Without this change, the systemd unit will be marked as ready even though BIND has not finished starting yet.
This causes other units that depend on BIND to start even though BIND is not ready yet.
From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900788: "Bind9 will daemonize itself _when it is ready_."
Also modify the NixOS test. With this change, waiting for the unit alone will ensure that BIND is ready to accept queries. I would have expected to see the test failing without this commit but with the `machine.wait_for_open_port(53)` line removed but I found this to not be the case most of the time. This is probably the case because the situation is inherently racy and on my machine BIND happens to start in time most of the time.
BIND doesn't allow the options section (or any section I'd guess) to be
defined more than once, so whenever you want to set an additional option
you're stuck using weird hacks like this:
services.bind.forwarders = lib.mkForce [ "}; empty-zones-enable no; #" ];
This basically exploits the fact that values coming from the module
options aren't escaped and thus works in a similar vain to how SQL
injection works.
Another option would be to just set configFile to a file that includes
all the options, including zones. That obviously makes the configuration
way less extensible and more awkward to use with the module system.
To make sure this change does work correctly I added a small test just
for that. The test could use some improvements, but better to have a
test rather than none at all. For a future improvement the test could be
merged with the NSD test, because both use the same zone file format.
This change has been reviewed in #40053 and after not getting any
opposition, I'm hereby adding this to master.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @peti, @edolstra
Closes: #40053
