From 6402627789617f8fa452e75e0dd6cbdd5ccf2c21 Mon Sep 17 00:00:00 2001
From: Tim Keller <tjk@tjkeller.xyz>
Date: Mon, 8 Jun 2026 15:45:08 -0500
Subject: add dns host override optionqgs

---
 nixos/services/router/dns-dhcp.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/nixos/services/router/dns-dhcp.nix b/nixos/services/router/dns-dhcp.nix
index 4c041c2..b1bf421 100644
--- a/nixos/services/router/dns-dhcp.nix
+++ b/nixos/services/router/dns-dhcp.nix
@@ -27,6 +27,18 @@ in {
 	options.services._router.dnsDhcpConfig = {
 		enable = lib.mkEnableOption "enable pre-configured unbound(outbound) + dnsmasq(local) dns(+dhcp) server";
 		#enableUnbound = lib.mkEnableOption "enable unbound as outbound dns server";
+		dns = {
+			hostOverrides = lib.mkOption {
+				type = lib.types.attrsOf lib.types.str;
+				default = {};
+				example = {
+					"poweredge.home.lan" = "192.168.1.1";
+					"router.home.lan" = "192.168.1.1";
+					"example.com" = "192.168.1.100";
+				};
+				description = "dns overrides for specific hosts";
+			};
+		};
 		dhcp = {
 			defaultGateway = lib.mkOption {
 				type = lib.types.str;
@@ -162,6 +174,8 @@ in {
 		services.dnsmasq = {
 			enable = true;
 			settings = let
+				mkDNSHostOverride = host: ip: "${host},${ip}";
+				dnsHostOverrides = lib.mapAttrsToList (host: ip: mkDNSHostOverride host ip) cfg.dns.hostOverrides;
 				mkDHCPRange = ipRangeStart: ipRangeEnd: subnetMask: leaseTime: "${ipRangeStart},${ipRangeEnd},${subnetMask},${leaseTime}";
 				mkDHCPOption = option: value: "option:${option},${value}";
 				mkDHCPStaticLease = macAddress: hostname: staticIp: "${macAddress},${hostname},${staticIp},infinite";
@@ -178,6 +192,8 @@ in {
 				# DNS Server
 				port = 5353;  # Use port 5353 for DNS server since unbound is the main DNS resolver
 
+				host-record = dnsHostOverrides;  # Setup host overrides for dns
+
 				# DHCP Server
 				# TODO config
 				#dhcp-range = mkDHCPRange "192.168.1.50" "192.168.1.150" "255.255.255.0" "12h";  # Enable DHCP on the LAN interface
@@ -192,6 +208,8 @@ in {
 					(mkDHCPOption "domain-search" cfg.localDomain)  # Add search rule to clients so they can resolve hostnames w/o the local domain suffix
 				];
 
+				dhcp-no-override = true;     # don't use kernel DHCP helpers that bypass macvlan
+
 				# Logging
 				#log-dhcp = true;  # Log DHCP events
 				#log-queries = true;  # Log DNS queries
-- 
cgit v1.2.3