Oh, actually I just noticed this was a duplicate of T562, I should have posted there. Sorry about that :-(

Hi @wsapplegate,

at first glance this looks very interesting. Befor this can be added I would like to give the following comments:

• adding a cli node that passes raw config values from cli to the daemon is bad (we inherited this for dhcp and openvpn and it caused more harm then good in the last 2 years) - is this mandatory?
• even dns using A, AAAA, PTR upper case types we should keep the CLI lowercase - this can be easily handled within the Jinja2 template.
• having > 20 dns records here could really bleow up the CLI, maybe we should thing about loading the zone from a file @zdc @dmbaturin @jestabro?

I saw multiple times configs with a firewall section that contains about a thousand lines, so I do not think that DNS records are something size-critical that deserves additional config files.
I believe that keeping config parts outside the config.boot is a bad idea in general that against our main benefit - single config for everything.

In T3337#87766, @c-po wrote:

• adding a cli node that passes raw config values from cli to the daemon is bad (we inherited this for dhcp and openvpn and it caused more harm then good in the last 2 years) - is this mandatory?

You mean the pdns-option thing? Actually, this is a legacy thing I very rarely used. It's not even related to the zone setup, I just happen to have every PowerDNS enhancement in the same patch.

• even dns using A, AAAA, PTR upper case types we should keep the CLI lowercase - this can be easily handled within the Jinja2 template.

OK, here's a version of the patch without the pdns-option thing and with lowercase CLI nodes:

Any chance you can send this as GitHub PR?

Sorry, I don't have a GitHub account (I try hard to avoid centralized systems). If what you want is a git repo/branch to pull from, I can setup one somewhere and commit the patch there, though.

@wsapplegate I create a PR for it https://github.com/vyos/vyos-1x/pull/847
Can you describe how to test/check it? I'm not familiar with that dns format. I tried zone with dot and without. Not sure how to check/test it.

For example

set service dns forwarding advanced zone localhost.local a local.loc address '192.0.2.1'
set service dns forwarding advanced zone localhost.local mx mx5.local.loc hostname 'mx10-foo.local.loc'
set service dns forwarding advanced zone localhost.local ptr 4.2.0.192.in-addr.arpa. hostname '192.0.2.4'
set service dns forwarding advanced zone localhost.local ptr 2.2.0.192.in-addr.arpa. hostname '192.0.2.2'
set service dns forwarding advanced zone localhost.local ptr 8.2.0.192.in-addr.arpa hostname '192.0.2.8'
set service dns forwarding allow-from '100.64.0.0/24'
set service dns forwarding allow-from '192.0.2.0/24'
set service dns forwarding allow-from '192.168.122.0/24'
set service dns forwarding allow-from '127.0.0.1/32'
set service dns forwarding listen-address '100.64.0.1'

Zone format

vyos@r6-roll# sudo cat /run/powerdns/zone.localhost.local.conf
;
; Autogenerated by dns_forwarding.py
;
                                                                                                                                                                                            ;
local.loc    A     192.0.2.1
mx5.local.loc    MX    10 mx10-foo.local.loc
2.2.0.192.in-addr.arpa.    PTR     192.0.2.2
4.2.0.192.in-addr.arpa.    PTR     192.0.2.4
8.2.0.192.in-addr.arpa    PTR     192.0.2.8

But it seems doesn't work

vyos@r6-roll# sudo host 192.0.2.2 100.64.0.1
Using domain server:
Name: 100.64.0.1
Address: 100.64.0.1#53
Aliases: 

Host 2.2.0.192.in-addr.arpa. not found: 3(NXDOMAIN)
[edit]