From 8e945401d59dd4a47f7851ab660321da6ad1518d Mon Sep 17 00:00:00 2001
From: Luflosi <luflosi@luflosi.de>
Date: Fri, 31 May 2024 13:13:41 +0200
Subject: [PATCH] bind: make systemd service wait for BIND to be ready

Without this change, the systemd unit will be marked as ready even though BIND has not finished starting yet.
This causes other units that depend on BIND to start even though BIND is not ready yet.
From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900788: "Bind9 will daemonize itself _when it is ready_."

Also modify the NixOS test. With this change, waiting for the unit alone will ensure that BIND is ready to accept queries. I would have expected to see the test failing without this commit but with the `machine.wait_for_open_port(53)` line removed but I found this to not be the case most of the time. This is probably the case because the situation is inherently racy and on my machine BIND happens to start in time most of the time.
---
 nixos/modules/services/networking/bind.nix | 3 ++-
 nixos/tests/bind.nix                       | 1 -
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix
index 03c20f3fe3d3..6c5c59a88dec 100644
--- a/nixos/modules/services/networking/bind.nix
+++ b/nixos/modules/services/networking/bind.nix
@@ -271,7 +271,8 @@ in
       '';
 
       serviceConfig = {
-        ExecStart = "${bindPkg.out}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f";
+        Type = "forking"; # Set type to forking, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900788
+        ExecStart = "${bindPkg.out}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile}";
         ExecReload = "${bindPkg.out}/sbin/rndc -k '/etc/bind/rndc.key' reload";
         ExecStop = "${bindPkg.out}/sbin/rndc -k '/etc/bind/rndc.key' stop";
       };
diff --git a/nixos/tests/bind.nix b/nixos/tests/bind.nix
index 15accbd49db4..95a9fc4e58bb 100644
--- a/nixos/tests/bind.nix
+++ b/nixos/tests/bind.nix
@@ -22,7 +22,6 @@ import ./make-test-python.nix {
 
   testScript = ''
     machine.wait_for_unit("bind.service")
-    machine.wait_for_open_port(53)
     machine.succeed("host 192.168.0.1 127.0.0.1 | grep -qF ns.example.org")
   '';
 }