]>
Commit | Line | Data |
---|---|---|
624993ac | 1 | <?xml version='1.0'?> |
3a54a157 ZJS |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | |
db9ecf05 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
624993ac | 5 | |
b69f810c | 6 | <refentry id="resolvectl" conditional='ENABLE_RESOLVE' |
624993ac LP |
7 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
8 | ||
9 | <refentryinfo> | |
b69f810c | 10 | <title>resolvectl</title> |
624993ac | 11 | <productname>systemd</productname> |
624993ac LP |
12 | </refentryinfo> |
13 | ||
14 | <refmeta> | |
b69f810c | 15 | <refentrytitle>resolvectl</refentrytitle> |
624993ac LP |
16 | <manvolnum>1</manvolnum> |
17 | </refmeta> | |
18 | ||
19 | <refnamediv> | |
b69f810c | 20 | <refname>resolvectl</refname> |
2eee2088 LP |
21 | <refname>resolvconf</refname> |
22 | <refpurpose>Resolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services; introspect and reconfigure the DNS resolver</refpurpose> | |
624993ac LP |
23 | </refnamediv> |
24 | ||
25 | <refsynopsisdiv> | |
26 | <cmdsynopsis> | |
b69f810c | 27 | <command>resolvectl</command> |
624993ac | 28 | <arg choice="opt" rep="repeat">OPTIONS</arg> |
b69f810c YW |
29 | <arg choice="req">COMMAND</arg> |
30 | <arg choice="opt" rep="repeat">NAME</arg> | |
624993ac | 31 | </cmdsynopsis> |
624993ac LP |
32 | </refsynopsisdiv> |
33 | ||
34 | <refsect1> | |
35 | <title>Description</title> | |
36 | ||
b69f810c | 37 | <para><command>resolvectl</command> may be used to resolve domain names, IPv4 and IPv6 addresses, DNS resource |
624993ac LP |
38 | records and services with the |
39 | <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
40 | resolver service. By default, the specified list of parameters will be resolved as hostnames, retrieving their IPv4 | |
1f7eed4c | 41 | and IPv6 addresses. If the parameters specified are formatted as IPv4 or IPv6 addresses the reverse operation is |
624993ac LP |
42 | done, and a hostname is retrieved for the specified addresses.</para> |
43 | ||
cdfe156a LP |
44 | <para>The program's output contains information about the protocol used for the look-up and on which network |
45 | interface the data was discovered. It also contains information on whether the information could be | |
46 | authenticated. All data for which local DNSSEC validation succeeds is considered authenticated. Moreover all data | |
47 | originating from local, trusted sources is also reported authenticated, including resolution of the local host | |
38b38500 | 48 | name, the <literal>localhost</literal> hostname or all data from <filename>/etc/hosts</filename>.</para> |
624993ac LP |
49 | </refsect1> |
50 | ||
b69f810c YW |
51 | <refsect1> |
52 | <title>Commands</title> | |
53 | <variablelist> | |
54 | ||
55 | <varlistentry> | |
8eb6e6ed | 56 | <term><command>query</command> <replaceable>HOSTNAME|ADDRESS</replaceable>…</term> |
b69f810c | 57 | |
b480543c | 58 | <listitem><para>Resolve domain names, as well as IPv4 and IPv6 addresses. When used in conjunction |
018b642a LP |
59 | with <option>--type=</option> or <option>--class=</option> (see below), resolves low-level DNS |
60 | resource records.</para> | |
61 | ||
62 | <para>If a single-label domain name is specified it is searched for according to the configured | |
63 | search domains — unless <option>--search=no</option> or | |
64 | <option>--type=</option>/<option>--class=</option> are specified, both of which turn this logic | |
65 | off.</para> | |
66 | ||
67 | <para>If an international domain name is specified, it is automatically translated according to IDNA | |
68 | rules when resolved via classic DNS — but not for look-ups via MulticastDNS or LLMNR. If | |
69 | <option>--type=</option>/<option>--class=</option> is used IDNA translation is turned off and domain | |
70 | names are processed as specified.</para></listitem> | |
b69f810c YW |
71 | </varlistentry> |
72 | ||
73 | <varlistentry> | |
8eb6e6ed ZJS |
74 | <term><command>service</command> |
75 | [[<replaceable>NAME</replaceable>] <replaceable>TYPE</replaceable>] | |
76 | <replaceable>DOMAIN</replaceable></term> | |
b69f810c | 77 | |
9a024bf1 ZJS |
78 | <listitem><para>Resolve <ulink url="https://tools.ietf.org/html/rfc6763">DNS-SD</ulink> and <ulink |
79 | url="https://tools.ietf.org/html/rfc2782">SRV</ulink> services, depending on the specified list of | |
80 | parameters. If three parameters are passed the first is assumed to be the DNS-SD service name, the | |
81 | second the <constant class='dns'>SRV</constant> service type, and the third the domain to search in. | |
82 | In this case a full DNS-SD style <constant class='dns'>SRV</constant> and <constant | |
83 | class='dns'>TXT</constant> lookup is executed. If only two parameters are specified, the first is | |
84 | assumed to be the <constant class='dns'>SRV</constant> service type, and the second the domain to look | |
85 | in. In this case no <constant class='dns'>TXT</constant> resource record is requested. Finally, if | |
86 | only one parameter is specified, it is assumed to be a domain name, that is already prefixed with an | |
87 | <constant class='dns'>SRV</constant> type, and an <constant class='dns'>SRV</constant> lookup is done | |
88 | (no <constant class='dns'>TXT</constant>).</para></listitem> | |
b69f810c YW |
89 | </varlistentry> |
90 | ||
91 | <varlistentry> | |
8eb6e6ed | 92 | <term><command>openpgp</command> <replaceable>EMAIL@DOMAIN</replaceable>…</term> |
b69f810c | 93 | |
9a024bf1 | 94 | <listitem><para>Query PGP keys stored as <constant class='dns'>OPENPGPKEY</constant> resource records, |
857f0e0a | 95 | see <ulink url="https://tools.ietf.org/html/rfc7929">RFC 7929</ulink>. Specified e-mail addresses |
9a024bf1 ZJS |
96 | are converted to the corresponding DNS domain name, and any <constant class='dns'>OPENPGPKEY</constant> |
97 | keys are printed.</para></listitem> | |
b69f810c YW |
98 | </varlistentry> |
99 | ||
624993ac | 100 | <varlistentry> |
8eb6e6ed ZJS |
101 | <term><command>tlsa</command> |
102 | [<replaceable>FAMILY</replaceable>] | |
103 | <replaceable>DOMAIN</replaceable>[:<replaceable>PORT</replaceable>]…</term> | |
624993ac | 104 | |
9a024bf1 ZJS |
105 | <listitem><para>Query TLS public keys stored as <constant class='dns'>TLSA</constant> resource |
106 | records, see <ulink url="https://tools.ietf.org/html/rfc6698">RFC 6698</ulink>. A query will be | |
107 | performed for each of the specified names prefixed with the port and family | |
b69f810c | 108 | (<literal>_<replaceable>port</replaceable>._<replaceable>family</replaceable>.<replaceable>domain</replaceable></literal>). |
9a024bf1 ZJS |
109 | The port number may be specified after a colon (<literal>:</literal>), otherwise |
110 | <constant>443</constant> will be used by default. The family may be specified as the first argument, | |
111 | otherwise <constant>tcp</constant> will be used.</para></listitem> | |
b69f810c YW |
112 | </varlistentry> |
113 | ||
114 | <varlistentry> | |
8eb6e6ed | 115 | <term><command>status</command> [<replaceable>LINK</replaceable>…]</term> |
b69f810c | 116 | |
2c520df4 | 117 | <listitem><para>Shows the global and per-link DNS settings currently in effect. If no command is specified, |
b69f810c YW |
118 | this is the implied default.</para></listitem> |
119 | </varlistentry> | |
120 | ||
121 | <varlistentry> | |
8eb6e6ed | 122 | <term><command>statistics</command></term> |
b69f810c YW |
123 | |
124 | <listitem><para>Shows general resolver statistics, including information whether DNSSEC is | |
624993ac LP |
125 | enabled and available, as well as resolution and validation statistics.</para></listitem> |
126 | </varlistentry> | |
127 | ||
128 | <varlistentry> | |
8eb6e6ed | 129 | <term><command>reset-statistics</command></term> |
624993ac | 130 | |
8eb6e6ed | 131 | <listitem><para>Resets the statistics counters shown in <command>statistics</command> to zero. |
b69f810c | 132 | This operation requires root privileges.</para></listitem> |
624993ac LP |
133 | </varlistentry> |
134 | ||
ba35662f | 135 | <varlistentry> |
8eb6e6ed | 136 | <term><command>flush-caches</command></term> |
ba35662f | 137 | |
9a024bf1 ZJS |
138 | <listitem><para>Flushes all DNS resource record caches the service maintains locally. This is mostly |
139 | equivalent to sending the <constant>SIGUSR2</constant> to the <command>systemd-resolved</command> | |
d55b0463 LP |
140 | service.</para></listitem> |
141 | </varlistentry> | |
142 | ||
143 | <varlistentry> | |
8eb6e6ed | 144 | <term><command>reset-server-features</command></term> |
d55b0463 LP |
145 | |
146 | <listitem><para>Flushes all feature level information the resolver learnt about specific servers, and ensures | |
147 | that the server feature probing logic is started from the beginning with the next look-up request. This is | |
148 | mostly equivalent to sending the <constant>SIGRTMIN+1</constant> to the <command>systemd-resolved</command> | |
149 | service.</para></listitem> | |
ba35662f LP |
150 | </varlistentry> |
151 | ||
be371fe0 | 152 | <varlistentry> |
8eb6e6ed ZJS |
153 | <term><command>dns</command> [<replaceable>LINK</replaceable> [<replaceable>SERVER</replaceable>…]]</term> |
154 | <term><command>domain</command> [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</term> | |
155 | <term><command>default-route</command> [<replaceable>LINK</replaceable> [<replaceable>BOOL</replaceable>…]]</term> | |
156 | <term><command>llmnr</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term> | |
157 | <term><command>mdns</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term> | |
158 | <term><command>dnssec</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term> | |
159 | <term><command>dnsovertls</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term> | |
160 | <term><command>nta</command> [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</term> | |
b69f810c | 161 | |
74053ff2 | 162 | <listitem> |
8eb6e6ed ZJS |
163 | <para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS |
164 | settings for network interfaces. These commands may be used to inform | |
165 | <command>systemd-resolved</command> or <command>systemd-networkd</command> about per-interface DNS | |
166 | configuration determined through external means. The <command>dns</command> command expects IPv4 or | |
711dd5db YW |
167 | IPv6 address specifications of DNS servers to use. Each address can optionally take a port number |
168 | separated with <literal>:</literal>, a network interface name or index separated with | |
169 | <literal>%</literal>, and a Server Name Indication (SNI) separated with <literal>#</literal>. When | |
170 | IPv6 address is specified with a port number, then the address must be in the square brackets. That | |
171 | is, the acceptable full formats are <literal>111.222.333.444:9953%ifname#example.com</literal> for | |
172 | IPv4 and <literal>[1111:2222::3333]:9953%ifname#example.com</literal> for IPv6. The | |
173 | <command>domain</command> command expects valid DNS domains, possibly prefixed with | |
174 | <literal>~</literal>, and configures a per-interface search or route-only domain. The | |
175 | <command>default-route</command> command expects a boolean parameter, and configures whether the | |
176 | link may be used as default route for DNS lookups, i.e. if it is suitable for lookups on domains no | |
177 | other link explicitly is configured for. The <command>llmnr</command>, <command>mdns</command>, | |
178 | <command>dnssec</command> and <command>dnsovertls</command> commands may be used to configure the | |
179 | per-interface LLMNR, MulticastDNS, DNSSEC and DNSOverTLS settings. Finally, <command>nta</command> | |
180 | command may be used to configure additional per-interface DNSSEC NTA domains.</para> | |
8eb6e6ed ZJS |
181 | |
182 | <para>Commands <command>dns</command>, <command>domain</command> and <command>nta</command> can take | |
74053ff2 DKG |
183 | a single empty string argument to clear their respective value lists.</para> |
184 | ||
8eb6e6ed ZJS |
185 | <para>For details about these settings, their possible values and their effect, see the |
186 | corresponding settings in | |
74053ff2 | 187 | <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> |
14965b94 LP |
188 | </listitem> |
189 | </varlistentry> | |
190 | ||
191 | <varlistentry> | |
8eb6e6ed | 192 | <term><command>revert <replaceable>LINK</replaceable></command></term> |
b69f810c YW |
193 | |
194 | <listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all | |
8eb6e6ed ZJS |
195 | per-interface DNS setting are reset to their defaults, undoing all effects of <command>dns</command>, |
196 | <command>domain</command>, <command>default-route</command>, <command>llmnr</command>, | |
197 | <command>mdns</command>, <command>dnssec</command>, <command>dnsovertls</command>, | |
198 | <command>nta</command>. Note that when a network interface disappears all configuration is lost | |
199 | automatically, an explicit reverting is not necessary in that case.</para></listitem> | |
14965b94 LP |
200 | </varlistentry> |
201 | ||
fffbf1dc LP |
202 | <varlistentry> |
203 | <term><command>monitor</command></term> | |
204 | ||
64ebc0da | 205 | <listitem><para>Show a continuous stream of local client resolution queries and their |
fffbf1dc LP |
206 | responses. Whenever a local query is completed the query's DNS resource lookup key and resource |
207 | records are shown. Note that this displays queries issued locally only, and does not immediately | |
208 | relate to DNS requests submitted to configured DNS servers or the LLMNR or MulticastDNS zones, as | |
209 | lookups may be answered from the local cache, or might result in multiple DNS transactions (for | |
210 | example to validate DNSSEC information). If CNAME/CNAME redirection chains are followed, a separate | |
211 | query will be displayed for each element of the chain. Use <option>--json=</option> to enable JSON | |
212 | output.</para></listitem> | |
213 | </varlistentry> | |
214 | ||
df957849 | 215 | <xi:include href="systemctl.xml" xpointer="log-level" /> |
624993ac LP |
216 | </variablelist> |
217 | </refsect1> | |
218 | ||
e1fac8a6 ZJS |
219 | <refsect1> |
220 | <title>Options</title> | |
221 | <variablelist> | |
222 | <varlistentry> | |
223 | <term><option>-4</option></term> | |
224 | <term><option>-6</option></term> | |
225 | ||
226 | <listitem><para>By default, when resolving a hostname, both IPv4 and IPv6 | |
227 | addresses are acquired. By specifying <option>-4</option> only IPv4 addresses are requested, by specifying | |
228 | <option>-6</option> only IPv6 addresses are requested.</para> | |
229 | </listitem> | |
230 | </varlistentry> | |
231 | ||
232 | <varlistentry> | |
233 | <term><option>-i</option> <replaceable>INTERFACE</replaceable></term> | |
234 | <term><option>--interface=</option><replaceable>INTERFACE</replaceable></term> | |
235 | ||
236 | <listitem><para>Specifies the network interface to execute the query on. This may either be specified as numeric | |
237 | interface index or as network interface string (e.g. <literal>en0</literal>). Note that this option has no | |
238 | effect if system-wide DNS configuration (as configured in <filename>/etc/resolv.conf</filename> or | |
2d8ce4c7 | 239 | <filename>/etc/systemd/resolved.conf</filename>) in place of per-link configuration is used.</para></listitem> |
e1fac8a6 ZJS |
240 | </varlistentry> |
241 | ||
242 | <varlistentry> | |
243 | <term><option>-p</option> <replaceable>PROTOCOL</replaceable></term> | |
244 | <term><option>--protocol=</option><replaceable>PROTOCOL</replaceable></term> | |
245 | ||
246 | <listitem><para>Specifies the network protocol for the query. May be one of <literal>dns</literal> | |
247 | (i.e. classic unicast DNS), <literal>llmnr</literal> (<ulink | |
248 | url="https://tools.ietf.org/html/rfc4795">Link-Local Multicast Name Resolution</ulink>), | |
249 | <literal>llmnr-ipv4</literal>, <literal>llmnr-ipv6</literal> (LLMNR via the indicated underlying IP | |
250 | protocols), <literal>mdns</literal> (<ulink url="https://www.ietf.org/rfc/rfc6762.txt">Multicast DNS</ulink>), | |
251 | <literal>mdns-ipv4</literal>, <literal>mdns-ipv6</literal> (MDNS via the indicated underlying IP protocols). | |
252 | By default the lookup is done via all protocols suitable for the lookup. If used, limits the set of | |
253 | protocols that may be used. Use this option multiple times to enable resolving via multiple protocols at the | |
254 | same time. The setting <literal>llmnr</literal> is identical to specifying this switch once with | |
255 | <literal>llmnr-ipv4</literal> and once via <literal>llmnr-ipv6</literal>. Note that this option does not force | |
256 | the service to resolve the operation with the specified protocol, as that might require a suitable network | |
257 | interface and configuration. | |
258 | The special value <literal>help</literal> may be used to list known values. | |
259 | </para></listitem> | |
260 | </varlistentry> | |
261 | ||
262 | <varlistentry> | |
263 | <term><option>-t</option> <replaceable>TYPE</replaceable></term> | |
264 | <term><option>--type=</option><replaceable>TYPE</replaceable></term> | |
265 | <term><option>-c</option> <replaceable>CLASS</replaceable></term> | |
266 | <term><option>--class=</option><replaceable>CLASS</replaceable></term> | |
267 | ||
018b642a | 268 | <listitem><para>When used in conjunction with the <command>query</command> command, specifies the DNS |
9a024bf1 ZJS |
269 | resource record type (e.g. <constant class='dns'>A</constant>, <constant class='dns'>AAAA</constant>, |
270 | <constant class='dns'>MX</constant>, …) and class (e.g. <constant>IN</constant>, | |
271 | <constant>ANY</constant>, …) to look up. If these options are used a DNS resource record set matching | |
272 | the specified class and type is requested. The class defaults to <constant>IN</constant> if only a | |
273 | type is specified. The special value <literal>help</literal> may be used to list known values.</para> | |
018b642a LP |
274 | |
275 | <para>Without these options <command>resolvectl query</command> provides high-level domain name to | |
276 | address and address to domain name resolution. With these options it provides low-level DNS resource | |
277 | record resolution. The search domain logic is automatically turned off when these options are used, | |
278 | i.e. specified domain names need to be fully qualified domain names. Moreover, IDNA internal domain | |
279 | name translation is turned off as well, i.e. international domain names should be specified in | |
280 | <literal>xn--…</literal> notation, unless look-up in MulticastDNS/LLMNR is desired, in which case | |
281 | UTF-8 characters should be used.</para></listitem> | |
e1fac8a6 ZJS |
282 | </varlistentry> |
283 | ||
284 | <varlistentry> | |
285 | <term><option>--service-address=</option><replaceable>BOOL</replaceable></term> | |
286 | ||
287 | <listitem><para>Takes a boolean parameter. If true (the default), when doing a service lookup with | |
9a024bf1 ZJS |
288 | <option>--service</option> the hostnames contained in the <constant class='dns'>SRV</constant> |
289 | resource records are resolved as well.</para></listitem> | |
e1fac8a6 ZJS |
290 | </varlistentry> |
291 | ||
292 | <varlistentry> | |
293 | <term><option>--service-txt=</option><replaceable>BOOL</replaceable></term> | |
294 | ||
9a024bf1 ZJS |
295 | <listitem><para>Takes a boolean parameter. If true (the default), when doing a DNS-SD service lookup |
296 | with <option>--service</option> the <constant class='dns'>TXT</constant> service metadata record is | |
297 | resolved as well.</para></listitem> | |
e1fac8a6 ZJS |
298 | </varlistentry> |
299 | ||
300 | <varlistentry> | |
301 | <term><option>--cname=</option><replaceable>BOOL</replaceable></term> | |
302 | ||
9a024bf1 ZJS |
303 | <listitem><para>Takes a boolean parameter. If true (the default), DNS <constant |
304 | class='dns'>CNAME</constant> or <constant class='dns'>DNAME</constant> redirections are | |
e1fac8a6 ZJS |
305 | followed. Otherwise, if a CNAME or DNAME record is encountered while resolving, an error is |
306 | returned.</para></listitem> | |
307 | </varlistentry> | |
308 | ||
d711322c LP |
309 | <varlistentry> |
310 | <term><option>--validate=</option><replaceable>BOOL</replaceable></term> | |
311 | ||
312 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true | |
313 | (the default), DNSSEC validation is applied as usual — under the condition that it is enabled for the | |
314 | network and for <filename>systemd-resolved.service</filename> as a whole. If false, DNSSEC validation | |
315 | is disabled for the specific query, regardless of whether it is enabled for the network or in the | |
316 | service. Note that setting this option to true does not force DNSSEC validation on systems/networks | |
317 | where DNSSEC is turned off. This option is only suitable to turn off such validation where otherwise | |
318 | enabled, not enable validation where otherwise disabled.</para></listitem> | |
319 | </varlistentry> | |
320 | ||
321 | <varlistentry> | |
322 | <term><option>--synthesize=</option><replaceable>BOOL</replaceable></term> | |
323 | ||
324 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true | |
325 | (the default), select domains are resolved on the local system, among them | |
2f166bb7 LP |
326 | <literal>localhost</literal>, <literal>_gateway</literal> and <literal>_outbound</literal>, or |
327 | entries from <filename>/etc/hosts</filename>. If false these domains are not resolved locally, and | |
328 | either fail (in case of <literal>localhost</literal>, <literal>_gateway</literal> or | |
329 | <literal>_outbound</literal> and suchlike) or go to the network via regular DNS/mDNS/LLMNR lookups | |
330 | (in case of <filename>/etc/hosts</filename> entries).</para></listitem> | |
d711322c LP |
331 | </varlistentry> |
332 | ||
333 | <varlistentry> | |
334 | <term><option>--cache=</option><replaceable>BOOL</replaceable></term> | |
335 | ||
336 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true | |
337 | (the default), lookups use the local DNS resource record cache. If false, lookups are routed to the | |
338 | network instead, regardless if already available in the local cache.</para></listitem> | |
339 | </varlistentry> | |
340 | ||
341 | <varlistentry> | |
342 | <term><option>--zone=</option><replaceable>BOOL</replaceable></term> | |
343 | ||
344 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true | |
345 | (the default), lookups are answered from locally registered LLMNR or mDNS resource records, if | |
346 | defined. If false, locally registered LLMNR/mDNS records are not considered for the lookup | |
347 | request.</para></listitem> | |
348 | </varlistentry> | |
349 | ||
350 | <varlistentry> | |
351 | <term><option>--trust-anchor=</option><replaceable>BOOL</replaceable></term> | |
352 | ||
353 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true | |
354 | (the default), lookups for DS and DNSKEY are answered from the local DNSSEC trust anchors if | |
355 | possible. If false, the local trust store is not considered for the lookup request.</para></listitem> | |
356 | </varlistentry> | |
357 | ||
358 | <varlistentry> | |
359 | <term><option>--network=</option><replaceable>BOOL</replaceable></term> | |
360 | ||
361 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true | |
362 | (the default), lookups are answered via DNS, LLMNR or mDNS network requests if they cannot be | |
363 | synthesized locally, or be answered from the local cache, zone or trust anchors (see above). If false, | |
364 | the request is not answered from the network and will thus fail if none of the indicated sources can | |
365 | answer them.</para></listitem> | |
366 | </varlistentry> | |
367 | ||
e1fac8a6 ZJS |
368 | <varlistentry> |
369 | <term><option>--search=</option><replaceable>BOOL</replaceable></term> | |
370 | ||
018b642a LP |
371 | <listitem><para>Takes a boolean parameter. If true (the default), any specified single-label |
372 | hostnames will be searched in the domains configured in the search domain list, if it is | |
373 | non-empty. Otherwise, the search domain logic is disabled. Note that this option has no effect if | |
374 | <option>--type=</option> is used (see above), in which case the search domain logic is | |
375 | unconditionally turned off.</para></listitem> | |
e1fac8a6 ZJS |
376 | </varlistentry> |
377 | ||
378 | <varlistentry> | |
379 | <term><option>--raw</option><optional>=payload|packet</optional></term> | |
380 | ||
381 | <listitem><para>Dump the answer as binary data. If there is no argument or if the argument is | |
382 | <literal>payload</literal>, the payload of the packet is exported. If the argument is | |
383 | <literal>packet</literal>, the whole packet is dumped in wire format, prefixed by | |
384 | length specified as a little-endian 64-bit number. This format allows multiple packets | |
385 | to be dumped and unambiguously parsed.</para></listitem> | |
386 | </varlistentry> | |
387 | ||
388 | <varlistentry> | |
389 | <term><option>--legend=</option><replaceable>BOOL</replaceable></term> | |
390 | ||
391 | <listitem><para>Takes a boolean parameter. If true (the default), column headers and meta information about the | |
392 | query response are shown. Otherwise, this output is suppressed.</para></listitem> | |
393 | </varlistentry> | |
394 | ||
fffbf1dc LP |
395 | <xi:include href="standard-options.xml" xpointer="json" /> |
396 | ||
397 | <varlistentry> | |
398 | <term><option>-j</option></term> | |
399 | ||
400 | <listitem><para>Short for <option>--json=auto</option></para></listitem> | |
401 | </varlistentry> | |
402 | ||
403 | <xi:include href="standard-options.xml" xpointer="no-pager" /> | |
e1fac8a6 ZJS |
404 | <xi:include href="standard-options.xml" xpointer="help" /> |
405 | <xi:include href="standard-options.xml" xpointer="version" /> | |
e1fac8a6 ZJS |
406 | </variablelist> |
407 | </refsect1> | |
408 | ||
2eee2088 | 409 | <refsect1> |
42ecca2e ZJS |
410 | <title>Compatibility with |
411 | <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry></title> | |
2eee2088 | 412 | |
b69f810c YW |
413 | <para><command>resolvectl</command> is a multi-call binary. When invoked as <literal>resolvconf</literal> |
414 | (generally achieved by means of a symbolic link of this name to the <command>resolvectl</command> binary) it | |
42ecca2e ZJS |
415 | is run in a limited |
416 | <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
2eee2088 LP |
417 | compatibility mode. It accepts mostly the same arguments and pushes all data into |
418 | <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
b69f810c | 419 | similar to how <option>dns</option> and <option>domain</option> commands operate. Note that |
2eee2088 | 420 | <command>systemd-resolved.service</command> is the only supported backend, which is different from other |
924ccc35 ZJS |
421 | implementations of this command.</para> |
422 | ||
423 | <para><filename>/etc/resolv.conf</filename> will only be updated with servers added with this command | |
424 | when <filename>/etc/resolv.conf</filename> is a symlink to | |
425 | <filename>/run/systemd/resolve/resolv.conf</filename>, and not a static file. See the discussion of | |
426 | <filename>/etc/resolv.conf</filename> handling in | |
427 | <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
428 | </para> | |
429 | ||
430 | <para>Not all operations supported by other implementations are supported natively. Specifically:</para> | |
2eee2088 LP |
431 | |
432 | <variablelist> | |
433 | <varlistentry> | |
434 | <term><option>-a</option></term> | |
435 | <listitem><para>Registers per-interface DNS configuration data with | |
436 | <command>systemd-resolved</command>. Expects a network interface name as only command line argument. Reads | |
b7a47345 ZJS |
437 | <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>-compatible |
438 | DNS configuration data from its standard input. Relevant fields are <literal>nameserver</literal> and | |
2eee2088 | 439 | <literal>domain</literal>/<literal>search</literal>. This command is mostly identical to invoking |
b7a47345 ZJS |
440 | <command>resolvectl</command> with a combination of <option>dns</option> and <option>domain</option> |
441 | commands.</para></listitem> | |
2eee2088 LP |
442 | </varlistentry> |
443 | ||
444 | <varlistentry> | |
445 | <term><option>-d</option></term> | |
446 | <listitem><para>Unregisters per-interface DNS configuration data with <command>systemd-resolved</command>. This | |
b69f810c | 447 | command is mostly identical to invoking <command>resolvectl revert</command>.</para></listitem> |
2eee2088 LP |
448 | </varlistentry> |
449 | ||
450 | <varlistentry> | |
451 | <term><option>-f</option></term> | |
452 | ||
453 | <listitem><para>When specified <option>-a</option> and <option>-d</option> will not complain about missing | |
454 | network interfaces and will silently execute no operation in that case.</para></listitem> | |
455 | </varlistentry> | |
456 | ||
457 | <varlistentry> | |
458 | <term><option>-x</option></term> | |
459 | ||
460 | <listitem><para>This switch for "exclusive" operation is supported only partially. It is mapped to an | |
461 | additional configured search domain of <literal>~.</literal> — i.e. ensures that DNS traffic is preferably | |
462 | routed to the DNS servers on this interface, unless there are other, more specific domains configured on other | |
463 | interfaces.</para></listitem> | |
464 | </varlistentry> | |
465 | ||
466 | <varlistentry> | |
467 | <term><option>-m</option></term> | |
468 | <term><option>-p</option></term> | |
469 | ||
470 | <listitem><para>These switches are not supported and are silently ignored.</para></listitem> | |
471 | </varlistentry> | |
472 | ||
473 | <varlistentry> | |
474 | <term><option>-u</option></term> | |
475 | <term><option>-I</option></term> | |
476 | <term><option>-i</option></term> | |
477 | <term><option>-l</option></term> | |
478 | <term><option>-R</option></term> | |
479 | <term><option>-r</option></term> | |
480 | <term><option>-v</option></term> | |
481 | <term><option>-V</option></term> | |
482 | <term><option>--enable-updates</option></term> | |
483 | <term><option>--disable-updates</option></term> | |
484 | <term><option>--are-updates-enabled</option></term> | |
485 | ||
486 | <listitem><para>These switches are not supported and the command will fail if used.</para></listitem> | |
487 | </varlistentry> | |
488 | ||
489 | </variablelist> | |
490 | ||
42ecca2e ZJS |
491 | <para>See |
492 | <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
493 | for details on those command line options.</para> | |
2eee2088 LP |
494 | </refsect1> |
495 | ||
624993ac LP |
496 | <refsect1> |
497 | <title>Examples</title> | |
498 | ||
499 | <example> | |
9a024bf1 | 500 | <title>Retrieve the addresses of the <literal>www.0pointer.net</literal> domain (<constant class='dns'>A</constant> and <constant class='dns'>AAAA</constant> resource records)</title> |
624993ac | 501 | |
b088e905 | 502 | <programlisting>$ resolvectl query www.0pointer.net |
edb4843f ZJS |
503 | www.0pointer.net: 2a01:238:43ed:c300:10c3:bcf3:3266:da74 |
504 | 85.214.157.71 | |
505 | ||
506 | -- Information acquired via protocol DNS in 611.6ms. | |
507 | -- Data is authenticated: no | |
508 | </programlisting> | |
624993ac LP |
509 | </example> |
510 | ||
511 | <example> | |
9a024bf1 ZJS |
512 | <title>Retrieve the domain of the <literal>85.214.157.71</literal> IP address |
513 | (<constant class='dns'>PTR</constant> resource record)</title> | |
624993ac | 514 | |
b088e905 | 515 | <programlisting>$ resolvectl query 85.214.157.71 |
edb4843f ZJS |
516 | 85.214.157.71: gardel.0pointer.net |
517 | ||
518 | -- Information acquired via protocol DNS in 1.2997s. | |
519 | -- Data is authenticated: no | |
520 | </programlisting> | |
624993ac LP |
521 | </example> |
522 | ||
523 | <example> | |
9a024bf1 ZJS |
524 | <title>Retrieve the <constant class='dns'>MX</constant> record of the <literal>yahoo.com</literal> |
525 | domain</title> | |
624993ac | 526 | |
b088e905 | 527 | <programlisting>$ resolvectl --legend=no -t MX query yahoo.com |
edb4843f ZJS |
528 | yahoo.com. IN MX 1 mta7.am0.yahoodns.net |
529 | yahoo.com. IN MX 1 mta6.am0.yahoodns.net | |
530 | yahoo.com. IN MX 1 mta5.am0.yahoodns.net | |
531 | </programlisting> | |
624993ac LP |
532 | </example> |
533 | ||
534 | <example> | |
9a024bf1 | 535 | <title>Resolve an <constant class='dns'>SRV</constant> service</title> |
624993ac | 536 | |
b69f810c | 537 | <programlisting>$ resolvectl service _xmpp-server._tcp gmail.com |
edb4843f ZJS |
538 | _xmpp-server._tcp/gmail.com: alt1.xmpp-server.l.google.com:5269 [priority=20, weight=0] |
539 | 173.194.210.125 | |
540 | alt4.xmpp-server.l.google.com:5269 [priority=20, weight=0] | |
541 | 173.194.65.125 | |
1eecafb8 | 542 | … |
edb4843f | 543 | </programlisting> |
624993ac LP |
544 | </example> |
545 | ||
edb4843f | 546 | <example> |
9a024bf1 | 547 | <title>Retrieve a PGP key (<constant class='dns'>OPENPGP</constant> resource record)</title> |
edb4843f | 548 | |
b69f810c | 549 | <programlisting>$ resolvectl openpgp zbyszek@fedoraproject.org |
edb4843f ZJS |
550 | d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproject.org. IN OPENPGPKEY |
551 | mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5soJjlMyf | |
552 | MFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2Cjk3xUwAynCsSs | |
1eecafb8 | 553 | … |
82d1d240 ZJS |
554 | </programlisting> |
555 | </example> | |
556 | ||
557 | <example> | |
9a024bf1 | 558 | <title>Retrieve a TLS key (<constant class='dns'>TLSA</constant> resource record)</title> |
82d1d240 | 559 | |
b69f810c | 560 | <programlisting>$ resolvectl tlsa tcp fedoraproject.org:443 |
236d312b | 561 | _443._tcp.fedoraproject.org IN TLSA 0 0 1 19400be5b7a31fb733917700789d2f0a2471c0c9d506c0e504c06c16d7cb17c0 |
82d1d240 ZJS |
562 | -- Cert. usage: CA constraint |
563 | -- Selector: Full Certificate | |
564 | -- Matching type: SHA-256 | |
edb4843f | 565 | </programlisting> |
9a024bf1 ZJS |
566 | |
567 | <para><literal>tcp</literal> and <literal>:443</literal> are optional and could be skipped.</para> | |
edb4843f | 568 | </example> |
624993ac LP |
569 | </refsect1> |
570 | ||
571 | <refsect1> | |
572 | <title>See Also</title> | |
573 | <para> | |
574 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, | |
14965b94 LP |
575 | <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
576 | <citerefentry><refentrytitle>systemd.dnssd</refentrytitle><manvolnum>5</manvolnum></citerefentry>, | |
2eee2088 LP |
577 | <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
578 | <citerefentry><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
624993ac LP |
579 | </para> |
580 | </refsect1> | |
581 | </refentry> |