Merge recent 'staging' into closure-size

Let's get rid of those merge conflicts.

1 files changed, 15 insertions, 1 deletions

diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix
index cbda34348930..0c4f4cbfa5c6 100644
--- a/nixos/modules/config/networking.nix
+++ b/nixos/modules/config/networking.nix
@@ -39,6 +39,17 @@ in
       '';
     };
 
+    networking.dnsExtensionMechanism = lib.mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Enable the <code>edns0</code> option in <filename>resolv.conf</filename>. With
+        that option set, <code>glibc</code> supports use of the extension mechanisms for
+        DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC,
+        which does not work without it.
+      '';
+    };
+
     networking.extraResolvconfConf = lib.mkOption {
       type = types.lines;
       default = "";
@@ -162,7 +173,10 @@ in
               libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service 2> /dev/null'
             '' + optionalString cfg.dnsSingleRequest ''
               # only send one DNS request at a time
-              resolv_conf_options='single-request'
+              resolv_conf_options+=' single-request'
+            '' + optionalString cfg.dnsExtensionMechanism ''
+              # enable extension mechanisms for DNS
+              resolv_conf_options+=' edns0'
             '' + optionalString hasLocalResolver ''
               # This hosts runs a full-blown DNS resolver.
               name_servers='127.0.0.1'