mirror of
https://github.com/systemd/systemd.git
synced 2024-12-23 21:35:11 +03:00
Merge pull request #8623 from yuwata/resolvectl
resolvectl: rename systemd-resolve to resolvectl
This commit is contained in:
commit
9c531ff89f
@ -10,11 +10,11 @@
|
||||
Copyright 2016 Lennart Poettering
|
||||
-->
|
||||
|
||||
<refentry id="systemd-resolve" conditional='ENABLE_RESOLVE'
|
||||
<refentry id="resolvectl" conditional='ENABLE_RESOLVE'
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
|
||||
<refentryinfo>
|
||||
<title>systemd-resolve</title>
|
||||
<title>resolvectl</title>
|
||||
<productname>systemd</productname>
|
||||
|
||||
<authorgroup>
|
||||
@ -28,118 +28,29 @@
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>systemd-resolve</refentrytitle>
|
||||
<refentrytitle>resolvectl</refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>systemd-resolve</refname>
|
||||
<refname>resolvectl</refname>
|
||||
<refname>resolvconf</refname>
|
||||
<refpurpose>Resolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services; introspect and reconfigure the DNS resolver</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>systemd-resolve</command>
|
||||
<command>resolvectl</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<arg choice="plain" rep="repeat"><replaceable>HOSTNAME</replaceable></arg>
|
||||
<arg choice="req">COMMAND</arg>
|
||||
<arg choice="opt" rep="repeat">NAME</arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>systemd-resolve</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<arg choice="plain" rep="repeat"><replaceable>ADDRESS</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>systemd-resolve</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<command> --type=<replaceable>TYPE</replaceable></command>
|
||||
<arg choice="plain" rep="repeat"><replaceable>DOMAIN</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>systemd-resolve</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<command> --service</command>
|
||||
<arg choice="plain"><arg choice="opt"><arg choice="opt"><replaceable>NAME</replaceable></arg>
|
||||
<replaceable>TYPE</replaceable></arg> <replaceable>DOMAIN</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>systemd-resolve</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<command> --openpgp</command>
|
||||
<arg choice="plain"><replaceable>USER@DOMAIN</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>systemd-resolve</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<command> --tlsa</command>
|
||||
<arg choice="plain"><replaceable>DOMAIN<optional>:PORT</optional></replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>systemd-resolve</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<command> --statistics</command>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>systemd-resolve</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<command> --reset-statistics</command>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>systemd-resolve</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<command> --flush-caches</command>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>systemd-resolve</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<command> --reset-server-features</command>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>systemd-resolve</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<command> --status</command>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>systemd-resolve</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<command> --set-dns=<replaceable>SERVER</replaceable></command> <command> --set-domain=<replaceable>DOMAIN</replaceable> --set-llmnr=<replaceable>MODE</replaceable> --set-mdns=<replaceable>MODE</replaceable> --set-dnssec=<replaceable>MODE</replaceable> --set-nta=<replaceable>DOMAIN</replaceable></command>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>systemd-resolve</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<command> --revert</command>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>resolvconf</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<command> -a <replaceable>INTERFACE</replaceable> < <replaceable>FILE</replaceable></command>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>resolvconf</command>
|
||||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||||
<command> -d <replaceable>INTERFACE</replaceable></command>
|
||||
</cmdsynopsis>
|
||||
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
|
||||
<para><command>systemd-resolve</command> may be used to resolve domain names, IPv4 and IPv6 addresses, DNS resource
|
||||
<para><command>resolvectl</command> may be used to resolve domain names, IPv4 and IPv6 addresses, DNS resource
|
||||
records and services with the
|
||||
<citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
resolver service. By default, the specified list of parameters will be resolved as hostnames, retrieving their IPv4
|
||||
@ -151,36 +62,6 @@
|
||||
authenticated. All data for which local DNSSEC validation succeeds is considered authenticated. Moreover all data
|
||||
originating from local, trusted sources is also reported authenticated, including resolution of the local host
|
||||
name, the <literal>localhost</literal> host name or all data from <filename>/etc/hosts</filename>.</para>
|
||||
|
||||
<para>The <option>--type=</option> switch may be used to specify a DNS resource record type (A, AAAA, SOA, MX, …) in
|
||||
order to request a specific DNS resource record, instead of the address or reverse address lookups.
|
||||
The special value <literal>help</literal> may be used to list known values.</para>
|
||||
|
||||
<para>The <option>--service</option> switch may be used to resolve <ulink
|
||||
url="https://tools.ietf.org/html/rfc2782">SRV</ulink> and <ulink
|
||||
url="https://tools.ietf.org/html/rfc6763">DNS-SD</ulink> services (see below). In this mode, between one and three
|
||||
arguments are required. If three parameters are passed the first is assumed to be the DNS-SD service name, the
|
||||
second the SRV service type, and the third the domain to search in. In this case a full DNS-SD style SRV and TXT
|
||||
lookup is executed. If only two parameters are specified, the first is assumed to be the SRV service type, and the
|
||||
second the domain to look in. In this case no TXT RR is requested. Finally, if only one parameter is specified, it
|
||||
is assumed to be a domain name, that is already prefixed with an SRV type, and an SRV lookup is done (no
|
||||
TXT).</para>
|
||||
|
||||
<para>The <option>--openpgp</option> switch may be used to query PGP keys stored as
|
||||
<ulink url="https://tools.ietf.org/html/rfc7929">OPENPGPKEY</ulink> resource records.
|
||||
When this option is specified one or more e-mail address must be specified.</para>
|
||||
|
||||
<para>The <option>--tlsa</option> switch maybe be used to query TLS public
|
||||
keys stored as
|
||||
<ulink url="https://tools.ietf.org/html/rfc6698">TLSA</ulink> resource records.
|
||||
When this option is specified one or more domain names must be specified.</para>
|
||||
|
||||
<para>The <option>--statistics</option> switch may be used to show resolver statistics, including information about
|
||||
the number of successful and failed DNSSEC validations.</para>
|
||||
|
||||
<para>The <option>--reset-statistics</option> may be used to reset various statistics counters maintained the
|
||||
resolver, including those shown in the <option>--statistics</option> output. This operation requires root
|
||||
privileges.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
@ -239,13 +120,6 @@
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--service</option></term>
|
||||
|
||||
<listitem><para>Enables service resolution. This enables DNS-SD and simple SRV service resolution, depending
|
||||
on the specified list of parameters (see above).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--service-address=</option><replaceable>BOOL</replaceable></term>
|
||||
|
||||
@ -260,28 +134,6 @@
|
||||
<option>--service</option> the TXT service metadata record is resolved as well.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--openpgp</option></term>
|
||||
|
||||
<listitem><para>Enables OPENPGPKEY resource record resolution (see above). Specified e-mail
|
||||
addresses are converted to the corresponding DNS domain name, and any OPENPGPKEY keys are
|
||||
printed.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--tlsa</option></term>
|
||||
|
||||
<listitem><para>Enables TLSA resource record resolution (see above).
|
||||
A query will be performed for each of the specified names prefixed with
|
||||
the port and family
|
||||
(<literal>_<replaceable>port</replaceable>._<replaceable>family</replaceable>.<replaceable>domain</replaceable></literal>).
|
||||
The port number may be specified after a colon
|
||||
(<literal>:</literal>), otherwise <constant>443</constant> will be used
|
||||
by default. The family may be specified as an argument after
|
||||
<option>--tlsa</option>, otherwise <constant>tcp</constant> will be
|
||||
used.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--cname=</option><replaceable>BOOL</replaceable></term>
|
||||
|
||||
@ -315,21 +167,75 @@
|
||||
query response are shown. Otherwise, this output is suppressed.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--statistics</option></term>
|
||||
<xi:include href="standard-options.xml" xpointer="help" />
|
||||
<xi:include href="standard-options.xml" xpointer="version" />
|
||||
<xi:include href="standard-options.xml" xpointer="no-pager" />
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<listitem><para>If specified general resolver statistics are shown, including information whether DNSSEC is
|
||||
<refsect1>
|
||||
<title>Commands</title>
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>query <replaceable>HOSTNAME|ADDRESS</replaceable>…</option></term>
|
||||
|
||||
<listitem><para>Resolve domain names, IPv4 and IPv6 addresses.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>service [[<replaceable>NAME</replaceable>] <replaceable>TYPE</replaceable>] <replaceable>DOMAIN</replaceable></option></term>
|
||||
|
||||
<listitem><para>Resolve <ulink url="https://tools.ietf.org/html/rfc6763">DNS-SD</ulink> and
|
||||
<ulink url="https://tools.ietf.org/html/rfc2782">SRV</ulink> services, depending on the specified list of parameters.
|
||||
If three parameters are passed the first is assumed to be the DNS-SD service name, the second the SRV service type,
|
||||
and the third the domain to search in. In this case a full DNS-SD style SRV and TXT lookup is executed. If only two
|
||||
parameters are specified, the first is assumed to be the SRV service type, and the second the domain to look in. In
|
||||
this case no TXT RR is requested. Finally, if only one parameter is specified, it is assumed to be a domain name,
|
||||
that is already prefixed with an SRV type, and an SRV lookup is done (no TXT).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>openpgp <replaceable>EMAIL@DOMAIN</replaceable>…</option></term>
|
||||
|
||||
<listitem><para>Query PGP keys stored as <ulink url="https://tools.ietf.org/html/rfc7929">OPENPGPKEY</ulink>
|
||||
resource records. Specified e-mail addresses are converted to the corresponding DNS domain name, and any
|
||||
OPENPGPKEY keys are printed.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>tlsa [<replaceable>FAMILY</replaceable>] <replaceable>DOMAIN</replaceable>[:<replaceable>PORT</replaceable>]…</option></term>
|
||||
|
||||
<listitem><para>Query TLS public keys stored as <ulink url="https://tools.ietf.org/html/rfc6698">TLSA</ulink>
|
||||
resource records. A query will be performed for each of the specified names prefixed with the port and family
|
||||
(<literal>_<replaceable>port</replaceable>._<replaceable>family</replaceable>.<replaceable>domain</replaceable></literal>).
|
||||
The port number may be specified after a colon (<literal>:</literal>), otherwise <constant>443</constant> will be used
|
||||
by default. The family may be specified as the first argument, otherwise <constant>tcp</constant> will be used.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>status [<replaceable>LINK</replaceable>…]</option></term>
|
||||
|
||||
<listitem><para>Shows the global and per-link DNS settings in currently in effect. If no command is specified,
|
||||
this is the implied default.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>statistics</option></term>
|
||||
|
||||
<listitem><para>Shows general resolver statistics, including information whether DNSSEC is
|
||||
enabled and available, as well as resolution and validation statistics.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--reset-statistics</option></term>
|
||||
<term><option>reset-statistics</option></term>
|
||||
|
||||
<listitem><para>Resets the statistics counters shown in <option>--statistics</option> to zero.</para></listitem>
|
||||
<listitem><para>Resets the statistics counters shown in <option>statistics</option> to zero.
|
||||
This operation requires root privileges.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--flush-caches</option></term>
|
||||
<term><option>flush-caches</option></term>
|
||||
|
||||
<listitem><para>Flushes all DNS resource record caches the service maintains locally. This is mostly equivalent
|
||||
to sending the <constant>SIGUSR2</constant> to the <command>systemd-resolved</command>
|
||||
@ -337,7 +243,7 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--reset-server-features</option></term>
|
||||
<term><option>reset-server-features</option></term>
|
||||
|
||||
<listitem><para>Flushes all feature level information the resolver learnt about specific servers, and ensures
|
||||
that the server feature probing logic is started from the beginning with the next look-up request. This is
|
||||
@ -346,68 +252,52 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--status</option></term>
|
||||
<term><option>dns [<replaceable>LINK</replaceable> [<replaceable>SERVER</replaceable>…]]</option></term>
|
||||
<term><option>domain [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</option></term>
|
||||
<term><option>llmnr [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
|
||||
<term><option>mdns [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
|
||||
<term><option>dnssec [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
|
||||
<term><option>nta [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</option></term>
|
||||
|
||||
<listitem><para>Shows the global and per-link DNS settings in currently in effect.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--set-dns=SERVER</option></term>
|
||||
<term><option>--set-domain=DOMAIN</option></term>
|
||||
<term><option>--set-llmnr=MODE</option></term>
|
||||
<term><option>--set-mdns=MODE</option></term>
|
||||
<term><option>--set-dnssec=MODE</option></term>
|
||||
<term><option>--set-nta=DOMAIN</option></term>
|
||||
|
||||
<listitem><para>Set per-interface DNS configuration. These switches may be used to configure various DNS
|
||||
<listitem><para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS
|
||||
settings for network interfaces that aren't managed by
|
||||
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. (These
|
||||
commands will fail when used on interfaces that are managed by <command>systemd-networkd</command>, please
|
||||
configure their DNS settings directly inside the <filename>.network</filename> files instead.) These switches
|
||||
configure their DNS settings directly inside the <filename>.network</filename> files instead.) These commands
|
||||
may be used to inform <command>systemd-resolved</command> about per-interface DNS configuration determined
|
||||
through external means. Multiple of these switches may be passed on a single invocation of
|
||||
<command>systemd-resolve</command> in order to set multiple configuration options at once. If any of these
|
||||
switches is used, it must be combined with <option>--interface=</option> to indicate the network interface the
|
||||
new DNS configuration belongs to. The <option>--set-dns=</option> option expects an IPv4 or IPv6 address
|
||||
specification of a DNS server to use, and may be used multiple times to define multiple servers for the same
|
||||
interface. The <option>--set-domain=</option> option expects a valid DNS domain, possibly prefixed with
|
||||
<literal>~</literal>, and configures a per-interface search or route-only domain. It may be used multiple times
|
||||
to configure multiple such domains. The <option>--set-llmnr=</option>, <option>--set-mdns=</option> and
|
||||
<option>--set-dnssec=</option> options may be used to configure the per-interface LLMNR, MulticastDNS and
|
||||
DNSSEC settings. Finally, <option>--set-nta=</option> may be used to configure additional per-interface DNSSEC
|
||||
NTA domains and may also be used multiple times. For details about these settings, their possible values and
|
||||
their effect, see the corresponding options in
|
||||
through external means. The <option>dns</option> command expects IPv4 or IPv6 address specifications of DNS
|
||||
servers to use. The <option>domain</option> command expects valid DNS domains, possibly prefixed with
|
||||
<literal>~</literal>, and configures a per-interface search or route-only domain. The <option>llmnr</option>,
|
||||
<option>mdns</option> and <option>dnssec</option> commands may be used to configure the per-interface LLMNR,
|
||||
MulticastDNS and DNSSEC settings. Finally, <option>nta</option> command may be used to configure additional
|
||||
per-interface DNSSEC NTA domains. For details about these settings, their possible values and their effect,
|
||||
see the corresponding options in
|
||||
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--revert</option></term>
|
||||
<term><option>revert <replaceable>LINK</replaceable></option></term>
|
||||
|
||||
<listitem><para>Revert the per-interface DNS configuration. This option must be combined with
|
||||
<option>--interface=</option> to indicate the network interface the DNS configuration shall be reverted on. If
|
||||
the DNS configuration is reverted all per-interface DNS setting are reset to their defaults, undoing all
|
||||
effects of <option>--set-dns=</option>, <option>--set-domain=</option>, <option>--set-llmnr=</option>,
|
||||
<option>--set-mdns=</option>, <option>--set-dnssec=</option>, <option>--set-nta=</option>. Note that when a
|
||||
network interface disappears all configuration is lost automatically, an explicit reverting is not necessary in
|
||||
that case.</para></listitem>
|
||||
<listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all
|
||||
per-interface DNS setting are reset to their defaults, undoing all effects of <option>dns</option>,
|
||||
<option>domain</option>, <option>llmnr</option>, <option>mdns</option>, <option>dnssec</option>,
|
||||
<option>nta=</option>. Note that when a network interface disappears all configuration is lost automatically,
|
||||
an explicit reverting is not necessary in that case.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<xi:include href="standard-options.xml" xpointer="help" />
|
||||
<xi:include href="standard-options.xml" xpointer="version" />
|
||||
<xi:include href="standard-options.xml" xpointer="no-pager" />
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Compatibility with <citerefentry><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry></title>
|
||||
|
||||
<para><command>systemd-resolve</command> is a multi-call binary. When invoked as <literal>resolvconf</literal>
|
||||
(generally achieved by means of a symbolic link of this name to the <command>systemd-resolve</command> binary) it
|
||||
<para><command>resolvectl</command> is a multi-call binary. When invoked as <literal>resolvconf</literal>
|
||||
(generally achieved by means of a symbolic link of this name to the <command>resolvectl</command> binary) it
|
||||
is run in a limited <citerefentry><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
compatibility mode. It accepts mostly the same arguments and pushes all data into
|
||||
<citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
similar to how <option>--set-dns=</option> and <option>--set-domain=</option> operate. Note that
|
||||
similar to how <option>dns</option> and <option>domain</option> commands operate. Note that
|
||||
<command>systemd-resolved.service</command> is the only supported backend, which is different from other
|
||||
implementations of this command. Note that not all operations supported by other implementations are supported
|
||||
natively. Specifically:</para>
|
||||
@ -420,15 +310,14 @@
|
||||
<citerefentry><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> compatible DNS
|
||||
configuration data from its standard input. Relevant fields are <literal>nameserver</literal> and
|
||||
<literal>domain</literal>/<literal>search</literal>. This command is mostly identical to invoking
|
||||
<command>systemd-resolve</command> with a combination of <option>--set-dns=</option> and
|
||||
<option>--set-domain=</option>.</para></listitem>
|
||||
<command>resolvectl</command> with a combination of <option>dns</option> and
|
||||
<option>domain</option> commands.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>-d</option></term>
|
||||
<listitem><para>Unregisters per-interface DNS configuration data with <command>systemd-resolved</command>. This
|
||||
command is mostly identical to invoking <command>systemd-resolve</command> with
|
||||
<option>--revert</option>.</para></listitem>
|
||||
command is mostly identical to invoking <command>resolvectl revert</command>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
@ -481,7 +370,7 @@
|
||||
<example>
|
||||
<title>Retrieve the addresses of the <literal>www.0pointer.net</literal> domain</title>
|
||||
|
||||
<programlisting>$ systemd-resolve www.0pointer.net
|
||||
<programlisting>$ resolvectl www.0pointer.net
|
||||
www.0pointer.net: 2a01:238:43ed:c300:10c3:bcf3:3266:da74
|
||||
85.214.157.71
|
||||
|
||||
@ -493,7 +382,7 @@ www.0pointer.net: 2a01:238:43ed:c300:10c3:bcf3:3266:da74
|
||||
<example>
|
||||
<title>Retrieve the domain of the <literal>85.214.157.71</literal> IP address</title>
|
||||
|
||||
<programlisting>$ systemd-resolve 85.214.157.71
|
||||
<programlisting>$ resolvectl 85.214.157.71
|
||||
85.214.157.71: gardel.0pointer.net
|
||||
|
||||
-- Information acquired via protocol DNS in 1.2997s.
|
||||
@ -504,7 +393,7 @@ www.0pointer.net: 2a01:238:43ed:c300:10c3:bcf3:3266:da74
|
||||
<example>
|
||||
<title>Retrieve the MX record of the <literal>yahoo.com</literal> domain</title>
|
||||
|
||||
<programlisting>$ systemd-resolve -t MX yahoo.com --legend=no
|
||||
<programlisting>$ resolvectl -t MX yahoo.com --legend=no
|
||||
yahoo.com. IN MX 1 mta7.am0.yahoodns.net
|
||||
yahoo.com. IN MX 1 mta6.am0.yahoodns.net
|
||||
yahoo.com. IN MX 1 mta5.am0.yahoodns.net
|
||||
@ -514,7 +403,7 @@ yahoo.com. IN MX 1 mta5.am0.yahoodns.net
|
||||
<example>
|
||||
<title>Resolve an SRV service</title>
|
||||
|
||||
<programlisting>$ systemd-resolve --service _xmpp-server._tcp gmail.com
|
||||
<programlisting>$ resolvectl service _xmpp-server._tcp gmail.com
|
||||
_xmpp-server._tcp/gmail.com: alt1.xmpp-server.l.google.com:5269 [priority=20, weight=0]
|
||||
173.194.210.125
|
||||
alt4.xmpp-server.l.google.com:5269 [priority=20, weight=0]
|
||||
@ -526,7 +415,7 @@ _xmpp-server._tcp/gmail.com: alt1.xmpp-server.l.google.com:5269 [priority=20, we
|
||||
<example>
|
||||
<title>Retrieve a PGP key</title>
|
||||
|
||||
<programlisting>$ systemd-resolve --openpgp zbyszek@fedoraproject.org
|
||||
<programlisting>$ resolvectl openpgp zbyszek@fedoraproject.org
|
||||
d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproject.org. IN OPENPGPKEY
|
||||
mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5soJjlMyf
|
||||
MFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2Cjk3xUwAynCsSs
|
||||
@ -535,10 +424,10 @@ d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproje
|
||||
</example>
|
||||
|
||||
<example>
|
||||
<title>Retrieve a TLS key (<literal>=tcp</literal> and
|
||||
<title>Retrieve a TLS key (<literal>tcp</literal> and
|
||||
<literal>:443</literal> could be skipped)</title>
|
||||
|
||||
<programlisting>$ systemd-resolve --tlsa=tcp fedoraproject.org:443
|
||||
<programlisting>$ resolvectl tlsa tcp fedoraproject.org:443
|
||||
_443._tcp.fedoraproject.org IN TLSA 0 0 1 19400be5b7a31fb733917700789d2f0a2471c0c9d506c0e504c06c16d7cb17c0
|
||||
-- Cert. usage: CA constraint
|
||||
-- Selector: Full Certificate
|
@ -43,6 +43,7 @@ manpages = [
|
||||
['nss-systemd', '8', ['libnss_systemd.so.2'], 'ENABLE_NSS_SYSTEMD'],
|
||||
['os-release', '5', [], ''],
|
||||
['pam_systemd', '8', [], 'HAVE_PAM'],
|
||||
['resolvectl', '1', ['resolvconf'], 'ENABLE_RESOLVE'],
|
||||
['resolved.conf', '5', ['resolved.conf.d'], 'ENABLE_RESOLVE'],
|
||||
['runlevel', '8', [], 'ENABLE_UTMP'],
|
||||
['sd-boot', '7', [], 'ENABLE_EFI'],
|
||||
@ -614,7 +615,6 @@ manpages = [
|
||||
'ENABLE_RANDOMSEED'],
|
||||
['systemd-rc-local-generator', '8', [], ''],
|
||||
['systemd-remount-fs.service', '8', ['systemd-remount-fs'], ''],
|
||||
['systemd-resolve', '1', ['resolvconf'], 'ENABLE_RESOLVE'],
|
||||
['systemd-resolved.service', '8', ['systemd-resolved'], 'ENABLE_RESOLVE'],
|
||||
['systemd-rfkill.service',
|
||||
'8',
|
||||
|
@ -216,7 +216,7 @@
|
||||
<command>systemd-resolved</command> will flush all caches it maintains. Note that it should normally not be
|
||||
necessary to request this explicitly – except for debugging purposes – as <command>systemd-resolved</command>
|
||||
flushes the caches automatically anyway any time the host's network configuration changes. Sending this signal
|
||||
to <command>systemd-resolved</command> is equivalent to the <command>systemd-resolve --flush-caches</command>
|
||||
to <command>systemd-resolved</command> is equivalent to the <command>resolvectl --flush-caches</command>
|
||||
command, however the latter is recommended since it operates in a synchronous way.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -230,7 +230,7 @@
|
||||
should normally not be necessary to request this explicitly – except for debugging purposes – as
|
||||
<command>systemd-resolved</command> automatically forgets learnt information any time the DNS server
|
||||
configuration changes. Sending this signal to <command>systemd-resolved</command> is equivalent to the
|
||||
<command>systemd-resolve --reset-server-features</command> command, however the latter is recommended since it
|
||||
<command>resolvectl --reset-server-features</command> command, however the latter is recommended since it
|
||||
operates in a synchronous way.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
@ -244,7 +244,7 @@
|
||||
<citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>dnssec-trust-anchors.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd-resolve</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>resolvectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry project='man-pages'><refentrytitle>hosts</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
|
@ -201,10 +201,10 @@ TxtText=path=/stats/index.html t=temperature_sensor</programlisting>
|
||||
<para>This makes the http server running on the host discoverable in the local network
|
||||
given MulticastDNS is enabled on the network interface.</para>
|
||||
|
||||
<para>Now the utility <literal>systemd-resolve</literal> should be able to resolve the
|
||||
<para>Now the utility <literal>resolvectl</literal> should be able to resolve the
|
||||
service to the host's name:</para>
|
||||
|
||||
<programlisting>$ systemd-resolve --service meteo._http._tcp.local
|
||||
<programlisting>$ resolvectl service meteo._http._tcp.local
|
||||
meteo._http._tcp.local: meteo.local:80 [priority=0, weight=0]
|
||||
169.254.208.106%senp0s21f0u2u4
|
||||
fe80::213:3bff:fe49:8aa%senp0s21f0u2u4
|
||||
@ -238,7 +238,8 @@ meteo._http._tcp.local: meteo.local:80 [priority=0, weight=0]
|
||||
<title>See Also</title>
|
||||
<para>
|
||||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
<citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>resolvectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
10
meson.build
10
meson.build
@ -1593,8 +1593,8 @@ if conf.get('ENABLE_RESOLVE') == 1
|
||||
install : true,
|
||||
install_dir : rootlibexecdir)
|
||||
|
||||
exe = executable('systemd-resolve',
|
||||
systemd_resolve_sources,
|
||||
exe = executable('resolvectl',
|
||||
resolvectl_sources,
|
||||
include_directories : includes,
|
||||
link_with : [libshared,
|
||||
libbasic_gcrypt,
|
||||
@ -1608,8 +1608,12 @@ if conf.get('ENABLE_RESOLVE') == 1
|
||||
public_programs += [exe]
|
||||
|
||||
meson.add_install_script(meson_make_symlink,
|
||||
join_paths(bindir, 'systemd-resolve'),
|
||||
join_paths(bindir, 'resolvectl'),
|
||||
join_paths(rootsbindir, 'resolvconf'))
|
||||
|
||||
meson.add_install_script(meson_make_symlink,
|
||||
join_paths(bindir, 'resolvectl'),
|
||||
join_paths(bindir, 'systemd-resolve'))
|
||||
endif
|
||||
|
||||
if conf.get('ENABLE_LOGIND') == 1
|
||||
|
@ -42,6 +42,7 @@ if bashcompletiondir != 'no'
|
||||
['machinectl', 'ENABLE_MACHINED'],
|
||||
['networkctl', 'ENABLE_NETWORKD'],
|
||||
['systemd-resolve', 'ENABLE_RESOLVE'],
|
||||
['resolvectl', 'ENABLE_RESOLVE'],
|
||||
['timedatectl', 'ENABLE_TIMEDATED'],
|
||||
]
|
||||
|
||||
|
165
shell-completion/bash/resolvectl
Normal file
165
shell-completion/bash/resolvectl
Normal file
@ -0,0 +1,165 @@
|
||||
# resolvectl(1) completion -*- shell-script -*-
|
||||
# SPDX-License-Identifier: LGPL-2.1+
|
||||
#
|
||||
# This file is part of systemd.
|
||||
#
|
||||
# Copyright 2018 Yu Watanabe
|
||||
#
|
||||
# systemd is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Lesser General Public License as published by
|
||||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# systemd is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public License
|
||||
# along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
__contains_word () {
|
||||
local w word=$1; shift
|
||||
for w in "$@"; do
|
||||
[[ $w = "$word" ]] && return
|
||||
done
|
||||
}
|
||||
|
||||
__get_interfaces(){
|
||||
{ cd /sys/class/net && echo *; } | \
|
||||
while read -d' ' -r name; do
|
||||
[[ "$name" != "lo" ]] && echo "$name"
|
||||
done
|
||||
}
|
||||
|
||||
_resolvectl() {
|
||||
local i comps verb name
|
||||
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
|
||||
local -A OPTS=(
|
||||
[STANDALONE]='-h --help --version --no-pager -4 -6
|
||||
--service-address=no --service-txt=no
|
||||
--cname=no --search=no --legend=no'
|
||||
[ARG]='-i --interface -p --protocol -t --type -c --class --raw'
|
||||
)
|
||||
local -A VERBS=(
|
||||
[DOMAIN]='query service openpgp'
|
||||
[FAMILY]='tlsa'
|
||||
[STATUS]='status'
|
||||
[LINK]='revert dns domain nta'
|
||||
[RESOLVE]='llmnr mdns'
|
||||
[DNSSEC]='dnssec'
|
||||
[STANDALONE]='statistics reset-statistics flush-caches reset-server-features'
|
||||
)
|
||||
local -A ARGS=(
|
||||
[FAMILY]='tcp udp sctp'
|
||||
[RESOLVE]='yes no resolve'
|
||||
[DNSSEC]='yes no allow-downgrade'
|
||||
)
|
||||
local interfaces=$( __get_interfaces )
|
||||
|
||||
if __contains_word "$prev" ${OPTS[ARG]}; then
|
||||
case $prev in
|
||||
--interface|-i)
|
||||
comps="$interfaces"
|
||||
;;
|
||||
--protocol|-p|--type|-t|--class|-c)
|
||||
comps=$( resolvectl --legend=no "$prev" help; echo help )
|
||||
;;
|
||||
--raw)
|
||||
comps="payload packet"
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
||||
return 0
|
||||
fi
|
||||
|
||||
if [[ "$cur" = -* ]]; then
|
||||
COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") )
|
||||
return 0
|
||||
fi
|
||||
|
||||
for ((i=0; i < COMP_CWORD; i++)); do
|
||||
if __contains_word "${COMP_WORDS[i]}" ${VERBS[*]} &&
|
||||
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
|
||||
verb=${COMP_WORDS[i]}
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ -z $verb ]]; then
|
||||
comps="${VERBS[*]}"
|
||||
|
||||
elif __contains_word "$verb" ${VERBS[STANDALONE]} ${VERBS[DOMAIN]}; then
|
||||
comps=''
|
||||
|
||||
elif __contains_word "$verb" ${VERBS[STATUS]}; then
|
||||
comps="$interfaces"
|
||||
|
||||
elif __contains_word "$verb" ${VERBS[FAMILY]}; then
|
||||
for ((i++; i < COMP_CWORD; i++)); do
|
||||
if __contains_word "${COMP_WORDS[i]}" ${ARGS[FAMILY]} &&
|
||||
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
|
||||
name=${COMP_WORDS[i]}
|
||||
break;
|
||||
fi
|
||||
done
|
||||
if [[ -z $name ]]; then
|
||||
comps=${ARGS[FAMILY]}
|
||||
else
|
||||
comps=""
|
||||
fi
|
||||
|
||||
elif __contains_word "$verb" ${VERBS[LINK]} ${VERBS[RESOLVE]} ${VERBS[DNSSEC]}; then
|
||||
for ((i++; i < COMP_CWORD; i++)); do
|
||||
if __contains_word "${COMP_WORDS[i]}" $interfaces &&
|
||||
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
|
||||
name=${COMP_WORDS[i]}
|
||||
break;
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ -z $name ]]; then
|
||||
comps="$interfaces"
|
||||
|
||||
elif __contains_word "$verb" ${VERBS[RESOLVE]}; then
|
||||
name=
|
||||
for ((i++; i < COMP_CWORD; i++)); do
|
||||
if __contains_word "${COMP_WORDS[i]}" ${ARGS[RESOLVE]} &&
|
||||
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
|
||||
name=${COMP_WORDS[i]}
|
||||
break;
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ -z $name ]]; then
|
||||
comps=${ARGS[RESOLVE]}
|
||||
else
|
||||
comps=''
|
||||
fi
|
||||
|
||||
elif __contains_word "$verb" ${VERBS[DNSSEC]}; then
|
||||
name=
|
||||
for ((i++; i < COMP_CWORD; i++)); do
|
||||
if __contains_word "${COMP_WORDS[i]}" ${ARGS[DNSSEC]} &&
|
||||
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
|
||||
name=${COMP_WORDS[i]}
|
||||
break;
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ -z $name ]]; then
|
||||
comps=${ARGS[DNSSEC]}
|
||||
else
|
||||
comps=''
|
||||
fi
|
||||
|
||||
else
|
||||
comps=''
|
||||
fi
|
||||
fi
|
||||
|
||||
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
||||
return 0
|
||||
}
|
||||
|
||||
complete -F _resolvectl resolvectl
|
@ -67,11 +67,11 @@ systemd_resolved_sources = files('''
|
||||
resolved-etc-hosts.c
|
||||
'''.split())
|
||||
|
||||
systemd_resolve_sources = files('''
|
||||
resolvectl_sources = files('''
|
||||
resolvconf-compat.c
|
||||
resolvconf-compat.h
|
||||
resolve-tool.c
|
||||
resolve-tool.h
|
||||
resolvectl.c
|
||||
resolvectl.h
|
||||
'''.split())
|
||||
|
||||
############################################################
|
||||
|
@ -10,7 +10,7 @@
|
||||
#include "fileio.h"
|
||||
#include "parse-util.h"
|
||||
#include "resolvconf-compat.h"
|
||||
#include "resolve-tool.h"
|
||||
#include "resolvectl.h"
|
||||
#include "resolved-def.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
@ -44,8 +44,6 @@ static int parse_nameserver(const char *string) {
|
||||
|
||||
for (;;) {
|
||||
_cleanup_free_ char *word = NULL;
|
||||
struct in_addr_data data, *n;
|
||||
int ifindex = 0;
|
||||
|
||||
r = extract_first_word(&string, &word, NULL, 0);
|
||||
if (r < 0)
|
||||
@ -53,27 +51,8 @@ static int parse_nameserver(const char *string) {
|
||||
if (r == 0)
|
||||
break;
|
||||
|
||||
r = in_addr_ifindex_from_string_auto(word, &data.family, &data.address, &ifindex);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to parse name server '%s': %m", word);
|
||||
|
||||
if (ifindex > 0 && ifindex != arg_ifindex) {
|
||||
log_error("Name server interface '%s' does not match selected interface: %m", word);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
/* Some superficial filtering */
|
||||
if (in_addr_is_null(data.family, &data.address))
|
||||
continue;
|
||||
if (data.family == AF_INET && data.address.in.s_addr == htobe32(INADDR_DNS_STUB)) /* resolved's own stub? */
|
||||
continue;
|
||||
|
||||
n = reallocarray(arg_set_dns, arg_n_set_dns + 1, sizeof(struct in_addr_data));
|
||||
if (!n)
|
||||
if (strv_push(&arg_set_dns, word) < 0)
|
||||
return log_oom();
|
||||
arg_set_dns = n;
|
||||
|
||||
arg_set_dns[arg_n_set_dns++] = data;
|
||||
}
|
||||
|
||||
return 0;
|
||||
@ -93,14 +72,6 @@ static int parse_search_domain(const char *string) {
|
||||
if (r == 0)
|
||||
break;
|
||||
|
||||
r = dns_name_is_valid(word);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to validate specified domain '%s': %m", word);
|
||||
if (r == 0) {
|
||||
log_error("Domain not valid: %s", word);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (strv_push(&arg_set_domain, word) < 0)
|
||||
return log_oom();
|
||||
|
||||
@ -251,6 +222,7 @@ int resolvconf_parse_argv(int argc, char *argv[]) {
|
||||
}
|
||||
|
||||
arg_ifindex = ifi;
|
||||
arg_ifname = iface;
|
||||
}
|
||||
|
||||
if (arg_mode == MODE_SET_LINK) {
|
||||
@ -301,7 +273,7 @@ int resolvconf_parse_argv(int argc, char *argv[]) {
|
||||
} else if (type == TYPE_PRIVATE)
|
||||
log_debug("Private DNS server data not supported, ignoring.");
|
||||
|
||||
if (arg_n_set_dns == 0) {
|
||||
if (!arg_set_dns) {
|
||||
log_error("No DNS servers specified, refusing operation.");
|
||||
return -EINVAL;
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -5,6 +5,7 @@
|
||||
#include <sys/types.h>
|
||||
|
||||
extern int arg_ifindex;
|
||||
extern const char *arg_ifname;
|
||||
extern bool arg_ifindex_permissive;
|
||||
|
||||
typedef enum ExecutionMode {
|
||||
@ -25,6 +26,5 @@ typedef enum ExecutionMode {
|
||||
|
||||
extern ExecutionMode arg_mode;
|
||||
|
||||
extern struct in_addr_data *arg_set_dns;
|
||||
extern size_t arg_n_set_dns;
|
||||
extern char **arg_set_dns;
|
||||
extern char **arg_set_domain;
|
Loading…
Reference in New Issue
Block a user