ dnssec-trigger daemon.
+
+
+
+ "systemd-resolved"
+
+ NetworkManager will push the DNS configuration to systemd-resolved.
+
+
+
+ "none"
+
+ NetworkManager will not modify resolv.conf.
+
+
+
'';
};
diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix
index 07936faaa133..1a35979ad44c 100644
--- a/nixos/modules/services/networking/unbound.nix
+++ b/nixos/modules/services/networking/unbound.nix
@@ -131,6 +131,9 @@ in
};
};
+ # If networkmanager is enabled, ask it to interface with unbound.
+ networking.networkmanager.dns = "unbound";
+
};
}
diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix
index 4d9de020c84e..e1095fb988eb 100644
--- a/nixos/modules/system/boot/resolved.nix
+++ b/nixos/modules/system/boot/resolved.nix
@@ -147,6 +147,8 @@ in
${config.services.resolved.extraConfig}
'';
+ # If networkmanager is enabled, ask it to interface with resolved.
+ networking.networkmanager.dns = "systemd-resolved";
};
}