feat: add bind directive to CoreDNS configuration for explicit listen address control

Extract NEXAVPN_VPN_DNS_ADDR environment variable to listenAddr with empty string validation and :53 fallback. Add bind directive to Corefile template using listenAddr variable. Keep zone definition as .:53 for all-domain matching while controlling bind address separately.
2026-03-19 22:30:19 +01:00
parent 74587ec8e1
commit e412395ade
1 changed files with 7 additions and 2 deletions
--- a/deploy/vpn-dns/main.go
+++ b/deploy/vpn-dns/main.go
@@ -69,8 +69,13 @@ func writeCorefile() error {
 		return errors.New("no upstream dns servers configured")
 	}

-	corefile := fmt.Sprintf(`%s {
+	listenAddr := strings.TrimSpace(envOrDefault("NEXAVPN_VPN_DNS_ADDR", ":53"))
+	if listenAddr == "" {
+		listenAddr = ":53"
+	}
+	corefile := fmt.Sprintf(`.:53 {
    errors
+    bind %s
    hosts ` + overridesPath + ` {
        ttl 30
        reload 15s
@@ -79,7 +84,7 @@ func writeCorefile() error {
    forward . %s
    cache 30
 }
-`, envOrDefault("NEXAVPN_VPN_DNS_ADDR", ":53"), strings.Join(upstreams, " "))
+`, listenAddr, strings.Join(upstreams, " "))

 	return os.WriteFile(corefilePath, []byte(corefile), 0o644)
 }