mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-08 21:17:47 +03:00
resolve: rename PrivateDNS to DNSOverTLS
PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS
This commit is contained in:
parent
d122ed1ba8
commit
c9299be2f5
4
NEWS
4
NEWS
@ -52,8 +52,8 @@ CHANGES WITH 239 in spe:
|
|||||||
screen resolution for HiDPI systems, and now provides loader
|
screen resolution for HiDPI systems, and now provides loader
|
||||||
configuration settings to change the resolution explicitly.
|
configuration settings to change the resolution explicitly.
|
||||||
|
|
||||||
* systemd-resolved now supports DNS-over-TLS ("PrivateDNS"). It's still
|
* systemd-resolved now supports DNS-over-TLS. It's still
|
||||||
turned off by default, use PrivateDNS=opportunistic to turn it on in
|
turned off by default, use DNSOverTLS=opportunistic to turn it on in
|
||||||
resolved.conf. We intend to make this the default as soon as couple
|
resolved.conf. We intend to make this the default as soon as couple
|
||||||
of additional techniques for optimizing the initial latency caused by
|
of additional techniques for optimizing the initial latency caused by
|
||||||
establishing a TLS/TCP connection are implemented.
|
establishing a TLS/TCP connection are implemented.
|
||||||
|
@ -257,7 +257,7 @@
|
|||||||
<term><option>llmnr [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
|
<term><option>llmnr [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
|
||||||
<term><option>mdns [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
|
<term><option>mdns [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
|
||||||
<term><option>dnssec [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
|
<term><option>dnssec [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
|
||||||
<term><option>privatedns [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
|
<term><option>dnsovertls [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
|
||||||
<term><option>nta [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</option></term>
|
<term><option>nta [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</option></term>
|
||||||
|
|
||||||
<listitem><para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS
|
<listitem><para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS
|
||||||
@ -269,8 +269,8 @@
|
|||||||
through external means. The <option>dns</option> command expects IPv4 or IPv6 address specifications of DNS
|
through external means. The <option>dns</option> command expects IPv4 or IPv6 address specifications of DNS
|
||||||
servers to use. The <option>domain</option> command expects valid DNS domains, possibly prefixed with
|
servers to use. The <option>domain</option> command expects valid DNS domains, possibly prefixed with
|
||||||
<literal>~</literal>, and configures a per-interface search or route-only domain. The <option>llmnr</option>,
|
<literal>~</literal>, and configures a per-interface search or route-only domain. The <option>llmnr</option>,
|
||||||
<option>mdns</option>, <option>dnssec</option> and <option>privatedns</option> commands may be used to configure
|
<option>mdns</option>, <option>dnssec</option> and <option>dnsovertls</option> commands may be used to configure
|
||||||
the per-interface LLMNR, MulticastDNS, DNSSEC and PrivateDNS settings. Finally, <option>nta</option> command
|
the per-interface LLMNR, MulticastDNS, DNSSEC and DNSOverTLS settings. Finally, <option>nta</option> command
|
||||||
may be used to configure additional per-interface DNSSEC NTA domains. For details about these settings, their
|
may be used to configure additional per-interface DNSSEC NTA domains. For details about these settings, their
|
||||||
possible values and their effect, see the corresponding options in
|
possible values and their effect, see the corresponding options in
|
||||||
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||||
@ -283,7 +283,7 @@
|
|||||||
<listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all
|
<listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all
|
||||||
per-interface DNS setting are reset to their defaults, undoing all effects of <option>dns</option>,
|
per-interface DNS setting are reset to their defaults, undoing all effects of <option>dns</option>,
|
||||||
<option>domain</option>, <option>llmnr</option>, <option>mdns</option>, <option>dnssec</option>,
|
<option>domain</option>, <option>llmnr</option>, <option>mdns</option>, <option>dnssec</option>,
|
||||||
<option>privatedns</option>, <option>nta</option>. Note that when a network interface disappears all
|
<option>dnsovertls</option>, <option>nta</option>. Note that when a network interface disappears all
|
||||||
configuration is lost automatically, an explicit reverting is not necessary in that case.</para></listitem>
|
configuration is lost automatically, an explicit reverting is not necessary in that case.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
@ -207,7 +207,7 @@
|
|||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>PrivateDNS=</varname></term>
|
<term><varname>DNSOverTLS=</varname></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Takes false or
|
<para>Takes false or
|
||||||
<literal>opportunistic</literal>. When set to <literal>opportunistic</literal>
|
<literal>opportunistic</literal>. When set to <literal>opportunistic</literal>
|
||||||
@ -226,10 +226,10 @@
|
|||||||
<para>Note as the resolver is not capable of authenticating
|
<para>Note as the resolver is not capable of authenticating
|
||||||
the server, it is vulnerable for "man-in-the-middle" attacks.</para>
|
the server, it is vulnerable for "man-in-the-middle" attacks.</para>
|
||||||
|
|
||||||
<para>In addition to this global PrivateDNS setting
|
<para>In addition to this global DNSOverTLS setting
|
||||||
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||||
also maintains per-link PrivateDNS settings. For system DNS
|
also maintains per-link DNSOverTLS settings. For system DNS
|
||||||
servers (see above), only the global PrivateDNS setting is in
|
servers (see above), only the global DNSOverTLS setting is in
|
||||||
effect. For per-link DNS servers the per-link
|
effect. For per-link DNS servers the per-link
|
||||||
setting is in effect, unless it is unset in which case the
|
setting is in effect, unless it is unset in which case the
|
||||||
global setting is used instead.</para>
|
global setting is used instead.</para>
|
||||||
|
@ -385,7 +385,7 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>PrivateDNS=</varname></term>
|
<term><varname>DNSOverTLS=</varname></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Takes false or
|
<para>Takes false or
|
||||||
<literal>opportunistic</literal>. When set to <literal>opportunistic</literal>, enables
|
<literal>opportunistic</literal>. When set to <literal>opportunistic</literal>, enables
|
||||||
@ -394,7 +394,7 @@
|
|||||||
support on the link. This option defines a
|
support on the link. This option defines a
|
||||||
per-interface setting for
|
per-interface setting for
|
||||||
<citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>'s
|
<citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>'s
|
||||||
global <varname>PrivateDNS=</varname> option. Defaults to
|
global <varname>DNSOverTLS=</varname> option. Defaults to
|
||||||
false. This setting is read by
|
false. This setting is read by
|
||||||
<citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
<citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
18
meson.build
18
meson.build
@ -1137,17 +1137,17 @@ conf.set('DEFAULT_DNSSEC_MODE',
|
|||||||
'DNSSEC_' + default_dnssec.underscorify().to_upper())
|
'DNSSEC_' + default_dnssec.underscorify().to_upper())
|
||||||
substs.set('DEFAULT_DNSSEC_MODE', default_dnssec)
|
substs.set('DEFAULT_DNSSEC_MODE', default_dnssec)
|
||||||
|
|
||||||
default_private_dns = get_option('default-private-dns')
|
default_dns_over_tls = get_option('default-dns-over-tls')
|
||||||
if fuzzer_build
|
if fuzzer_build
|
||||||
default_private_dns = 'no'
|
default_dns_over_tls = 'no'
|
||||||
endif
|
endif
|
||||||
if default_private_dns != 'no' and conf.get('HAVE_GNUTLS') == 0
|
if default_dns_over_tls != 'no' and conf.get('HAVE_GNUTLS') == 0
|
||||||
message('default-private-dns cannot be set to strict or opportunistic when gnutls is disabled. Setting default-private-dns to no.')
|
message('default-dns-over-tls cannot be set to strict or opportunistic when gnutls is disabled. Setting default-dns-over-tls to no.')
|
||||||
default_private_dns = 'no'
|
default_dns_over_tls = 'no'
|
||||||
endif
|
endif
|
||||||
conf.set('DEFAULT_PRIVATE_DNS_MODE',
|
conf.set('DEFAULT_DNS_OVER_TLS_MODE',
|
||||||
'PRIVATE_DNS_' + default_private_dns.underscorify().to_upper())
|
'DNS_OVER_TLS_' + default_dns_over_tls.underscorify().to_upper())
|
||||||
substs.set('DEFAULT_PRIVATE_DNS_MODE', default_private_dns)
|
substs.set('DEFAULT_DNS_OVER_TLS_MODE', default_dns_over_tls)
|
||||||
|
|
||||||
want_importd = get_option('importd')
|
want_importd = get_option('importd')
|
||||||
if want_importd != 'false'
|
if want_importd != 'false'
|
||||||
@ -2870,7 +2870,7 @@ status = [
|
|||||||
'symbolic gateway hostnames: @0@'.format(', '.join(gateway_hostnames)),
|
'symbolic gateway hostnames: @0@'.format(', '.join(gateway_hostnames)),
|
||||||
|
|
||||||
'default DNSSEC mode: @0@'.format(default_dnssec),
|
'default DNSSEC mode: @0@'.format(default_dnssec),
|
||||||
'default private DNS mode: @0@'.format(default_private_dns),
|
'default DNS-over-TLS mode: @0@'.format(default_dns_over_tls),
|
||||||
'default cgroup hierarchy: @0@'.format(default_hierarchy),
|
'default cgroup hierarchy: @0@'.format(default_hierarchy),
|
||||||
'default KillUserProcesses setting: @0@'.format(kill_user_processes)]
|
'default KillUserProcesses setting: @0@'.format(kill_user_processes)]
|
||||||
|
|
||||||
|
@ -193,8 +193,8 @@ option('default-dnssec', type : 'combo',
|
|||||||
description : 'default DNSSEC mode',
|
description : 'default DNSSEC mode',
|
||||||
choices : ['yes', 'allow-downgrade', 'no'],
|
choices : ['yes', 'allow-downgrade', 'no'],
|
||||||
value : 'allow-downgrade')
|
value : 'allow-downgrade')
|
||||||
option('default-private-dns', type : 'combo',
|
option('default-dns-over-tls', type : 'combo',
|
||||||
description : 'default private DNS mode',
|
description : 'default DNS-over-TLS mode',
|
||||||
choices : ['opportunistic', 'no'],
|
choices : ['opportunistic', 'no'],
|
||||||
value : 'no')
|
value : 'no')
|
||||||
option('dns-servers', type : 'string',
|
option('dns-servers', type : 'string',
|
||||||
|
@ -48,14 +48,14 @@ _resolvectl() {
|
|||||||
[LINK]='revert dns domain nta'
|
[LINK]='revert dns domain nta'
|
||||||
[RESOLVE]='llmnr mdns'
|
[RESOLVE]='llmnr mdns'
|
||||||
[DNSSEC]='dnssec'
|
[DNSSEC]='dnssec'
|
||||||
[PRIVATEDNS]='privatedns'
|
[DNSOVERTLS]='dnsovertls'
|
||||||
[STANDALONE]='statistics reset-statistics flush-caches reset-server-features'
|
[STANDALONE]='statistics reset-statistics flush-caches reset-server-features'
|
||||||
)
|
)
|
||||||
local -A ARGS=(
|
local -A ARGS=(
|
||||||
[FAMILY]='tcp udp sctp'
|
[FAMILY]='tcp udp sctp'
|
||||||
[RESOLVE]='yes no resolve'
|
[RESOLVE]='yes no resolve'
|
||||||
[DNSSEC]='yes no allow-downgrade'
|
[DNSSEC]='yes no allow-downgrade'
|
||||||
[PRIVATEDNS]='no opportunistic'
|
[DNSOVERTLS]='no opportunistic'
|
||||||
)
|
)
|
||||||
local interfaces=$( __get_interfaces )
|
local interfaces=$( __get_interfaces )
|
||||||
|
|
||||||
@ -111,7 +111,7 @@ _resolvectl() {
|
|||||||
comps=""
|
comps=""
|
||||||
fi
|
fi
|
||||||
|
|
||||||
elif __contains_word "$verb" ${VERBS[LINK]} ${VERBS[RESOLVE]} ${VERBS[DNSSEC]} ${VERBS[PRIVATEDNS]}; then
|
elif __contains_word "$verb" ${VERBS[LINK]} ${VERBS[RESOLVE]} ${VERBS[DNSSEC]} ${VERBS[DNSOVERTLS]}; then
|
||||||
for ((i++; i < COMP_CWORD; i++)); do
|
for ((i++; i < COMP_CWORD; i++)); do
|
||||||
if __contains_word "${COMP_WORDS[i]}" $interfaces &&
|
if __contains_word "${COMP_WORDS[i]}" $interfaces &&
|
||||||
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
|
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
|
||||||
@ -155,10 +155,10 @@ _resolvectl() {
|
|||||||
comps=''
|
comps=''
|
||||||
fi
|
fi
|
||||||
|
|
||||||
elif __contains_word "$verb" ${VERBS[PRIVATEDNS]}; then
|
elif __contains_word "$verb" ${VERBS[DNSOVERTLS]}; then
|
||||||
name=
|
name=
|
||||||
for ((i++; i < COMP_CWORD; i++)); do
|
for ((i++; i < COMP_CWORD; i++)); do
|
||||||
if __contains_word "${COMP_WORDS[i]}" ${ARGS[PRIVATEDNS]} &&
|
if __contains_word "${COMP_WORDS[i]}" ${ARGS[DNSOVERTLS]} &&
|
||||||
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
|
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
|
||||||
name=${COMP_WORDS[i]}
|
name=${COMP_WORDS[i]}
|
||||||
break;
|
break;
|
||||||
@ -166,7 +166,7 @@ _resolvectl() {
|
|||||||
done
|
done
|
||||||
|
|
||||||
if [[ -z $name ]]; then
|
if [[ -z $name ]]; then
|
||||||
comps=${ARGS[PRIVATEDNS]}
|
comps=${ARGS[DNSOVERTLS]}
|
||||||
else
|
else
|
||||||
comps=''
|
comps=''
|
||||||
fi
|
fi
|
||||||
|
@ -65,7 +65,7 @@ _systemd-resolve() {
|
|||||||
--set-dnssec)
|
--set-dnssec)
|
||||||
comps="yes no allow-downgrade"
|
comps="yes no allow-downgrade"
|
||||||
;;
|
;;
|
||||||
--set-privatedns)
|
--set-dnsovertls)
|
||||||
comps="no opportunistic"
|
comps="no opportunistic"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
@ -178,8 +178,8 @@ _public_ int sd_network_link_get_mdns(int ifindex, char **mdns) {
|
|||||||
return network_link_get_string(ifindex, "MDNS", mdns);
|
return network_link_get_string(ifindex, "MDNS", mdns);
|
||||||
}
|
}
|
||||||
|
|
||||||
_public_ int sd_network_link_get_private_dns(int ifindex, char **private_dns) {
|
_public_ int sd_network_link_get_dns_over_tls(int ifindex, char **dns_over_tls) {
|
||||||
return network_link_get_string(ifindex, "PRIVATE_DNS", private_dns);
|
return network_link_get_string(ifindex, "DNS_OVER_TLS", dns_over_tls);
|
||||||
}
|
}
|
||||||
|
|
||||||
_public_ int sd_network_link_get_dnssec(int ifindex, char **dnssec) {
|
_public_ int sd_network_link_get_dnssec(int ifindex, char **dnssec) {
|
||||||
|
@ -3762,9 +3762,9 @@ int link_save(Link *link) {
|
|||||||
fprintf(f, "MDNS=%s\n",
|
fprintf(f, "MDNS=%s\n",
|
||||||
resolve_support_to_string(link->network->mdns));
|
resolve_support_to_string(link->network->mdns));
|
||||||
|
|
||||||
if (link->network->private_dns_mode != _PRIVATE_DNS_MODE_INVALID)
|
if (link->network->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
|
||||||
fprintf(f, "PRIVATE_DNS=%s\n",
|
fprintf(f, "DNS_OVER_TLS=%s\n",
|
||||||
private_dns_mode_to_string(link->network->private_dns_mode));
|
dns_over_tls_mode_to_string(link->network->dns_over_tls_mode));
|
||||||
|
|
||||||
if (link->network->dnssec_mode != _DNSSEC_MODE_INVALID)
|
if (link->network->dnssec_mode != _DNSSEC_MODE_INVALID)
|
||||||
fprintf(f, "DNSSEC=%s\n",
|
fprintf(f, "DNSSEC=%s\n",
|
||||||
|
@ -60,7 +60,7 @@ Network.Domains, config_parse_domains,
|
|||||||
Network.DNS, config_parse_dns, 0, 0
|
Network.DNS, config_parse_dns, 0, 0
|
||||||
Network.LLMNR, config_parse_resolve_support, 0, offsetof(Network, llmnr)
|
Network.LLMNR, config_parse_resolve_support, 0, offsetof(Network, llmnr)
|
||||||
Network.MulticastDNS, config_parse_resolve_support, 0, offsetof(Network, mdns)
|
Network.MulticastDNS, config_parse_resolve_support, 0, offsetof(Network, mdns)
|
||||||
Network.PrivateDNS, config_parse_private_dns_mode, 0, offsetof(Network, private_dns_mode)
|
Network.DNSOverTLS, config_parse_dns_over_tls_mode, 0, offsetof(Network, dns_over_tls_mode)
|
||||||
Network.DNSSEC, config_parse_dnssec_mode, 0, offsetof(Network, dnssec_mode)
|
Network.DNSSEC, config_parse_dnssec_mode, 0, offsetof(Network, dnssec_mode)
|
||||||
Network.DNSSECNegativeTrustAnchors, config_parse_dnssec_negative_trust_anchors, 0, 0
|
Network.DNSSECNegativeTrustAnchors, config_parse_dnssec_negative_trust_anchors, 0, 0
|
||||||
Network.NTP, config_parse_ntp, 0, offsetof(Network, ntp)
|
Network.NTP, config_parse_ntp, 0, offsetof(Network, ntp)
|
||||||
|
@ -236,7 +236,7 @@ static int network_load_one(Manager *manager, const char *filename) {
|
|||||||
network->llmnr = RESOLVE_SUPPORT_YES;
|
network->llmnr = RESOLVE_SUPPORT_YES;
|
||||||
network->mdns = RESOLVE_SUPPORT_NO;
|
network->mdns = RESOLVE_SUPPORT_NO;
|
||||||
network->dnssec_mode = _DNSSEC_MODE_INVALID;
|
network->dnssec_mode = _DNSSEC_MODE_INVALID;
|
||||||
network->private_dns_mode = _PRIVATE_DNS_MODE_INVALID;
|
network->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
|
||||||
|
|
||||||
network->link_local = ADDRESS_FAMILY_IPV6;
|
network->link_local = ADDRESS_FAMILY_IPV6;
|
||||||
|
|
||||||
|
@ -261,7 +261,7 @@ struct Network {
|
|||||||
ResolveSupport llmnr;
|
ResolveSupport llmnr;
|
||||||
ResolveSupport mdns;
|
ResolveSupport mdns;
|
||||||
DnssecMode dnssec_mode;
|
DnssecMode dnssec_mode;
|
||||||
PrivateDnsMode private_dns_mode;
|
DnsOverTlsMode dns_over_tls_mode;
|
||||||
Set *dnssec_negative_trust_anchors;
|
Set *dnssec_negative_trust_anchors;
|
||||||
|
|
||||||
LIST_FIELDS(Network, networks);
|
LIST_FIELDS(Network, networks);
|
||||||
|
@ -56,7 +56,7 @@ char **arg_set_dns = NULL;
|
|||||||
char **arg_set_domain = NULL;
|
char **arg_set_domain = NULL;
|
||||||
static const char *arg_set_llmnr = NULL;
|
static const char *arg_set_llmnr = NULL;
|
||||||
static const char *arg_set_mdns = NULL;
|
static const char *arg_set_mdns = NULL;
|
||||||
static const char *arg_set_private_dns = NULL;
|
static const char *arg_set_dns_over_tls = NULL;
|
||||||
static const char *arg_set_dnssec = NULL;
|
static const char *arg_set_dnssec = NULL;
|
||||||
static char **arg_set_nta = NULL;
|
static char **arg_set_nta = NULL;
|
||||||
|
|
||||||
@ -1339,7 +1339,7 @@ static int status_ifindex(sd_bus *bus, int ifindex, const char *name, StatusMode
|
|||||||
uint64_t scopes_mask;
|
uint64_t scopes_mask;
|
||||||
const char *llmnr;
|
const char *llmnr;
|
||||||
const char *mdns;
|
const char *mdns;
|
||||||
const char *private_dns;
|
const char *dns_over_tls;
|
||||||
const char *dnssec;
|
const char *dnssec;
|
||||||
char *current_dns;
|
char *current_dns;
|
||||||
char **dns;
|
char **dns;
|
||||||
@ -1355,7 +1355,7 @@ static int status_ifindex(sd_bus *bus, int ifindex, const char *name, StatusMode
|
|||||||
{ "Domains", "a(sb)", map_link_domains, offsetof(struct link_info, domains) },
|
{ "Domains", "a(sb)", map_link_domains, offsetof(struct link_info, domains) },
|
||||||
{ "LLMNR", "s", NULL, offsetof(struct link_info, llmnr) },
|
{ "LLMNR", "s", NULL, offsetof(struct link_info, llmnr) },
|
||||||
{ "MulticastDNS", "s", NULL, offsetof(struct link_info, mdns) },
|
{ "MulticastDNS", "s", NULL, offsetof(struct link_info, mdns) },
|
||||||
{ "PrivateDNS", "s", NULL, offsetof(struct link_info, private_dns) },
|
{ "DNSOverTLS", "s", NULL, offsetof(struct link_info, dns_over_tls) },
|
||||||
{ "DNSSEC", "s", NULL, offsetof(struct link_info, dnssec) },
|
{ "DNSSEC", "s", NULL, offsetof(struct link_info, dnssec) },
|
||||||
{ "DNSSECNegativeTrustAnchors", "as", NULL, offsetof(struct link_info, ntas) },
|
{ "DNSSECNegativeTrustAnchors", "as", NULL, offsetof(struct link_info, ntas) },
|
||||||
{ "DNSSECSupported", "b", NULL, offsetof(struct link_info, dnssec_supported) },
|
{ "DNSSECSupported", "b", NULL, offsetof(struct link_info, dnssec_supported) },
|
||||||
@ -1437,7 +1437,7 @@ static int status_ifindex(sd_bus *bus, int ifindex, const char *name, StatusMode
|
|||||||
if (mode == STATUS_PRIVATE) {
|
if (mode == STATUS_PRIVATE) {
|
||||||
printf("%sLink %i (%s)%s: %s\n",
|
printf("%sLink %i (%s)%s: %s\n",
|
||||||
ansi_highlight(), ifindex, name, ansi_normal(),
|
ansi_highlight(), ifindex, name, ansi_normal(),
|
||||||
strna(link_info.private_dns));
|
strna(link_info.dns_over_tls));
|
||||||
|
|
||||||
r = 0;
|
r = 0;
|
||||||
goto finish;
|
goto finish;
|
||||||
@ -1470,12 +1470,12 @@ static int status_ifindex(sd_bus *bus, int ifindex, const char *name, StatusMode
|
|||||||
|
|
||||||
printf(" LLMNR setting: %s\n"
|
printf(" LLMNR setting: %s\n"
|
||||||
"MulticastDNS setting: %s\n"
|
"MulticastDNS setting: %s\n"
|
||||||
" PrivateDNS setting: %s\n"
|
" DNSOverTLS setting: %s\n"
|
||||||
" DNSSEC setting: %s\n"
|
" DNSSEC setting: %s\n"
|
||||||
" DNSSEC supported: %s\n",
|
" DNSSEC supported: %s\n",
|
||||||
strna(link_info.llmnr),
|
strna(link_info.llmnr),
|
||||||
strna(link_info.mdns),
|
strna(link_info.mdns),
|
||||||
strna(link_info.private_dns),
|
strna(link_info.dns_over_tls),
|
||||||
strna(link_info.dnssec),
|
strna(link_info.dnssec),
|
||||||
yes_no(link_info.dnssec_supported));
|
yes_no(link_info.dnssec_supported));
|
||||||
|
|
||||||
@ -1617,7 +1617,7 @@ static int status_global(sd_bus *bus, StatusMode mode, bool *empty_line) {
|
|||||||
char **ntas;
|
char **ntas;
|
||||||
const char *llmnr;
|
const char *llmnr;
|
||||||
const char *mdns;
|
const char *mdns;
|
||||||
const char *private_dns;
|
const char *dns_over_tls;
|
||||||
const char *dnssec;
|
const char *dnssec;
|
||||||
bool dnssec_supported;
|
bool dnssec_supported;
|
||||||
} global_info = {};
|
} global_info = {};
|
||||||
@ -1630,7 +1630,7 @@ static int status_global(sd_bus *bus, StatusMode mode, bool *empty_line) {
|
|||||||
{ "DNSSECNegativeTrustAnchors", "as", NULL, offsetof(struct global_info, ntas) },
|
{ "DNSSECNegativeTrustAnchors", "as", NULL, offsetof(struct global_info, ntas) },
|
||||||
{ "LLMNR", "s", NULL, offsetof(struct global_info, llmnr) },
|
{ "LLMNR", "s", NULL, offsetof(struct global_info, llmnr) },
|
||||||
{ "MulticastDNS", "s", NULL, offsetof(struct global_info, mdns) },
|
{ "MulticastDNS", "s", NULL, offsetof(struct global_info, mdns) },
|
||||||
{ "PrivateDNS", "s", NULL, offsetof(struct global_info, private_dns) },
|
{ "DNSOverTLS", "s", NULL, offsetof(struct global_info, dns_over_tls) },
|
||||||
{ "DNSSEC", "s", NULL, offsetof(struct global_info, dnssec) },
|
{ "DNSSEC", "s", NULL, offsetof(struct global_info, dnssec) },
|
||||||
{ "DNSSECSupported", "b", NULL, offsetof(struct global_info, dnssec_supported) },
|
{ "DNSSECSupported", "b", NULL, offsetof(struct global_info, dnssec_supported) },
|
||||||
{}
|
{}
|
||||||
@ -1692,7 +1692,7 @@ static int status_global(sd_bus *bus, StatusMode mode, bool *empty_line) {
|
|||||||
|
|
||||||
if (mode == STATUS_PRIVATE) {
|
if (mode == STATUS_PRIVATE) {
|
||||||
printf("%sGlobal%s: %s\n", ansi_highlight(), ansi_normal(),
|
printf("%sGlobal%s: %s\n", ansi_highlight(), ansi_normal(),
|
||||||
strna(global_info.private_dns));
|
strna(global_info.dns_over_tls));
|
||||||
|
|
||||||
r = 0;
|
r = 0;
|
||||||
goto finish;
|
goto finish;
|
||||||
@ -1710,12 +1710,12 @@ static int status_global(sd_bus *bus, StatusMode mode, bool *empty_line) {
|
|||||||
|
|
||||||
printf(" LLMNR setting: %s\n"
|
printf(" LLMNR setting: %s\n"
|
||||||
"MulticastDNS setting: %s\n"
|
"MulticastDNS setting: %s\n"
|
||||||
" PrivateDNS setting: %s\n"
|
" DNSOverTLS setting: %s\n"
|
||||||
" DNSSEC setting: %s\n"
|
" DNSSEC setting: %s\n"
|
||||||
" DNSSEC supported: %s\n",
|
" DNSSEC supported: %s\n",
|
||||||
strna(global_info.llmnr),
|
strna(global_info.llmnr),
|
||||||
strna(global_info.mdns),
|
strna(global_info.mdns),
|
||||||
strna(global_info.private_dns),
|
strna(global_info.dns_over_tls),
|
||||||
strna(global_info.dnssec),
|
strna(global_info.dnssec),
|
||||||
yes_no(global_info.dnssec_supported));
|
yes_no(global_info.dnssec_supported));
|
||||||
|
|
||||||
@ -2108,7 +2108,7 @@ static int verb_mdns(int argc, char **argv, void *userdata) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int verb_private_dns(int argc, char **argv, void *userdata) {
|
static int verb_dns_over_tls(int argc, char **argv, void *userdata) {
|
||||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||||
sd_bus *bus = userdata;
|
sd_bus *bus = userdata;
|
||||||
int ifindex, r;
|
int ifindex, r;
|
||||||
@ -2134,7 +2134,7 @@ static int verb_private_dns(int argc, char **argv, void *userdata) {
|
|||||||
"org.freedesktop.resolve1",
|
"org.freedesktop.resolve1",
|
||||||
"/org/freedesktop/resolve1",
|
"/org/freedesktop/resolve1",
|
||||||
"org.freedesktop.resolve1.Manager",
|
"org.freedesktop.resolve1.Manager",
|
||||||
"SetLinkPrivateDNS",
|
"SetLinkDNSOverTLS",
|
||||||
&error,
|
&error,
|
||||||
NULL,
|
NULL,
|
||||||
"is", ifindex, argv[2]);
|
"is", ifindex, argv[2]);
|
||||||
@ -2146,7 +2146,7 @@ static int verb_private_dns(int argc, char **argv, void *userdata) {
|
|||||||
sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_LINK))
|
sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_LINK))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return log_error_errno(r, "Failed to set PrivateDNS configuration: %s", bus_error_message(&error, r));
|
return log_error_errno(r, "Failed to set DNSOverTLS configuration: %s", bus_error_message(&error, r));
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -2354,7 +2354,7 @@ static void compat_help(void) {
|
|||||||
" --set-domain=DOMAIN Set per-interface search domain\n"
|
" --set-domain=DOMAIN Set per-interface search domain\n"
|
||||||
" --set-llmnr=MODE Set per-interface LLMNR mode\n"
|
" --set-llmnr=MODE Set per-interface LLMNR mode\n"
|
||||||
" --set-mdns=MODE Set per-interface MulticastDNS mode\n"
|
" --set-mdns=MODE Set per-interface MulticastDNS mode\n"
|
||||||
" --set-privatedns=MODE Set per-interface PrivateDNS mode\n"
|
" --set-dnsovertls=MODE Set per-interface DNS-over-TLS mode\n"
|
||||||
" --set-dnssec=MODE Set per-interface DNSSEC mode\n"
|
" --set-dnssec=MODE Set per-interface DNSSEC mode\n"
|
||||||
" --set-nta=DOMAIN Set per-interface DNSSEC NTA\n"
|
" --set-nta=DOMAIN Set per-interface DNSSEC NTA\n"
|
||||||
" --revert Revert per-interface configuration\n"
|
" --revert Revert per-interface configuration\n"
|
||||||
@ -2398,7 +2398,7 @@ static void native_help(void) {
|
|||||||
" domain [LINK [DOMAIN...]] Get/set per-interface search domain\n"
|
" domain [LINK [DOMAIN...]] Get/set per-interface search domain\n"
|
||||||
" llmnr [LINK [MODE]] Get/set per-interface LLMNR mode\n"
|
" llmnr [LINK [MODE]] Get/set per-interface LLMNR mode\n"
|
||||||
" mdns [LINK [MODE]] Get/set per-interface MulticastDNS mode\n"
|
" mdns [LINK [MODE]] Get/set per-interface MulticastDNS mode\n"
|
||||||
" privatedns [LINK [MODE]] Get/set per-interface PrivateDNS mode\n"
|
" dnsovertls [LINK [MODE]] Get/set per-interface DNS-over-TLS mode\n"
|
||||||
" dnssec [LINK [MODE]] Get/set per-interface DNSSEC mode\n"
|
" dnssec [LINK [MODE]] Get/set per-interface DNSSEC mode\n"
|
||||||
" nta [LINK [DOMAIN...]] Get/set per-interface DNSSEC NTA\n"
|
" nta [LINK [DOMAIN...]] Get/set per-interface DNSSEC NTA\n"
|
||||||
" revert LINK Revert per-interface configuration\n"
|
" revert LINK Revert per-interface configuration\n"
|
||||||
@ -2464,7 +2464,7 @@ static int compat_parse_argv(int argc, char *argv[]) {
|
|||||||
{ "set-domain", required_argument, NULL, ARG_SET_DOMAIN },
|
{ "set-domain", required_argument, NULL, ARG_SET_DOMAIN },
|
||||||
{ "set-llmnr", required_argument, NULL, ARG_SET_LLMNR },
|
{ "set-llmnr", required_argument, NULL, ARG_SET_LLMNR },
|
||||||
{ "set-mdns", required_argument, NULL, ARG_SET_MDNS },
|
{ "set-mdns", required_argument, NULL, ARG_SET_MDNS },
|
||||||
{ "set-privatedns", required_argument, NULL, ARG_SET_PRIVATE },
|
{ "set-dnsovertls", required_argument, NULL, ARG_SET_PRIVATE },
|
||||||
{ "set-dnssec", required_argument, NULL, ARG_SET_DNSSEC },
|
{ "set-dnssec", required_argument, NULL, ARG_SET_DNSSEC },
|
||||||
{ "set-nta", required_argument, NULL, ARG_SET_NTA },
|
{ "set-nta", required_argument, NULL, ARG_SET_NTA },
|
||||||
{ "revert", no_argument, NULL, ARG_REVERT_LINK },
|
{ "revert", no_argument, NULL, ARG_REVERT_LINK },
|
||||||
@ -2684,7 +2684,7 @@ static int compat_parse_argv(int argc, char *argv[]) {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case ARG_SET_PRIVATE:
|
case ARG_SET_PRIVATE:
|
||||||
arg_set_private_dns = optarg;
|
arg_set_dns_over_tls = optarg;
|
||||||
arg_mode = MODE_SET_LINK;
|
arg_mode = MODE_SET_LINK;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -2731,7 +2731,7 @@ static int compat_parse_argv(int argc, char *argv[]) {
|
|||||||
if (IN_SET(arg_mode, MODE_SET_LINK, MODE_REVERT_LINK)) {
|
if (IN_SET(arg_mode, MODE_SET_LINK, MODE_REVERT_LINK)) {
|
||||||
|
|
||||||
if (arg_ifindex <= 0) {
|
if (arg_ifindex <= 0) {
|
||||||
log_error("--set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-privatedns=, --set-dnssec=, --set-nta= and --revert require --interface=.");
|
log_error("--set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-dnsovertls=, --set-dnssec=, --set-nta= and --revert require --interface=.");
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2957,7 +2957,7 @@ static int native_main(int argc, char *argv[], sd_bus *bus) {
|
|||||||
{ "domain", VERB_ANY, VERB_ANY, 0, verb_domain },
|
{ "domain", VERB_ANY, VERB_ANY, 0, verb_domain },
|
||||||
{ "llmnr", VERB_ANY, 3, 0, verb_llmnr },
|
{ "llmnr", VERB_ANY, 3, 0, verb_llmnr },
|
||||||
{ "mdns", VERB_ANY, 3, 0, verb_mdns },
|
{ "mdns", VERB_ANY, 3, 0, verb_mdns },
|
||||||
{ "privatedns", VERB_ANY, 3, 0, verb_private_dns },
|
{ "dnsovertls", VERB_ANY, 3, 0, verb_dns_over_tls },
|
||||||
{ "dnssec", VERB_ANY, 3, 0, verb_dnssec },
|
{ "dnssec", VERB_ANY, 3, 0, verb_dnssec },
|
||||||
{ "nta", VERB_ANY, VERB_ANY, 0, verb_nta },
|
{ "nta", VERB_ANY, VERB_ANY, 0, verb_nta },
|
||||||
{ "revert", 2, 2, 0, verb_revert_link },
|
{ "revert", 2, 2, 0, verb_revert_link },
|
||||||
@ -3050,8 +3050,8 @@ static int compat_main(int argc, char *argv[], sd_bus *bus) {
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (arg_set_private_dns) {
|
if (arg_set_dns_over_tls) {
|
||||||
r = translate("privatedns", arg_ifname, 1, (char **) &arg_set_private_dns, bus);
|
r = translate("dnsovertls", arg_ifname, 1, (char **) &arg_set_dns_over_tls, bus);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
@ -1471,7 +1471,7 @@ static int bus_property_get_ntas(
|
|||||||
static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode);
|
static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode);
|
||||||
static BUS_DEFINE_PROPERTY_GET(bus_property_get_dnssec_supported, "b", Manager, manager_dnssec_supported);
|
static BUS_DEFINE_PROPERTY_GET(bus_property_get_dnssec_supported, "b", Manager, manager_dnssec_supported);
|
||||||
static BUS_DEFINE_PROPERTY_GET2(bus_property_get_dnssec_mode, "s", Manager, manager_get_dnssec_mode, dnssec_mode_to_string);
|
static BUS_DEFINE_PROPERTY_GET2(bus_property_get_dnssec_mode, "s", Manager, manager_get_dnssec_mode, dnssec_mode_to_string);
|
||||||
static BUS_DEFINE_PROPERTY_GET2(bus_property_get_private_dns_mode, "s", Manager, manager_get_private_dns_mode, private_dns_mode_to_string);
|
static BUS_DEFINE_PROPERTY_GET2(bus_property_get_dns_over_tls_mode, "s", Manager, manager_get_dns_over_tls_mode, dns_over_tls_mode_to_string);
|
||||||
|
|
||||||
static int bus_method_reset_statistics(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
static int bus_method_reset_statistics(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
||||||
Manager *m = userdata;
|
Manager *m = userdata;
|
||||||
@ -1542,8 +1542,8 @@ static int bus_method_set_link_mdns(sd_bus_message *message, void *userdata, sd_
|
|||||||
return call_link_method(userdata, message, bus_link_method_set_mdns, error);
|
return call_link_method(userdata, message, bus_link_method_set_mdns, error);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int bus_method_set_link_private_dns(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
static int bus_method_set_link_dns_over_tls(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
||||||
return call_link_method(userdata, message, bus_link_method_set_private_dns, error);
|
return call_link_method(userdata, message, bus_link_method_set_dns_over_tls, error);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int bus_method_set_link_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
static int bus_method_set_link_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
||||||
@ -1836,7 +1836,7 @@ static const sd_bus_vtable resolve_vtable[] = {
|
|||||||
SD_BUS_PROPERTY("LLMNRHostname", "s", NULL, offsetof(Manager, llmnr_hostname), 0),
|
SD_BUS_PROPERTY("LLMNRHostname", "s", NULL, offsetof(Manager, llmnr_hostname), 0),
|
||||||
SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Manager, llmnr_support), 0),
|
SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Manager, llmnr_support), 0),
|
||||||
SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Manager, mdns_support), 0),
|
SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Manager, mdns_support), 0),
|
||||||
SD_BUS_PROPERTY("PrivateDNS", "s", bus_property_get_private_dns_mode, 0, 0),
|
SD_BUS_PROPERTY("DNSOverTLS", "s", bus_property_get_dns_over_tls_mode, 0, 0),
|
||||||
SD_BUS_PROPERTY("DNS", "a(iiay)", bus_property_get_dns_servers, 0, 0),
|
SD_BUS_PROPERTY("DNS", "a(iiay)", bus_property_get_dns_servers, 0, 0),
|
||||||
SD_BUS_PROPERTY("FallbackDNS", "a(iiay)", bus_property_get_fallback_dns_servers, offsetof(Manager, fallback_dns_servers), SD_BUS_VTABLE_PROPERTY_CONST),
|
SD_BUS_PROPERTY("FallbackDNS", "a(iiay)", bus_property_get_fallback_dns_servers, offsetof(Manager, fallback_dns_servers), SD_BUS_VTABLE_PROPERTY_CONST),
|
||||||
SD_BUS_PROPERTY("CurrentDNSServer", "(iiay)", bus_property_get_current_dns_server, offsetof(Manager, current_dns_server), 0),
|
SD_BUS_PROPERTY("CurrentDNSServer", "(iiay)", bus_property_get_current_dns_server, offsetof(Manager, current_dns_server), 0),
|
||||||
@ -1861,7 +1861,7 @@ static const sd_bus_vtable resolve_vtable[] = {
|
|||||||
SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0),
|
SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0),
|
||||||
SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, 0),
|
SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, 0),
|
||||||
SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, 0),
|
SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, 0),
|
||||||
SD_BUS_METHOD("SetLinkPrivateDNS", "is", NULL, bus_method_set_link_private_dns, 0),
|
SD_BUS_METHOD("SetLinkDNSOverTLS", "is", NULL, bus_method_set_link_dns_over_tls, 0),
|
||||||
SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, 0),
|
SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, 0),
|
||||||
SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, 0),
|
SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, 0),
|
||||||
SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, 0),
|
SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, 0),
|
||||||
|
@ -398,9 +398,9 @@ int manager_parse_config_file(Manager *m) {
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if ! HAVE_GNUTLS
|
#if ! HAVE_GNUTLS
|
||||||
if (m->private_dns_mode != PRIVATE_DNS_NO) {
|
if (m->dns_over_tls_mode != DNS_OVER_TLS_NO) {
|
||||||
log_warning("Private DNS option cannot be set to opportunistic when systemd-resolved is built without gnutls support. Turning off private DNS support.");
|
log_warning("DNS-over-TLS option cannot be set to opportunistic when systemd-resolved is built without gnutls support. Turning off DNS-over-TLS support.");
|
||||||
m->private_dns_mode = PRIVATE_DNS_NO;
|
m->dns_over_tls_mode = DNS_OVER_TLS_NO;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -54,15 +54,15 @@ int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int
|
|||||||
|
|
||||||
if (l) {
|
if (l) {
|
||||||
s->dnssec_mode = link_get_dnssec_mode(l);
|
s->dnssec_mode = link_get_dnssec_mode(l);
|
||||||
s->private_dns_mode = link_get_private_dns_mode(l);
|
s->dns_over_tls_mode = link_get_dns_over_tls_mode(l);
|
||||||
} else {
|
} else {
|
||||||
s->dnssec_mode = manager_get_dnssec_mode(m);
|
s->dnssec_mode = manager_get_dnssec_mode(m);
|
||||||
s->private_dns_mode = manager_get_private_dns_mode(m);
|
s->dns_over_tls_mode = manager_get_dns_over_tls_mode(m);
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
s->dnssec_mode = DNSSEC_NO;
|
s->dnssec_mode = DNSSEC_NO;
|
||||||
s->private_dns_mode = PRIVATE_DNS_NO;
|
s->dns_over_tls_mode = DNS_OVER_TLS_NO;
|
||||||
}
|
}
|
||||||
|
|
||||||
LIST_PREPEND(scopes, m->dns_scopes, s);
|
LIST_PREPEND(scopes, m->dns_scopes, s);
|
||||||
|
@ -35,7 +35,7 @@ struct DnsScope {
|
|||||||
DnsProtocol protocol;
|
DnsProtocol protocol;
|
||||||
int family;
|
int family;
|
||||||
DnssecMode dnssec_mode;
|
DnssecMode dnssec_mode;
|
||||||
PrivateDnsMode private_dns_mode;
|
DnsOverTlsMode dns_over_tls_mode;
|
||||||
|
|
||||||
Link *link;
|
Link *link;
|
||||||
|
|
||||||
|
@ -400,11 +400,11 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) {
|
|||||||
/* Determine the best feature level we care about. If DNSSEC mode is off there's no point in using anything
|
/* Determine the best feature level we care about. If DNSSEC mode is off there's no point in using anything
|
||||||
* better than EDNS0, hence don't even try. */
|
* better than EDNS0, hence don't even try. */
|
||||||
if (dns_server_get_dnssec_mode(s) != DNSSEC_NO)
|
if (dns_server_get_dnssec_mode(s) != DNSSEC_NO)
|
||||||
best = dns_server_get_private_dns_mode(s) == PRIVATE_DNS_NO ?
|
best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ?
|
||||||
DNS_SERVER_FEATURE_LEVEL_LARGE :
|
DNS_SERVER_FEATURE_LEVEL_LARGE :
|
||||||
DNS_SERVER_FEATURE_LEVEL_TLS_DO;
|
DNS_SERVER_FEATURE_LEVEL_TLS_DO;
|
||||||
else
|
else
|
||||||
best = dns_server_get_private_dns_mode(s) == PRIVATE_DNS_NO ?
|
best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ?
|
||||||
DNS_SERVER_FEATURE_LEVEL_EDNS0 :
|
DNS_SERVER_FEATURE_LEVEL_EDNS0 :
|
||||||
DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN;
|
DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN;
|
||||||
|
|
||||||
@ -811,13 +811,13 @@ DnssecMode dns_server_get_dnssec_mode(DnsServer *s) {
|
|||||||
return manager_get_dnssec_mode(s->manager);
|
return manager_get_dnssec_mode(s->manager);
|
||||||
}
|
}
|
||||||
|
|
||||||
PrivateDnsMode dns_server_get_private_dns_mode(DnsServer *s) {
|
DnsOverTlsMode dns_server_get_dns_over_tls_mode(DnsServer *s) {
|
||||||
assert(s);
|
assert(s);
|
||||||
|
|
||||||
if (s->link)
|
if (s->link)
|
||||||
return link_get_private_dns_mode(s->link);
|
return link_get_dns_over_tls_mode(s->link);
|
||||||
|
|
||||||
return manager_get_private_dns_mode(s->manager);
|
return manager_get_dns_over_tls_mode(s->manager);
|
||||||
}
|
}
|
||||||
|
|
||||||
void dns_server_flush_cache(DnsServer *s) {
|
void dns_server_flush_cache(DnsServer *s) {
|
||||||
|
@ -144,7 +144,7 @@ void manager_next_dns_server(Manager *m);
|
|||||||
bool dns_server_address_valid(int family, const union in_addr_union *sa);
|
bool dns_server_address_valid(int family, const union in_addr_union *sa);
|
||||||
|
|
||||||
DnssecMode dns_server_get_dnssec_mode(DnsServer *s);
|
DnssecMode dns_server_get_dnssec_mode(DnsServer *s);
|
||||||
PrivateDnsMode dns_server_get_private_dns_mode(DnsServer *s);
|
DnsOverTlsMode dns_server_get_dns_over_tls_mode(DnsServer *s);
|
||||||
|
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(DnsServer*, dns_server_unref);
|
DEFINE_TRIVIAL_CLEANUP_FUNC(DnsServer*, dns_server_unref);
|
||||||
|
|
||||||
|
@ -23,6 +23,6 @@ Resolve.Domains, config_parse_search_domains, 0,
|
|||||||
Resolve.LLMNR, config_parse_resolve_support, 0, offsetof(Manager, llmnr_support)
|
Resolve.LLMNR, config_parse_resolve_support, 0, offsetof(Manager, llmnr_support)
|
||||||
Resolve.MulticastDNS, config_parse_resolve_support, 0, offsetof(Manager, mdns_support)
|
Resolve.MulticastDNS, config_parse_resolve_support, 0, offsetof(Manager, mdns_support)
|
||||||
Resolve.DNSSEC, config_parse_dnssec_mode, 0, offsetof(Manager, dnssec_mode)
|
Resolve.DNSSEC, config_parse_dnssec_mode, 0, offsetof(Manager, dnssec_mode)
|
||||||
Resolve.PrivateDNS, config_parse_private_dns_mode, 0, offsetof(Manager, private_dns_mode)
|
Resolve.DNSOverTLS, config_parse_dns_over_tls_mode, 0, offsetof(Manager, dns_over_tls_mode)
|
||||||
Resolve.Cache, config_parse_bool, 0, offsetof(Manager, enable_cache)
|
Resolve.Cache, config_parse_bool, 0, offsetof(Manager, enable_cache)
|
||||||
Resolve.DNSStubListener, config_parse_dns_stub_listener_mode, 0, offsetof(Manager, dns_stub_listener_mode)
|
Resolve.DNSStubListener, config_parse_dns_stub_listener_mode, 0, offsetof(Manager, dns_stub_listener_mode)
|
||||||
|
@ -18,7 +18,7 @@
|
|||||||
static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported, "b", Link, link_dnssec_supported);
|
static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported, "b", Link, link_dnssec_supported);
|
||||||
static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode, "s", Link, link_get_dnssec_mode, dnssec_mode_to_string);
|
static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode, "s", Link, link_get_dnssec_mode, dnssec_mode_to_string);
|
||||||
|
|
||||||
static int property_get_private_dns_mode(
|
static int property_get_dns_over_tls_mode(
|
||||||
sd_bus *bus,
|
sd_bus *bus,
|
||||||
const char *path,
|
const char *path,
|
||||||
const char *interface,
|
const char *interface,
|
||||||
@ -32,7 +32,7 @@ static int property_get_private_dns_mode(
|
|||||||
assert(reply);
|
assert(reply);
|
||||||
assert(l);
|
assert(l);
|
||||||
|
|
||||||
return sd_bus_message_append(reply, "s", private_dns_mode_to_string(link_get_private_dns_mode(l)));
|
return sd_bus_message_append(reply, "s", dns_over_tls_mode_to_string(link_get_dns_over_tls_mode(l)));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int property_get_dns(
|
static int property_get_dns(
|
||||||
@ -419,10 +419,10 @@ int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_err
|
|||||||
return sd_bus_reply_method_return(message, NULL);
|
return sd_bus_reply_method_return(message, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
int bus_link_method_set_private_dns(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
int bus_link_method_set_dns_over_tls(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
||||||
Link *l = userdata;
|
Link *l = userdata;
|
||||||
const char *private_dns;
|
const char *dns_over_tls;
|
||||||
PrivateDnsMode mode;
|
DnsOverTlsMode mode;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(message);
|
assert(message);
|
||||||
@ -432,19 +432,19 @@ int bus_link_method_set_private_dns(sd_bus_message *message, void *userdata, sd_
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
r = sd_bus_message_read(message, "s", &private_dns);
|
r = sd_bus_message_read(message, "s", &dns_over_tls);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (isempty(private_dns))
|
if (isempty(dns_over_tls))
|
||||||
mode = _PRIVATE_DNS_MODE_INVALID;
|
mode = _DNS_OVER_TLS_MODE_INVALID;
|
||||||
else {
|
else {
|
||||||
mode = private_dns_mode_from_string(private_dns);
|
mode = dns_over_tls_mode_from_string(dns_over_tls);
|
||||||
if (mode < 0)
|
if (mode < 0)
|
||||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid PrivateDNS setting: %s", private_dns);
|
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid DNSOverTLS setting: %s", dns_over_tls);
|
||||||
}
|
}
|
||||||
|
|
||||||
link_set_private_dns_mode(l, mode);
|
link_set_dns_over_tls_mode(l, mode);
|
||||||
|
|
||||||
(void) link_save_user(l);
|
(void) link_save_user(l);
|
||||||
|
|
||||||
@ -557,7 +557,7 @@ const sd_bus_vtable link_vtable[] = {
|
|||||||
SD_BUS_PROPERTY("Domains", "a(sb)", property_get_domains, 0, 0),
|
SD_BUS_PROPERTY("Domains", "a(sb)", property_get_domains, 0, 0),
|
||||||
SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Link, llmnr_support), 0),
|
SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Link, llmnr_support), 0),
|
||||||
SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Link, mdns_support), 0),
|
SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Link, mdns_support), 0),
|
||||||
SD_BUS_PROPERTY("PrivateDNS", "s", property_get_private_dns_mode, 0, 0),
|
SD_BUS_PROPERTY("DNSOverTLS", "s", property_get_dns_over_tls_mode, 0, 0),
|
||||||
SD_BUS_PROPERTY("DNSSEC", "s", property_get_dnssec_mode, 0, 0),
|
SD_BUS_PROPERTY("DNSSEC", "s", property_get_dnssec_mode, 0, 0),
|
||||||
SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", property_get_ntas, 0, 0),
|
SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", property_get_ntas, 0, 0),
|
||||||
SD_BUS_PROPERTY("DNSSECSupported", "b", property_get_dnssec_supported, 0, 0),
|
SD_BUS_PROPERTY("DNSSECSupported", "b", property_get_dnssec_supported, 0, 0),
|
||||||
@ -566,7 +566,7 @@ const sd_bus_vtable link_vtable[] = {
|
|||||||
SD_BUS_METHOD("SetDomains", "a(sb)", NULL, bus_link_method_set_domains, 0),
|
SD_BUS_METHOD("SetDomains", "a(sb)", NULL, bus_link_method_set_domains, 0),
|
||||||
SD_BUS_METHOD("SetLLMNR", "s", NULL, bus_link_method_set_llmnr, 0),
|
SD_BUS_METHOD("SetLLMNR", "s", NULL, bus_link_method_set_llmnr, 0),
|
||||||
SD_BUS_METHOD("SetMulticastDNS", "s", NULL, bus_link_method_set_mdns, 0),
|
SD_BUS_METHOD("SetMulticastDNS", "s", NULL, bus_link_method_set_mdns, 0),
|
||||||
SD_BUS_METHOD("SetPrivateDNS", "s", NULL, bus_link_method_set_private_dns, 0),
|
SD_BUS_METHOD("SetDNSOverTLS", "s", NULL, bus_link_method_set_dns_over_tls, 0),
|
||||||
SD_BUS_METHOD("SetDNSSEC", "s", NULL, bus_link_method_set_dnssec, 0),
|
SD_BUS_METHOD("SetDNSSEC", "s", NULL, bus_link_method_set_dnssec, 0),
|
||||||
SD_BUS_METHOD("SetDNSSECNegativeTrustAnchors", "as", NULL, bus_link_method_set_dnssec_negative_trust_anchors, 0),
|
SD_BUS_METHOD("SetDNSSECNegativeTrustAnchors", "as", NULL, bus_link_method_set_dnssec_negative_trust_anchors, 0),
|
||||||
SD_BUS_METHOD("Revert", NULL, NULL, bus_link_method_revert, 0),
|
SD_BUS_METHOD("Revert", NULL, NULL, bus_link_method_revert, 0),
|
||||||
|
@ -21,7 +21,7 @@ int bus_link_method_set_dns_servers(sd_bus_message *message, void *userdata, sd_
|
|||||||
int bus_link_method_set_domains(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
int bus_link_method_set_domains(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
||||||
int bus_link_method_set_llmnr(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
int bus_link_method_set_llmnr(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
||||||
int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
||||||
int bus_link_method_set_private_dns(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
int bus_link_method_set_dns_over_tls(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
||||||
int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
||||||
int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
||||||
int bus_link_method_revert(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
int bus_link_method_revert(sd_bus_message *message, void *userdata, sd_bus_error *error);
|
||||||
|
@ -41,7 +41,7 @@ int link_new(Manager *m, Link **ret, int ifindex) {
|
|||||||
l->llmnr_support = RESOLVE_SUPPORT_YES;
|
l->llmnr_support = RESOLVE_SUPPORT_YES;
|
||||||
l->mdns_support = RESOLVE_SUPPORT_NO;
|
l->mdns_support = RESOLVE_SUPPORT_NO;
|
||||||
l->dnssec_mode = _DNSSEC_MODE_INVALID;
|
l->dnssec_mode = _DNSSEC_MODE_INVALID;
|
||||||
l->private_dns_mode = _PRIVATE_DNS_MODE_INVALID;
|
l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
|
||||||
l->operstate = IF_OPER_UNKNOWN;
|
l->operstate = IF_OPER_UNKNOWN;
|
||||||
|
|
||||||
if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0)
|
if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0)
|
||||||
@ -66,7 +66,7 @@ void link_flush_settings(Link *l) {
|
|||||||
l->llmnr_support = RESOLVE_SUPPORT_YES;
|
l->llmnr_support = RESOLVE_SUPPORT_YES;
|
||||||
l->mdns_support = RESOLVE_SUPPORT_NO;
|
l->mdns_support = RESOLVE_SUPPORT_NO;
|
||||||
l->dnssec_mode = _DNSSEC_MODE_INVALID;
|
l->dnssec_mode = _DNSSEC_MODE_INVALID;
|
||||||
l->private_dns_mode = _PRIVATE_DNS_MODE_INVALID;
|
l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
|
||||||
|
|
||||||
dns_server_unlink_all(l->dns_servers);
|
dns_server_unlink_all(l->dns_servers);
|
||||||
dns_search_domain_unlink_all(l->search_domains);
|
dns_search_domain_unlink_all(l->search_domains);
|
||||||
@ -354,26 +354,26 @@ clear:
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
void link_set_private_dns_mode(Link *l, PrivateDnsMode mode) {
|
void link_set_dns_over_tls_mode(Link *l, DnsOverTlsMode mode) {
|
||||||
|
|
||||||
assert(l);
|
assert(l);
|
||||||
|
|
||||||
#if ! HAVE_GNUTLS
|
#if ! HAVE_GNUTLS
|
||||||
if (mode != PRIVATE_DNS_NO)
|
if (mode != DNS_OVER_TLS_NO)
|
||||||
log_warning("Private DNS option for the link cannot be set to opportunistic when systemd-resolved is built without gnutls support. Turning off Private DNS support.");
|
log_warning("DNS-over-TLS option for the link cannot be set to opportunistic when systemd-resolved is built without gnutls support. Turning off DNS-over-TLS support.");
|
||||||
return;
|
return;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
l->private_dns_mode = mode;
|
l->dns_over_tls_mode = mode;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int link_update_private_dns_mode(Link *l) {
|
static int link_update_dns_over_tls_mode(Link *l) {
|
||||||
_cleanup_free_ char *b = NULL;
|
_cleanup_free_ char *b = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(l);
|
assert(l);
|
||||||
|
|
||||||
r = sd_network_link_get_private_dns(l->ifindex, &b);
|
r = sd_network_link_get_dns_over_tls(l->ifindex, &b);
|
||||||
if (r == -ENODATA) {
|
if (r == -ENODATA) {
|
||||||
r = 0;
|
r = 0;
|
||||||
goto clear;
|
goto clear;
|
||||||
@ -381,8 +381,8 @@ static int link_update_private_dns_mode(Link *l) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto clear;
|
goto clear;
|
||||||
|
|
||||||
l->private_dns_mode = private_dns_mode_from_string(b);
|
l->dns_over_tls_mode = dns_over_tls_mode_from_string(b);
|
||||||
if (l->private_dns_mode < 0) {
|
if (l->dns_over_tls_mode < 0) {
|
||||||
r = -EINVAL;
|
r = -EINVAL;
|
||||||
goto clear;
|
goto clear;
|
||||||
}
|
}
|
||||||
@ -390,7 +390,7 @@ static int link_update_private_dns_mode(Link *l) {
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
clear:
|
clear:
|
||||||
l->private_dns_mode = _PRIVATE_DNS_MODE_INVALID;
|
l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -601,9 +601,9 @@ static void link_read_settings(Link *l) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_warning_errno(r, "Failed to read mDNS support for interface %s, ignoring: %m", l->name);
|
log_warning_errno(r, "Failed to read mDNS support for interface %s, ignoring: %m", l->name);
|
||||||
|
|
||||||
r = link_update_private_dns_mode(l);
|
r = link_update_dns_over_tls_mode(l);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_warning_errno(r, "Failed to read Private DNS mode for interface %s, ignoring: %m", l->name);
|
log_warning_errno(r, "Failed to read DNS-over-TLS mode for interface %s, ignoring: %m", l->name);
|
||||||
|
|
||||||
r = link_update_dnssec_mode(l);
|
r = link_update_dnssec_mode(l);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
@ -738,13 +738,13 @@ void link_next_dns_server(Link *l) {
|
|||||||
link_set_dns_server(l, l->dns_servers);
|
link_set_dns_server(l, l->dns_servers);
|
||||||
}
|
}
|
||||||
|
|
||||||
PrivateDnsMode link_get_private_dns_mode(Link *l) {
|
DnsOverTlsMode link_get_dns_over_tls_mode(Link *l) {
|
||||||
assert(l);
|
assert(l);
|
||||||
|
|
||||||
if (l->private_dns_mode != _PRIVATE_DNS_MODE_INVALID)
|
if (l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
|
||||||
return l->private_dns_mode;
|
return l->dns_over_tls_mode;
|
||||||
|
|
||||||
return manager_get_private_dns_mode(l->manager);
|
return manager_get_dns_over_tls_mode(l->manager);
|
||||||
}
|
}
|
||||||
|
|
||||||
DnssecMode link_get_dnssec_mode(Link *l) {
|
DnssecMode link_get_dnssec_mode(Link *l) {
|
||||||
|
@ -59,7 +59,7 @@ struct Link {
|
|||||||
|
|
||||||
ResolveSupport llmnr_support;
|
ResolveSupport llmnr_support;
|
||||||
ResolveSupport mdns_support;
|
ResolveSupport mdns_support;
|
||||||
PrivateDnsMode private_dns_mode;
|
DnsOverTlsMode dns_over_tls_mode;
|
||||||
DnssecMode dnssec_mode;
|
DnssecMode dnssec_mode;
|
||||||
Set *dnssec_negative_trust_anchors;
|
Set *dnssec_negative_trust_anchors;
|
||||||
|
|
||||||
@ -91,7 +91,7 @@ void link_add_rrs(Link *l, bool force_remove);
|
|||||||
|
|
||||||
void link_flush_settings(Link *l);
|
void link_flush_settings(Link *l);
|
||||||
void link_set_dnssec_mode(Link *l, DnssecMode mode);
|
void link_set_dnssec_mode(Link *l, DnssecMode mode);
|
||||||
void link_set_private_dns_mode(Link *l, PrivateDnsMode mode);
|
void link_set_dns_over_tls_mode(Link *l, DnsOverTlsMode mode);
|
||||||
void link_allocate_scopes(Link *l);
|
void link_allocate_scopes(Link *l);
|
||||||
|
|
||||||
DnsServer* link_set_dns_server(Link *l, DnsServer *s);
|
DnsServer* link_set_dns_server(Link *l, DnsServer *s);
|
||||||
@ -101,7 +101,7 @@ void link_next_dns_server(Link *l);
|
|||||||
DnssecMode link_get_dnssec_mode(Link *l);
|
DnssecMode link_get_dnssec_mode(Link *l);
|
||||||
bool link_dnssec_supported(Link *l);
|
bool link_dnssec_supported(Link *l);
|
||||||
|
|
||||||
PrivateDnsMode link_get_private_dns_mode(Link *l);
|
DnsOverTlsMode link_get_dns_over_tls_mode(Link *l);
|
||||||
|
|
||||||
int link_save_user(Link *l);
|
int link_save_user(Link *l);
|
||||||
int link_load_user(Link *l);
|
int link_load_user(Link *l);
|
||||||
|
@ -580,7 +580,7 @@ int manager_new(Manager **ret) {
|
|||||||
m->llmnr_support = RESOLVE_SUPPORT_YES;
|
m->llmnr_support = RESOLVE_SUPPORT_YES;
|
||||||
m->mdns_support = RESOLVE_SUPPORT_YES;
|
m->mdns_support = RESOLVE_SUPPORT_YES;
|
||||||
m->dnssec_mode = DEFAULT_DNSSEC_MODE;
|
m->dnssec_mode = DEFAULT_DNSSEC_MODE;
|
||||||
m->private_dns_mode = DEFAULT_PRIVATE_DNS_MODE;
|
m->dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE;
|
||||||
m->enable_cache = true;
|
m->enable_cache = true;
|
||||||
m->dns_stub_listener_mode = DNS_STUB_LISTENER_UDP;
|
m->dns_stub_listener_mode = DNS_STUB_LISTENER_UDP;
|
||||||
m->read_resolv_conf = true;
|
m->read_resolv_conf = true;
|
||||||
@ -1385,13 +1385,13 @@ bool manager_dnssec_supported(Manager *m) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
PrivateDnsMode manager_get_private_dns_mode(Manager *m) {
|
DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m) {
|
||||||
assert(m);
|
assert(m);
|
||||||
|
|
||||||
if (m->private_dns_mode != _PRIVATE_DNS_MODE_INVALID)
|
if (m->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
|
||||||
return m->private_dns_mode;
|
return m->dns_over_tls_mode;
|
||||||
|
|
||||||
return PRIVATE_DNS_NO;
|
return DNS_OVER_TLS_NO;
|
||||||
}
|
}
|
||||||
|
|
||||||
void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
|
void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
|
||||||
|
@ -35,7 +35,7 @@ struct Manager {
|
|||||||
ResolveSupport llmnr_support;
|
ResolveSupport llmnr_support;
|
||||||
ResolveSupport mdns_support;
|
ResolveSupport mdns_support;
|
||||||
DnssecMode dnssec_mode;
|
DnssecMode dnssec_mode;
|
||||||
PrivateDnsMode private_dns_mode;
|
DnsOverTlsMode dns_over_tls_mode;
|
||||||
bool enable_cache;
|
bool enable_cache;
|
||||||
DnsStubListenerMode dns_stub_listener_mode;
|
DnsStubListenerMode dns_stub_listener_mode;
|
||||||
|
|
||||||
@ -173,7 +173,7 @@ int manager_compile_search_domains(Manager *m, OrderedSet **domains, int filter_
|
|||||||
DnssecMode manager_get_dnssec_mode(Manager *m);
|
DnssecMode manager_get_dnssec_mode(Manager *m);
|
||||||
bool manager_dnssec_supported(Manager *m);
|
bool manager_dnssec_supported(Manager *m);
|
||||||
|
|
||||||
PrivateDnsMode manager_get_private_dns_mode(Manager *m);
|
DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m);
|
||||||
|
|
||||||
void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key);
|
void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key);
|
||||||
|
|
||||||
|
@ -18,6 +18,6 @@
|
|||||||
#LLMNR=yes
|
#LLMNR=yes
|
||||||
#MulticastDNS=yes
|
#MulticastDNS=yes
|
||||||
#DNSSEC=@DEFAULT_DNSSEC_MODE@
|
#DNSSEC=@DEFAULT_DNSSEC_MODE@
|
||||||
#PrivateDNS=@DEFAULT_PRIVATE_DNS_MODE@
|
#DNSOverTLS=@DEFAULT_DNS_OVER_TLS_MODE@
|
||||||
#Cache=yes
|
#Cache=yes
|
||||||
#DNSStubListener=udp
|
#DNSStubListener=udp
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
|
|
||||||
DEFINE_CONFIG_PARSE_ENUM(config_parse_resolve_support, resolve_support, ResolveSupport, "Failed to parse resolve support setting");
|
DEFINE_CONFIG_PARSE_ENUM(config_parse_resolve_support, resolve_support, ResolveSupport, "Failed to parse resolve support setting");
|
||||||
DEFINE_CONFIG_PARSE_ENUM(config_parse_dnssec_mode, dnssec_mode, DnssecMode, "Failed to parse DNSSEC mode setting");
|
DEFINE_CONFIG_PARSE_ENUM(config_parse_dnssec_mode, dnssec_mode, DnssecMode, "Failed to parse DNSSEC mode setting");
|
||||||
DEFINE_CONFIG_PARSE_ENUM(config_parse_private_dns_mode, private_dns_mode, PrivateDnsMode, "Failed to parse private DNS mode setting");
|
DEFINE_CONFIG_PARSE_ENUM(config_parse_dns_over_tls_mode, dns_over_tls_mode, DnsOverTlsMode, "Failed to parse DNS-over-TLS mode setting");
|
||||||
|
|
||||||
static const char* const resolve_support_table[_RESOLVE_SUPPORT_MAX] = {
|
static const char* const resolve_support_table[_RESOLVE_SUPPORT_MAX] = {
|
||||||
[RESOLVE_SUPPORT_NO] = "no",
|
[RESOLVE_SUPPORT_NO] = "no",
|
||||||
@ -27,8 +27,8 @@ static const char* const dnssec_mode_table[_DNSSEC_MODE_MAX] = {
|
|||||||
};
|
};
|
||||||
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dnssec_mode, DnssecMode, DNSSEC_YES);
|
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dnssec_mode, DnssecMode, DNSSEC_YES);
|
||||||
|
|
||||||
static const char* const private_dns_mode_table[_PRIVATE_DNS_MODE_MAX] = {
|
static const char* const dns_over_tls_mode_table[_DNS_OVER_TLS_MODE_MAX] = {
|
||||||
[PRIVATE_DNS_NO] = "no",
|
[DNS_OVER_TLS_NO] = "no",
|
||||||
[PRIVATE_DNS_OPPORTUNISTIC] = "opportunistic",
|
[DNS_OVER_TLS_OPPORTUNISTIC] = "opportunistic",
|
||||||
};
|
};
|
||||||
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(private_dns_mode, PrivateDnsMode, _PRIVATE_DNS_MODE_INVALID);
|
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_over_tls_mode, DnsOverTlsMode, _DNS_OVER_TLS_MODE_INVALID);
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
|
|
||||||
typedef enum ResolveSupport ResolveSupport;
|
typedef enum ResolveSupport ResolveSupport;
|
||||||
typedef enum DnssecMode DnssecMode;
|
typedef enum DnssecMode DnssecMode;
|
||||||
typedef enum PrivateDnsMode PrivateDnsMode;
|
typedef enum DnsOverTlsMode DnsOverTlsMode;
|
||||||
|
|
||||||
enum ResolveSupport {
|
enum ResolveSupport {
|
||||||
RESOLVE_SUPPORT_NO,
|
RESOLVE_SUPPORT_NO,
|
||||||
@ -40,21 +40,21 @@ enum DnssecMode {
|
|||||||
_DNSSEC_MODE_INVALID = -1
|
_DNSSEC_MODE_INVALID = -1
|
||||||
};
|
};
|
||||||
|
|
||||||
enum PrivateDnsMode {
|
enum DnsOverTlsMode {
|
||||||
/* No connection is made for DNS-over-TLS */
|
/* No connection is made for DNS-over-TLS */
|
||||||
PRIVATE_DNS_NO,
|
DNS_OVER_TLS_NO,
|
||||||
|
|
||||||
/* Try to connect using DNS-over-TLS, but if connection fails,
|
/* Try to connect using DNS-over-TLS, but if connection fails,
|
||||||
* fallback to using an unencrypted connection */
|
* fallback to using an unencrypted connection */
|
||||||
PRIVATE_DNS_OPPORTUNISTIC,
|
DNS_OVER_TLS_OPPORTUNISTIC,
|
||||||
|
|
||||||
_PRIVATE_DNS_MODE_MAX,
|
_DNS_OVER_TLS_MODE_MAX,
|
||||||
_PRIVATE_DNS_MODE_INVALID = -1
|
_DNS_OVER_TLS_MODE_INVALID = -1
|
||||||
};
|
};
|
||||||
|
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support);
|
CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode);
|
CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_private_dns_mode);
|
CONFIG_PARSER_PROTOTYPE(config_parse_dns_over_tls_mode);
|
||||||
|
|
||||||
const char* resolve_support_to_string(ResolveSupport p) _const_;
|
const char* resolve_support_to_string(ResolveSupport p) _const_;
|
||||||
ResolveSupport resolve_support_from_string(const char *s) _pure_;
|
ResolveSupport resolve_support_from_string(const char *s) _pure_;
|
||||||
@ -62,5 +62,5 @@ ResolveSupport resolve_support_from_string(const char *s) _pure_;
|
|||||||
const char* dnssec_mode_to_string(DnssecMode p) _const_;
|
const char* dnssec_mode_to_string(DnssecMode p) _const_;
|
||||||
DnssecMode dnssec_mode_from_string(const char *s) _pure_;
|
DnssecMode dnssec_mode_from_string(const char *s) _pure_;
|
||||||
|
|
||||||
const char* private_dns_mode_to_string(PrivateDnsMode p) _const_;
|
const char* dns_over_tls_mode_to_string(DnsOverTlsMode p) _const_;
|
||||||
PrivateDnsMode private_dns_mode_from_string(const char *s) _pure_;
|
DnsOverTlsMode dns_over_tls_mode_from_string(const char *s) _pure_;
|
||||||
|
@ -129,13 +129,13 @@ int sd_network_link_get_llmnr(int ifindex, char **llmnr);
|
|||||||
*/
|
*/
|
||||||
int sd_network_link_get_mdns(int ifindex, char **mdns);
|
int sd_network_link_get_mdns(int ifindex, char **mdns);
|
||||||
|
|
||||||
/* Indicates whether or not Private DNS should be enabled for the
|
/* Indicates whether or not DNS-over-TLS should be enabled for the
|
||||||
* link.
|
* link.
|
||||||
* Possible levels of support: strict, no, opportunistic
|
* Possible levels of support: strict, no, opportunistic
|
||||||
* Possible return codes:
|
* Possible return codes:
|
||||||
* -ENODATA: networkd is not aware of the link
|
* -ENODATA: networkd is not aware of the link
|
||||||
*/
|
*/
|
||||||
int sd_network_link_get_private_dns(int ifindex, char **private_dns);
|
int sd_network_link_get_dns_over_tls(int ifindex, char **dns_over_tls);
|
||||||
|
|
||||||
/* Indicates whether or not DNSSEC should be enabled for the link
|
/* Indicates whether or not DNSSEC should be enabled for the link
|
||||||
* Possible levels of support: yes, no, allow-downgrade
|
* Possible levels of support: yes, no, allow-downgrade
|
||||||
|
Loading…
Reference in New Issue
Block a user