| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Closes #35307.
|
| |
|
|
|
|
| |
In the troff output, this doesn't seem to make any difference. But in the
html output, the whitespace is sometimes preserved, creating an additional
gap before the following content. Drop it everywhere to avoid this.
|
| |
|
|
|
|
|
|
|
|
| |
Let's systematically make sure that we link up the D-Bus interfaces from
the daemon man pages once in prose and once in short form at the bottom
("See Also"), for all daemons.
Also, add reverse links at the bottom of the D-Bus API docs.
Fixes: #34996
|
| |
|
|
|
| |
Follow-up for 4adf2653e2a68d4d593b46734fd9e24721a8d449.
Addresses https://github.com/systemd/systemd/issues/34739#issuecomment-2412904739.
|
| |
|
|
|
|
|
| |
DefaultRoute is a D-Bus property, not a valid setting name in .network
files nor resolved.conf.
Whether a link is the default route or not is configured with
DNSDefaultRoute= setting in .network files.
|
| |
|
|
|
|
|
|
|
|
|
| |
This softens the behavior originally introduced in eded61e410df to apply
only to the fallback dns servers.
The intent is that the global FallbackDNS (instead of DNS) can now be
used in conjunction with the per-link dns, providing a fallback behavior
without introducing a scope overlap.
References: eded61e410df (resolved: demote the global unicast scope, 2024-08-19)
|
| |
|
|
|
|
|
|
| |
This commit may have been a breaking change for sd-resolved foreign
resolv.conf mode, where a legacy network management daemon directly
modifies resolv.conf and sd-resolved consumes that.
This reverts commit eded61e410dfa6c16ae68cb624c58122fb18fd0e.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This will greatly reduce the number of cases where the global unicast
scope overlaps with link scopes configured as default-route, making it
feasible to use the global DNS setting in conjunction with per-link dns
servers configured by the network.
This change is preferred over demoting links to default-route=no where
the user prefers to use the network provided DNS servers, and I expect
it is non-disruptive in that it should not degrade the efficacy of any
existing configuration.
|
| |
|
|
|
|
|
|
|
|
|
| |
Drop connections and caches and reload config from files, to allow
for low-interruptions updates, and hook up to the usual SIGHUP and
ExecReload=. Mark servers and services configured directly via D-Bus
so that they can be kept around, and only the configuration file
settings are dropped and reloaded.
Fixes https://github.com/systemd/systemd/issues/17503
Fixes https://github.com/systemd/systemd/issues/20604
|
| |
|
|
| |
This is ready from prime-time, hence mention it.
|
| |
|
|
|
|
| |
For some reason the section for the systemd.exec man page was added
incorrectly and then copypasted everywhere else incorrectly too. Let's
fix that.
|
| | |
|
| |
|
|
|
| |
This is just a slight markup improvement; there should be no difference
in rendering.
|
| | |
|
| |
|
|
|
|
|
|
| |
This tries to add information about when each option was added. It goes
back to version 183.
The version info is included from a separate file to allow generating it,
which would allow more control on the formatting of the final output.
|
| |
|
|
|
| |
This will be used by the next commit to add version information to the
nodes.
|
| | |
|
| |
|
|
|
|
| |
ImportCredential= takes a credential name and searches for a matching
credential in all the credential stores we know about it. It supports
globs which are expanded so that all matching credentials are loaded.
|
| |
|
|
| |
Fixes: #23045
|
| |
|
|
|
|
|
|
|
|
|
| |
Note that this drops ProtectProc=invisible from
systemd-resolved.service.
This is done because othewise access to the booted "kernel" command line is not
necessarily available. That's because in containers we want to read
/proc/1/cmdline for that.
Fixes: #24103
|
| |
|
|
|
|
|
|
|
| |
for 127.0.0.54 + 127.0.0.53
Let's give these special IP addresses names. After all name resolution
is our job here.
Fixes: #23623
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This beefs up the DNS stub logic to listen on two IP addresses:
127.0.0.53 (as before) + 127.0.0.54 (new). When the latter is contact
our stub will operate in "bypass" mode only, i.e we'll try to pass DNS
requests as unmodified upstream as we can (and not do mDNS/LLMNR and
such, also no DNSSEC validation – but we'll still do DNS-over-TLS
wrapping).
This is supposed to be useful for container environments or tethering:
this stub could be exposed (via NAT redirect) to clients of this system
and we'll try to stay out of the way with doing too much DNS magic
ourselves, but still expose whatever the current DNS server is from
upstream under a stable address/port.
How to use this:
# iptables -t nat -I PREROUTING -p udp -i <interface> --dport 53 -j DNAT --to 127.0.0.54:53
# echo 1 > /proc/sys/net/ipv4/conf/<interface>/route_localnet
|
| |
|
|
| |
Fixes #20297.
|
| |
|
| |
Correct resoulution with resolution.
|
| |
|
|
| |
Text currently refers to `/etc/nsswitch.conf` where it should refer to `/etc/resolv.conf`.
This is in the context of defining a nameserver IP and search domains.
|
| |
|
|
|
|
| |
interfaces
Fixes #19257.
|
| | |
|
| |
|
|
|
|
|
| |
I tried to make the explanation brief, but this isn't so easy. It seems better
to push this out to a footnote instead of the main text.
Fixes #16584.
|
| | |
|
| |
|
|
| |
nss-dns doesn't have any man page that I could find.
|
| |
|
|
| |
Fixes #18397.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1889012
https://serverfault.com/questions/626612/dns-just-started-resolving-my-server-prod-addresses-to-127-0-53-53
https://serverfault.com/questions/649352/what-are-the-security-implications-of-the-allow-dns-suffix-appending-to-unquali
|
| |
|
|
|
|
|
|
|
|
| |
The phrase "routing domains" is used to mean both route-only domains and search
domains. Route-only domains are always called like that, and not just "route domains".
Some paragraphs are reordered to describe synthetisized records first, then
LLMNR, then various ways quries are routed.
Fixes #8928, hopefully.
|
| | |
|
| |
|
|
| |
Also correct "stub resolver" → "systemd-resolved" in one other option.
|
| |
|
|
|
|
| |
I'm not sure if the LogTarget property is sufficiently general to be made into
a property that can be generally implemented. It is very closely tied to the internal
systemd logic. The other two seem fine thoough.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that our man page didn't describe the handling of single-label
names almost at all. This probably adds to the confusion regarding the subject.
So let's first describe what our current implementation is doing.
Quoting https://www.iab.org/documents/correspondence-reports-documents/2013-2/iab-statement-dotless-domains-considered-harmful/:
> Applications and platforms that apply a suffix search list to a single-label
> name are in conformance with IETF standards track RFCs. Furthermore,
> applications and platforms that do not query DNS for a TLD are in conformance
> with IETF standards track recommendations
Current behaviour is in line with that recommendation.
For #13763.
|
| |
|
|
|
|
|
|
| |
It's not that I think that "hostname" is vastly superior to "host name". Quite
the opposite — the difference is small, and in some context the two-word version
does fit better. But in the tree, there are ~200 occurrences of the first, and
>1600 of the other, and consistent spelling is more important than any particular
spelling choice.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The "include" files had type "book" for some raeason. I don't think this
is meaningful. Let's just use the same everywhere.
$ perl -i -0pe 's^..DOCTYPE (book|refentry) PUBLIC "-//OASIS//DTD DocBook XML V4.[25]//EN"\s+"http^<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"\n "http^gms' man/*.xml
|
| |
|
|
|
|
| |
No need to waste space, and uniformity is good.
$ perl -i -0pe 's|\n+<!--\s*SPDX-License-Identifier: LGPL-2.1..\s*-->|\n<!-- SPDX-License-Identifier: LGPL-2.1+ -->|gms' man/*.xml
|
| | |
|
| | |
|
| |
|
|
| |
Also, do some minor updating.
|
