edgeguard-native/internal/database/migrations/0014_dns_forward_targets.sql

-- +goose Up
-- +goose StatementBegin

-- Forward-zone-Targets: pro dns_zones-Row vom type='forward' steht
-- hier die Komma-separierte Upstream-Liste (z.B. "10.0.0.53, 8.8.8.8").
-- Für type='local' bleibt das Feld NULL — local-data kommt aus
-- dns_records.
ALTER TABLE dns_zones
    ADD COLUMN IF NOT EXISTS forward_to TEXT;

-- Plus: globale Settings-Tabelle (single-row) für die DNS-Resolver-
-- Konfiguration. listen_addresses ist Komma-separiert; access_acl
-- gibt die CIDR-Liste die den Resolver benutzen darf.
CREATE TABLE IF NOT EXISTS dns_settings (
    id                BIGINT PRIMARY KEY DEFAULT 1,
    listen_addresses  TEXT NOT NULL DEFAULT '127.0.0.1, ::1',
    listen_port       INTEGER NOT NULL DEFAULT 53,
    upstream_forwards TEXT NOT NULL DEFAULT '1.1.1.1, 9.9.9.9, 1.0.0.1',
    access_acl        TEXT NOT NULL DEFAULT '127.0.0.0/8, ::1/128, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16',
    dnssec            BOOLEAN NOT NULL DEFAULT TRUE,
    qname_minimisation BOOLEAN NOT NULL DEFAULT TRUE,
    cache_min_ttl     INTEGER NOT NULL DEFAULT 60,
    cache_max_ttl     INTEGER NOT NULL DEFAULT 86400,
    updated_at        TIMESTAMPTZ NOT NULL DEFAULT NOW(),
    CONSTRAINT dns_settings_singleton CHECK (id = 1)
);
INSERT INTO dns_settings (id) VALUES (1) ON CONFLICT DO NOTHING;

-- +goose StatementEnd

-- +goose Down
-- +goose StatementBegin
DROP TABLE IF EXISTS dns_settings;
ALTER TABLE dns_zones DROP COLUMN IF EXISTS forward_to;
-- +goose StatementEnd