diff options
| author | Suraj Krishnan <72937403+surajkrishnan14@users.noreply.github.com> | 2022-04-27 00:09:02 +0200 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-09-09 10:22:57 +0200 |
| commit | cb456374e096f0ebe9b70d7ddd98e16a4be24ee6 (patch) | |
| tree | 514bb0753834490ab81e8a21669abe28ba66205a /man/org.freedesktop.resolve1.xml | |
| parent | Merge pull request #24557 from yuwata/repart (diff) | |
| download | systemd-cb456374e096f0ebe9b70d7ddd98e16a4be24ee6.tar.xz systemd-cb456374e096f0ebe9b70d7ddd98e16a4be24ee6.zip | |
Implement DNS notifications from resolved via varlink
* The new varlink interface exposes a method to subscribe to DNS
resolutions on the system. The socket permissions are open for owner and
group only.
* Notifications are sent to subscriber(s), if any, after successful
resolution of A and AAAA records.
This feature could be used by applications for auditing/logging services
downstream of the resolver. It could also be used to asynchronously
update the firewall. For example, a system that has a tightly configured
firewall could open up connections selectively to known good hosts based
on a known allow-list of hostnames. Of course, updating the firewall
asynchronously will require other design considerations (such as
queueing packets in the user space while a verdict is made).
See also:
https://lists.freedesktop.org/archives/systemd-devel/2022-August/048202.html
https://lists.freedesktop.org/archives/systemd-devel/2022-February/047441.html
Diffstat (limited to 'man/org.freedesktop.resolve1.xml')
| -rw-r--r-- | man/org.freedesktop.resolve1.xml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/man/org.freedesktop.resolve1.xml b/man/org.freedesktop.resolve1.xml index 54f0a18418..d3aedbc13e 100644 --- a/man/org.freedesktop.resolve1.xml +++ b/man/org.freedesktop.resolve1.xml @@ -149,6 +149,7 @@ node /org/freedesktop/resolve1 { readonly s DNSStubListener = '...'; @org.freedesktop.DBus.Property.EmitsChangedSignal("false") readonly s ResolvConfMode = '...'; + readonly b Monitor = ...; }; interface org.freedesktop.DBus.Peer { ... }; interface org.freedesktop.DBus.Introspectable { ... }; @@ -250,6 +251,8 @@ node /org/freedesktop/resolve1 { <variablelist class="dbus-property" generated="True" extra-ref="ResolvConfMode"/> + <variablelist class="dbus-property" generated="True" extra-ref="Monitor"/> + <!--End of Autogenerated section--> <refsect2> @@ -634,6 +637,8 @@ node /org/freedesktop/resolve1 { enabled. Possible values are <literal>yes</literal> (enabled), <literal>no</literal> (disabled), <literal>udp</literal> (only the UDP listener is enabled), and <literal>tcp</literal> (only the TCP listener is enabled).</para> + + <para>The <varname>Monitor</varname> boolean property reports whether DNS monitoring is enabled.</para> </refsect2> </refsect1> |