summaryrefslogtreecommitdiffstats
path: root/man/systemd-resolved.service.xml (follow)
Commit message (Collapse)AuthorAgeFilesLines
* resolved: read DNS conf also from creds and kernel cmdlineLennart Poettering2023-01-051-0/+43
| | | | | | | | | | | Note that this drops ProtectProc=invisible from systemd-resolved.service. This is done because othewise access to the booted "kernel" command line is not necessarily available. That's because in containers we want to read /proc/1/cmdline for that. Fixes: #24103
* resolved: introduce the _localdnsstub and _localdnsproxy special hostnames ↵Lennart Poettering2022-11-251-0/+6
| | | | | | | | | for 127.0.0.54 + 127.0.0.53 Let's give these special IP addresses names. After all name resolution is our job here. Fixes: #23623
* man: Fix typocodefiles2022-07-231-5/+5
|
* resolved: add "proxy-only" stub on 127.0.0.54Lennart Poettering2021-11-221-3/+10
| | | | | | | | | | | | | | | | | | | | This beefs up the DNS stub logic to listen on two IP addresses: 127.0.0.53 (as before) + 127.0.0.54 (new). When the latter is contact our stub will operate in "bypass" mode only, i.e we'll try to pass DNS requests as unmodified upstream as we can (and not do mDNS/LLMNR and such, also no DNSSEC validation – but we'll still do DNS-over-TLS wrapping). This is supposed to be useful for container environments or tethering: this stub could be exposed (via NAT redirect) to clients of this system and we'll try to stay out of the way with doing too much DNS magic ourselves, but still expose whatever the current DNS server is from upstream under a stable address/port. How to use this: # iptables -t nat -I PREROUTING -p udp -i <interface> --dport 53 -j DNAT --to 127.0.0.54:53 # echo 1 > /proc/sys/net/ipv4/conf/<interface>/route_localnet
* man: fix assorted issues reported by the manpage-l10n projectZbigniew Jędrzejewski-Szmek2021-07-271-1/+1
| | | | Fixes #20297.
* Minor typo (#20254)rene2021-07-201-1/+1
| | | Correct resoulution with resolution.
* Update systemd-resolved.service.8 helpplattrap2021-06-181-1/+1
| | | | Text currently refers to `/etc/nsswitch.conf` where it should refer to `/etc/resolv.conf`. This is in the context of defining a nameserver IP and search domains.
* man: clarify that global search domains apply to global servers, not all ↵Zbigniew Jędrzejewski-Szmek2021-06-111-7/+8
| | | | | | interfaces Fixes #19257.
* man: document _outboundLennart Poettering2021-04-231-0/+7
|
* man: add footnote explaining why "localhost" query is sent out to the networkZbigniew Jędrzejewski-Szmek2021-03-011-5/+20
| | | | | | | I tried to make the explanation brief, but this isn't so easy. It seems better to push this out to a footnote instead of the main text. Fixes #16584.
* man: move motivational explanation to footnoteZbigniew Jędrzejewski-Szmek2021-03-011-7/+7
|
* man: fix links to various pagesZbigniew Jędrzejewski-Szmek2021-02-191-4/+4
| | | | nss-dns doesn't have any man page that I could find.
* man: various typos and other small issuesZbigniew Jędrzejewski-Szmek2021-01-291-1/+1
| | | | Fixes #18397.
* man: synthetize(d) -> synthesize(d)Yu Watanabe2020-12-081-4/+4
|
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* tree-wide: fix typos found by Fossies codespell reportYu Watanabe2020-10-241-2/+2
|
* man: document differences between nss-resolve and nss-dnsZbigniew Jędrzejewski-Szmek2020-10-221-2/+60
| | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=1889012 https://serverfault.com/questions/626612/dns-just-started-resolving-my-server-prod-addresses-to-127-0-53-53 https://serverfault.com/questions/649352/what-are-the-security-implications-of-the-allow-dns-suffix-appending-to-unquali
* man/systemd-resolved: reword the description of query a bitZbigniew Jędrzejewski-Szmek2020-10-221-73/+72
| | | | | | | | | | The phrase "routing domains" is used to mean both route-only domains and search domains. Route-only domains are always called like that, and not just "route domains". Some paragraphs are reordered to describe synthetisized records first, then LLMNR, then various ways quries are routed. Fixes #8928, hopefully.
* man,units: link to the new dbus-api man pagesZbigniew Jędrzejewski-Szmek2020-09-301-3/+3
|
* man: document the new optionZbigniew Jędrzejewski-Szmek2020-06-181-8/+10
| | | | Also correct "stub resolver" → "systemd-resolved" in one other option.
* man: add description of org.freedesktop.LogControl1Zbigniew Jędrzejewski-Szmek2020-05-051-0/+2
| | | | | | I'm not sure if the LogTarget property is sufficiently general to be made into a property that can be generally implemented. It is very closely tied to the internal systemd logic. The other two seem fine thoough.
* man: add a description of handling of single-label namesZbigniew Jędrzejewski-Szmek2020-04-231-29/+54
| | | | | | | | | | | | | | | | It turns out that our man page didn't describe the handling of single-label names almost at all. This probably adds to the confusion regarding the subject. So let's first describe what our current implementation is doing. Quoting https://www.iab.org/documents/correspondence-reports-documents/2013-2/iab-statement-dotless-domains-considered-harmful/: > Applications and platforms that apply a suffix search list to a single-label > name are in conformance with IETF standards track RFCs. Furthermore, > applications and platforms that do not query DNS for a TLD are in conformance > with IETF standards track recommendations Current behaviour is in line with that recommendation. For #13763.
* tree-wide: use "hostname" spelling everywhereZbigniew Jędrzejewski-Szmek2020-04-211-3/+3
| | | | | | | | It's not that I think that "hostname" is vastly superior to "host name". Quite the opposite — the difference is small, and in some context the two-word version does fit better. But in the tree, there are ~200 occurrences of the first, and >1600 of the other, and consistent spelling is more important than any particular spelling choice.
* man: reindent nss-resolve(8)Zbigniew Jędrzejewski-Szmek2020-04-201-145/+154
|
* man: import org.freedesktop.resolve1(3) from the wikiZbigniew Jędrzejewski-Szmek2020-04-161-5/+6
|
* codespell: fix spelling errorsBen Boeckel2019-04-291-1/+1
|
* man: use same header for all filesZbigniew Jędrzejewski-Szmek2019-03-141-1/+1
| | | | | | | The "include" files had type "book" for some raeason. I don't think this is meaningful. Let's just use the same everywhere. $ perl -i -0pe 's^..DOCTYPE (book|refentry) PUBLIC "-//OASIS//DTD DocBook XML V4.[25]//EN"\s+"http^<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"\n "http^gms' man/*.xml
* man: standarize on one-line license headerZbigniew Jędrzejewski-Szmek2019-03-141-4/+1
| | | | | | No need to waste space, and uniformity is good. $ perl -i -0pe 's|\n+<!--\s*SPDX-License-Identifier: LGPL-2.1..\s*-->|\n<!-- SPDX-License-Identifier: LGPL-2.1+ -->|gms' man/*.xml
* man: flush-caches and reset-server-features are commands for resolvectl (#11877)Yu, Li-Yu2019-03-031-2/+2
|
* man: document new systemd-resolved.service(8) routing features in more detailLennart Poettering2018-12-211-7/+36
|
* man: split long section in systemd-resolved.service man page into threeLennart Poettering2018-12-211-4/+15
| | | | Also, do some minor updating.
* man: drop mode line in file headersZbigniew Jędrzejewski-Szmek2018-07-031-1/+1
| | | | | This is already included in .dir-locals, so we don't need it in the files themselves.
* tree-wide: drop copyright headers from frequent contributorsZbigniew Jędrzejewski-Szmek2018-06-201-2/+0
| | | | | | | | Fixes #9320. for p in Shapovalov Chevalier Rozhkov Sievers Mack Herrmann Schmidt Rudenberg Sahani Landden Andersen Watanabe; do git grep -e 'Copyright.*'$p -l|xargs perl -i -0pe 's|/([*][*])?[*]\s+([*#]\s+)?Copyright[^\n]*'$p'[^\n]*\s*[*]([*][*])?/\n*|\n|gms; s|\s+([*#]\s+)?Copyright[^\n]*'$p'[^\n]*\n*|\n|gms' done
* man: drop unused <authorgroup> tags from man sourcesZbigniew Jędrzejewski-Szmek2018-06-141-9/+0
| | | | | | | | | | | | Docbook styles required those to be present, even though the templates that we use did not show those names anywhere. But something changed semi-recently (I would suspect docbook templates, but there was only a minor version bump in recent years, and the changelog does not suggest anything related), and builds now work without those entries. Let's drop this dead weight. Tested with F26-F29, debian unstable. $ perl -i -0pe 's/\s*<authorgroup>.*<.authorgroup>//gms' man/*xml
* tree-wide: beautify remaining copyright statementsLennart Poettering2018-06-141-1/+1
| | | | | | Let's unify an beautify our remaining copyright statements, with a unicode ©. This means our copyright statements are now always formatted the same way. Yay.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* resolved: use Oxford comma at once placeLennart Poettering2018-06-081-1/+1
| | | | As suggested by @keszybz in https://github.com/systemd/systemd/pull/9235#pullrequestreview-127150950
* resolved: document .local domain routing a bit more in detailLennart Poettering2018-06-081-23/+29
| | | | | Inspired by the discussions in #8851, even though the issue appears to be entirely unrelated to the .local domain in the end.
* man: create man page for resolvectlYu Watanabe2018-04-181-3/+3
|
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* Add SPDX license identifiers to man pagesZbigniew Jędrzejewski-Szmek2017-11-191-0/+2
|
* man: fix reference to gateway hostname (#7258)Alessandro Ghedini2017-11-071-2/+2
| | | | Follow-up to commit 1dc92a06e210a978e54c72168aaaa7487bf2fd2a which didn't catch all cases.
* resolved: create private stub resolve file for /etc/resolv.conf integration ↵Dimitri John Ledkov2017-10-241-3/+15
| | | | | | | | | | | (#7014) This creates a second private resolve.conf file which lists the stub resolver and the resolved acquired search domains. This runtime file should be used as a symlink target for /etc/resolv.conf such that non-nss based applications can resolve search domains. Fixes: #7009
* resolved: include DNS server feature level info in SIGUSR1 status dumpLennart Poettering2017-10-051-2/+3
| | | | let's make the status dump more useful for tracking down server issues.
* resolved: add support for explicitly forgetting everything we learnt about ↵Lennart Poettering2017-10-051-6/+24
| | | | | | | | | DNS server feature levels This adds "systemd-resolve --reset-server-features" for explicitly forgetting what we learnt. This might be useful for debugging purposes, and to force systemd-resolved to restart its learning logic for all DNS servers.
* build-sys: s/ENABLE_RESOLVED/ENABLE_RESOLVE/Zbigniew Jędrzejewski-Szmek2017-10-041-1/+1
| | | | | | The configuration option was called -Dresolve, but the internal define was …RESOLVED. This options governs more than just resolved itself, so let's settle on the version without "d".
* doc/systemd-resolved.service: fix typo (#6422)Lion Yang2017-07-211-1/+1
| | | DNS sever => DNS server
* man: use https:// in URLsAsciiWolf2017-02-211-2/+2
|
* resolved: correctly handle non-address RR types with /etc/hosts lookups (#4808)Martin Pitt2016-12-221-2/+3
| | | | | | | | | | | | | | | Fix wrong condition test in manager_etc_hosts_lookup(), which caused it to return an IPv4 answer when an IPv6 question was asked, and vice versa. Also only return success if we actually found any A or AAAA record. In systemd-resolved.service(8), point out that /etc/hosts mappings only affect address-type lookups, not other types. The test case currently disables DNSSEC in resolved, as there is a bug where "-t MX" fails due to "DNSSEC validation failed" even after "downgrading to non-DNSSEC mode". This should be dropped once that bug gets fixed. Fixes #4801
* man: provide html links to a bunch of external man pagesZbigniew Jędrzejewski-Szmek2016-08-061-4/+4
|