]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/resolvectl.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
resolve: fix typo
[thirdparty/systemd.git] / man / resolvectl.xml
CommitLineData
624993ac 1<?xml version='1.0'?>
3a54a157
ZJS		 2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
db9ecf05 4<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
624993ac 5
b69f810c 6<refentry id="resolvectl" conditional='ENABLE_RESOLVE'
624993ac
LP		 7 xmlns:xi="http://www.w3.org/2001/XInclude">
8
9 <refentryinfo>
b69f810c 10 <title>resolvectl</title>
624993ac 11 <productname>systemd</productname>
624993ac
LP		 12 </refentryinfo>
13
14 <refmeta>
b69f810c 15 <refentrytitle>resolvectl</refentrytitle>
624993ac
LP		 16 <manvolnum>1</manvolnum>
17 </refmeta>
18
19 <refnamediv>
b69f810c 20 <refname>resolvectl</refname>
2eee2088
LP		 21 <refname>resolvconf</refname>
22 <refpurpose>Resolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services; introspect and reconfigure the DNS resolver</refpurpose>
624993ac
LP		 23 </refnamediv>
24
25 <refsynopsisdiv>
26 <cmdsynopsis>
b69f810c 27 <command>resolvectl</command>
624993ac 28 <arg choice="opt" rep="repeat">OPTIONS</arg>
b69f810c
YW		 29 <arg choice="req">COMMAND</arg>
30 <arg choice="opt" rep="repeat">NAME</arg>
624993ac 31 </cmdsynopsis>
624993ac
LP		 32 </refsynopsisdiv>
33
34 <refsect1>
35 <title>Description</title>
36
b69f810c 37 <para><command>resolvectl</command> may be used to resolve domain names, IPv4 and IPv6 addresses, DNS resource
624993ac
LP		 38 records and services with the
39 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
40 resolver service. By default, the specified list of parameters will be resolved as hostnames, retrieving their IPv4
1f7eed4c 41 and IPv6 addresses. If the parameters specified are formatted as IPv4 or IPv6 addresses the reverse operation is
624993ac
LP		 42 done, and a hostname is retrieved for the specified addresses.</para>
43
cdfe156a
LP		 44 <para>The program's output contains information about the protocol used for the look-up and on which network
45 interface the data was discovered. It also contains information on whether the information could be
46 authenticated. All data for which local DNSSEC validation succeeds is considered authenticated. Moreover all data
47 originating from local, trusted sources is also reported authenticated, including resolution of the local host
38b38500 48 name, the <literal>localhost</literal> hostname or all data from <filename>/etc/hosts</filename>.</para>
624993ac
LP		 49 </refsect1>
50
b69f810c
YW		 51 <refsect1>
52 <title>Commands</title>
53 <variablelist>
54
55 <varlistentry>
8eb6e6ed 56 <term><command>query</command> <replaceable>HOSTNAME|ADDRESS</replaceable>…</term>
b69f810c 57
b480543c 58 <listitem><para>Resolve domain names, as well as IPv4 and IPv6 addresses. When used in conjunction
018b642a
LP		 59 with <option>--type=</option> or <option>--class=</option> (see below), resolves low-level DNS
60 resource records.</para>
61
62 <para>If a single-label domain name is specified it is searched for according to the configured
63 search domains — unless <option>--search=no</option> or
64 <option>--type=</option>/<option>--class=</option> are specified, both of which turn this logic
65 off.</para>
66
67 <para>If an international domain name is specified, it is automatically translated according to IDNA
68 rules when resolved via classic DNS — but not for look-ups via MulticastDNS or LLMNR. If
69 <option>--type=</option>/<option>--class=</option> is used IDNA translation is turned off and domain
70 names are processed as specified.</para></listitem>
b69f810c
YW		 71 </varlistentry>
72
73 <varlistentry>
8eb6e6ed
ZJS		 74 <term><command>service</command>
75 [[<replaceable>NAME</replaceable>] <replaceable>TYPE</replaceable>]
76 <replaceable>DOMAIN</replaceable></term>
b69f810c 77
9a024bf1
ZJS		 78 <listitem><para>Resolve <ulink url="https://tools.ietf.org/html/rfc6763">DNS-SD</ulink> and <ulink
79 url="https://tools.ietf.org/html/rfc2782">SRV</ulink> services, depending on the specified list of
80 parameters. If three parameters are passed the first is assumed to be the DNS-SD service name, the
81 second the <constant class='dns'>SRV</constant> service type, and the third the domain to search in.
82 In this case a full DNS-SD style <constant class='dns'>SRV</constant> and <constant
83 class='dns'>TXT</constant> lookup is executed. If only two parameters are specified, the first is
84 assumed to be the <constant class='dns'>SRV</constant> service type, and the second the domain to look
85 in. In this case no <constant class='dns'>TXT</constant> resource record is requested. Finally, if
86 only one parameter is specified, it is assumed to be a domain name, that is already prefixed with an
87 <constant class='dns'>SRV</constant> type, and an <constant class='dns'>SRV</constant> lookup is done
88 (no <constant class='dns'>TXT</constant>).</para></listitem>
b69f810c
YW		 89 </varlistentry>
90
91 <varlistentry>
8eb6e6ed 92 <term><command>openpgp</command> <replaceable>EMAIL@DOMAIN</replaceable>…</term>
b69f810c 93
9a024bf1 94 <listitem><para>Query PGP keys stored as <constant class='dns'>OPENPGPKEY</constant> resource records,
857f0e0a 95 see <ulink url="https://tools.ietf.org/html/rfc7929">RFC 7929</ulink>. Specified e-mail addresses
9a024bf1
ZJS		 96 are converted to the corresponding DNS domain name, and any <constant class='dns'>OPENPGPKEY</constant>
97 keys are printed.</para></listitem>
b69f810c
YW		 98 </varlistentry>
99
624993ac 100 <varlistentry>
8eb6e6ed
ZJS		 101 <term><command>tlsa</command>
102 [<replaceable>FAMILY</replaceable>]
103 <replaceable>DOMAIN</replaceable>[:<replaceable>PORT</replaceable>]…</term>
624993ac 104
9a024bf1
ZJS		 105 <listitem><para>Query TLS public keys stored as <constant class='dns'>TLSA</constant> resource
106 records, see <ulink url="https://tools.ietf.org/html/rfc6698">RFC 6698</ulink>. A query will be
107 performed for each of the specified names prefixed with the port and family
b69f810c 108 (<literal>_<replaceable>port</replaceable>._<replaceable>family</replaceable>.<replaceable>domain</replaceable></literal>).
9a024bf1
ZJS		 109 The port number may be specified after a colon (<literal>:</literal>), otherwise
110 <constant>443</constant> will be used by default. The family may be specified as the first argument,
111 otherwise <constant>tcp</constant> will be used.</para></listitem>
b69f810c
YW		 112 </varlistentry>
113
114 <varlistentry>
8eb6e6ed 115 <term><command>status</command> [<replaceable>LINK</replaceable>…]</term>
b69f810c 116
2c520df4 117 <listitem><para>Shows the global and per-link DNS settings currently in effect. If no command is specified,
b69f810c
YW		 118 this is the implied default.</para></listitem>
119 </varlistentry>
120
121 <varlistentry>
8eb6e6ed 122 <term><command>statistics</command></term>
b69f810c
YW		 123
124 <listitem><para>Shows general resolver statistics, including information whether DNSSEC is
624993ac
LP		 125 enabled and available, as well as resolution and validation statistics.</para></listitem>
126 </varlistentry>
127
128 <varlistentry>
8eb6e6ed 129 <term><command>reset-statistics</command></term>
624993ac 130
8eb6e6ed 131 <listitem><para>Resets the statistics counters shown in <command>statistics</command> to zero.
b69f810c 132 This operation requires root privileges.</para></listitem>
624993ac
LP		 133 </varlistentry>
134
ba35662f 135 <varlistentry>
8eb6e6ed 136 <term><command>flush-caches</command></term>
ba35662f 137
9a024bf1
ZJS		 138 <listitem><para>Flushes all DNS resource record caches the service maintains locally. This is mostly
139 equivalent to sending the <constant>SIGUSR2</constant> to the <command>systemd-resolved</command>
d55b0463
LP		 140 service.</para></listitem>
141 </varlistentry>
142
143 <varlistentry>
8eb6e6ed 144 <term><command>reset-server-features</command></term>
d55b0463
LP		 145
146 <listitem><para>Flushes all feature level information the resolver learnt about specific servers, and ensures
147 that the server feature probing logic is started from the beginning with the next look-up request. This is
148 mostly equivalent to sending the <constant>SIGRTMIN+1</constant> to the <command>systemd-resolved</command>
149 service.</para></listitem>
ba35662f
LP		 150 </varlistentry>
151
be371fe0 152 <varlistentry>
8eb6e6ed
ZJS		 153 <term><command>dns</command> [<replaceable>LINK</replaceable> [<replaceable>SERVER</replaceable>…]]</term>
154 <term><command>domain</command> [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</term>
155 <term><command>default-route</command> [<replaceable>LINK</replaceable> [<replaceable>BOOL</replaceable>…]]</term>
156 <term><command>llmnr</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term>
157 <term><command>mdns</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term>
158 <term><command>dnssec</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term>
159 <term><command>dnsovertls</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term>
160 <term><command>nta</command> [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</term>
b69f810c 161
74053ff2 162 <listitem>
8eb6e6ed
ZJS		 163 <para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS
164 settings for network interfaces. These commands may be used to inform
165 <command>systemd-resolved</command> or <command>systemd-networkd</command> about per-interface DNS
166 configuration determined through external means. The <command>dns</command> command expects IPv4 or
711dd5db
YW		 167 IPv6 address specifications of DNS servers to use. Each address can optionally take a port number
168 separated with <literal>:</literal>, a network interface name or index separated with
169 <literal>%</literal>, and a Server Name Indication (SNI) separated with <literal>#</literal>. When
170 IPv6 address is specified with a port number, then the address must be in the square brackets. That
171 is, the acceptable full formats are <literal>111.222.333.444:9953%ifname#example.com</literal> for
172 IPv4 and <literal>[1111:2222::3333]:9953%ifname#example.com</literal> for IPv6. The
173 <command>domain</command> command expects valid DNS domains, possibly prefixed with
174 <literal>~</literal>, and configures a per-interface search or route-only domain. The
175 <command>default-route</command> command expects a boolean parameter, and configures whether the
176 link may be used as default route for DNS lookups, i.e. if it is suitable for lookups on domains no
177 other link explicitly is configured for. The <command>llmnr</command>, <command>mdns</command>,
178 <command>dnssec</command> and <command>dnsovertls</command> commands may be used to configure the
179 per-interface LLMNR, MulticastDNS, DNSSEC and DNSOverTLS settings. Finally, <command>nta</command>
180 command may be used to configure additional per-interface DNSSEC NTA domains.</para>
8eb6e6ed
ZJS		 181
182 <para>Commands <command>dns</command>, <command>domain</command> and <command>nta</command> can take
74053ff2
DKG		 183 a single empty string argument to clear their respective value lists.</para>
184
8eb6e6ed
ZJS		 185 <para>For details about these settings, their possible values and their effect, see the
186 corresponding settings in
74053ff2 187 <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
14965b94
LP		 188 </listitem>
189 </varlistentry>
190
191 <varlistentry>
8eb6e6ed 192 <term><command>revert <replaceable>LINK</replaceable></command></term>
b69f810c
YW		 193
194 <listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all
8eb6e6ed
ZJS		 195 per-interface DNS setting are reset to their defaults, undoing all effects of <command>dns</command>,
196 <command>domain</command>, <command>default-route</command>, <command>llmnr</command>,
197 <command>mdns</command>, <command>dnssec</command>, <command>dnsovertls</command>,
198 <command>nta</command>. Note that when a network interface disappears all configuration is lost
199 automatically, an explicit reverting is not necessary in that case.</para></listitem>
14965b94
LP		 200 </varlistentry>
201
fffbf1dc
LP		 202 <varlistentry>
203 <term><command>monitor</command></term>
204
64ebc0da 205 <listitem><para>Show a continuous stream of local client resolution queries and their
fffbf1dc
LP		 206 responses. Whenever a local query is completed the query's DNS resource lookup key and resource
207 records are shown. Note that this displays queries issued locally only, and does not immediately
208 relate to DNS requests submitted to configured DNS servers or the LLMNR or MulticastDNS zones, as
209 lookups may be answered from the local cache, or might result in multiple DNS transactions (for
210 example to validate DNSSEC information). If CNAME/CNAME redirection chains are followed, a separate
211 query will be displayed for each element of the chain. Use <option>--json=</option> to enable JSON
212 output.</para></listitem>
213 </varlistentry>
214
df957849 215 <xi:include href="systemctl.xml" xpointer="log-level" />
624993ac
LP		 216 </variablelist>
217 </refsect1>
218
e1fac8a6
ZJS		 219 <refsect1>
220 <title>Options</title>
221 <variablelist>
222 <varlistentry>
223 <term><option>-4</option></term>
224 <term><option>-6</option></term>
225
226 <listitem><para>By default, when resolving a hostname, both IPv4 and IPv6
227 addresses are acquired. By specifying <option>-4</option> only IPv4 addresses are requested, by specifying
228 <option>-6</option> only IPv6 addresses are requested.</para>
229 </listitem>
230 </varlistentry>
231
232 <varlistentry>
233 <term><option>-i</option> <replaceable>INTERFACE</replaceable></term>
234 <term><option>--interface=</option><replaceable>INTERFACE</replaceable></term>
235
236 <listitem><para>Specifies the network interface to execute the query on. This may either be specified as numeric
237 interface index or as network interface string (e.g. <literal>en0</literal>). Note that this option has no
238 effect if system-wide DNS configuration (as configured in <filename>/etc/resolv.conf</filename> or
2d8ce4c7 239 <filename>/etc/systemd/resolved.conf</filename>) in place of per-link configuration is used.</para></listitem>
e1fac8a6
ZJS		 240 </varlistentry>
241
242 <varlistentry>
243 <term><option>-p</option> <replaceable>PROTOCOL</replaceable></term>
244 <term><option>--protocol=</option><replaceable>PROTOCOL</replaceable></term>
245
246 <listitem><para>Specifies the network protocol for the query. May be one of <literal>dns</literal>
247 (i.e. classic unicast DNS), <literal>llmnr</literal> (<ulink
248 url="https://tools.ietf.org/html/rfc4795">Link-Local Multicast Name Resolution</ulink>),
249 <literal>llmnr-ipv4</literal>, <literal>llmnr-ipv6</literal> (LLMNR via the indicated underlying IP
250 protocols), <literal>mdns</literal> (<ulink url="https://www.ietf.org/rfc/rfc6762.txt">Multicast DNS</ulink>),
251 <literal>mdns-ipv4</literal>, <literal>mdns-ipv6</literal> (MDNS via the indicated underlying IP protocols).
252 By default the lookup is done via all protocols suitable for the lookup. If used, limits the set of
253 protocols that may be used. Use this option multiple times to enable resolving via multiple protocols at the
254 same time. The setting <literal>llmnr</literal> is identical to specifying this switch once with
255 <literal>llmnr-ipv4</literal> and once via <literal>llmnr-ipv6</literal>. Note that this option does not force
256 the service to resolve the operation with the specified protocol, as that might require a suitable network
257 interface and configuration.
258 The special value <literal>help</literal> may be used to list known values.
259 </para></listitem>
260 </varlistentry>
261
262 <varlistentry>
263 <term><option>-t</option> <replaceable>TYPE</replaceable></term>
264 <term><option>--type=</option><replaceable>TYPE</replaceable></term>
265 <term><option>-c</option> <replaceable>CLASS</replaceable></term>
266 <term><option>--class=</option><replaceable>CLASS</replaceable></term>
267
018b642a 268 <listitem><para>When used in conjunction with the <command>query</command> command, specifies the DNS
9a024bf1
ZJS		 269 resource record type (e.g. <constant class='dns'>A</constant>, <constant class='dns'>AAAA</constant>,
270 <constant class='dns'>MX</constant>, …) and class (e.g. <constant>IN</constant>,
271 <constant>ANY</constant>, …) to look up. If these options are used a DNS resource record set matching
272 the specified class and type is requested. The class defaults to <constant>IN</constant> if only a
273 type is specified. The special value <literal>help</literal> may be used to list known values.</para>
018b642a
LP		 274
275 <para>Without these options <command>resolvectl query</command> provides high-level domain name to
276 address and address to domain name resolution. With these options it provides low-level DNS resource
277 record resolution. The search domain logic is automatically turned off when these options are used,
278 i.e. specified domain names need to be fully qualified domain names. Moreover, IDNA internal domain
279 name translation is turned off as well, i.e. international domain names should be specified in
280 <literal>xn--…</literal> notation, unless look-up in MulticastDNS/LLMNR is desired, in which case
281 UTF-8 characters should be used.</para></listitem>
e1fac8a6
ZJS		 282 </varlistentry>
283
284 <varlistentry>
285 <term><option>--service-address=</option><replaceable>BOOL</replaceable></term>
286
287 <listitem><para>Takes a boolean parameter. If true (the default), when doing a service lookup with
9a024bf1
ZJS		 288 <option>--service</option> the hostnames contained in the <constant class='dns'>SRV</constant>
289 resource records are resolved as well.</para></listitem>
e1fac8a6
ZJS		 290 </varlistentry>
291
292 <varlistentry>
293 <term><option>--service-txt=</option><replaceable>BOOL</replaceable></term>
294
9a024bf1
ZJS		 295 <listitem><para>Takes a boolean parameter. If true (the default), when doing a DNS-SD service lookup
296 with <option>--service</option> the <constant class='dns'>TXT</constant> service metadata record is
297 resolved as well.</para></listitem>
e1fac8a6
ZJS		 298 </varlistentry>
299
300 <varlistentry>
301 <term><option>--cname=</option><replaceable>BOOL</replaceable></term>
302
9a024bf1
ZJS		 303 <listitem><para>Takes a boolean parameter. If true (the default), DNS <constant
304 class='dns'>CNAME</constant> or <constant class='dns'>DNAME</constant> redirections are
e1fac8a6
ZJS		 305 followed. Otherwise, if a CNAME or DNAME record is encountered while resolving, an error is
306 returned.</para></listitem>
307 </varlistentry>
308
d711322c
LP		 309 <varlistentry>
310 <term><option>--validate=</option><replaceable>BOOL</replaceable></term>
311
312 <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
313 (the default), DNSSEC validation is applied as usual — under the condition that it is enabled for the
314 network and for <filename>systemd-resolved.service</filename> as a whole. If false, DNSSEC validation
315 is disabled for the specific query, regardless of whether it is enabled for the network or in the
316 service. Note that setting this option to true does not force DNSSEC validation on systems/networks
317 where DNSSEC is turned off. This option is only suitable to turn off such validation where otherwise
318 enabled, not enable validation where otherwise disabled.</para></listitem>
319 </varlistentry>
320
321 <varlistentry>
322 <term><option>--synthesize=</option><replaceable>BOOL</replaceable></term>
323
324 <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
325 (the default), select domains are resolved on the local system, among them
2f166bb7
LP		 326 <literal>localhost</literal>, <literal>_gateway</literal> and <literal>_outbound</literal>, or
327 entries from <filename>/etc/hosts</filename>. If false these domains are not resolved locally, and
328 either fail (in case of <literal>localhost</literal>, <literal>_gateway</literal> or
329 <literal>_outbound</literal> and suchlike) or go to the network via regular DNS/mDNS/LLMNR lookups
330 (in case of <filename>/etc/hosts</filename> entries).</para></listitem>
d711322c
LP		 331 </varlistentry>
332
333 <varlistentry>
334 <term><option>--cache=</option><replaceable>BOOL</replaceable></term>
335
336 <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
337 (the default), lookups use the local DNS resource record cache. If false, lookups are routed to the
338 network instead, regardless if already available in the local cache.</para></listitem>
339 </varlistentry>
340
341 <varlistentry>
342 <term><option>--zone=</option><replaceable>BOOL</replaceable></term>
343
344 <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
345 (the default), lookups are answered from locally registered LLMNR or mDNS resource records, if
346 defined. If false, locally registered LLMNR/mDNS records are not considered for the lookup
347 request.</para></listitem>
348 </varlistentry>
349
350 <varlistentry>
351 <term><option>--trust-anchor=</option><replaceable>BOOL</replaceable></term>
352
353 <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
354 (the default), lookups for DS and DNSKEY are answered from the local DNSSEC trust anchors if
355 possible. If false, the local trust store is not considered for the lookup request.</para></listitem>
356 </varlistentry>
357
358 <varlistentry>
359 <term><option>--network=</option><replaceable>BOOL</replaceable></term>
360
361 <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
362 (the default), lookups are answered via DNS, LLMNR or mDNS network requests if they cannot be
363 synthesized locally, or be answered from the local cache, zone or trust anchors (see above). If false,
364 the request is not answered from the network and will thus fail if none of the indicated sources can
365 answer them.</para></listitem>
366 </varlistentry>
367
e1fac8a6
ZJS		 368 <varlistentry>
369 <term><option>--search=</option><replaceable>BOOL</replaceable></term>
370
018b642a
LP		 371 <listitem><para>Takes a boolean parameter. If true (the default), any specified single-label
372 hostnames will be searched in the domains configured in the search domain list, if it is
373 non-empty. Otherwise, the search domain logic is disabled. Note that this option has no effect if
374 <option>--type=</option> is used (see above), in which case the search domain logic is
375 unconditionally turned off.</para></listitem>
e1fac8a6
ZJS		 376 </varlistentry>
377
378 <varlistentry>
379 <term><option>--raw</option><optional>=payload|packet</optional></term>
380
381 <listitem><para>Dump the answer as binary data. If there is no argument or if the argument is
382 <literal>payload</literal>, the payload of the packet is exported. If the argument is
383 <literal>packet</literal>, the whole packet is dumped in wire format, prefixed by
384 length specified as a little-endian 64-bit number. This format allows multiple packets
385 to be dumped and unambiguously parsed.</para></listitem>
386 </varlistentry>
387
388 <varlistentry>
389 <term><option>--legend=</option><replaceable>BOOL</replaceable></term>
390
391 <listitem><para>Takes a boolean parameter. If true (the default), column headers and meta information about the
392 query response are shown. Otherwise, this output is suppressed.</para></listitem>
393 </varlistentry>
394
fffbf1dc
LP		 395 <xi:include href="standard-options.xml" xpointer="json" />
396
397 <varlistentry>
398 <term><option>-j</option></term>
399
400 <listitem><para>Short for <option>--json=auto</option></para></listitem>
401 </varlistentry>
402
403 <xi:include href="standard-options.xml" xpointer="no-pager" />
e1fac8a6
ZJS		 404 <xi:include href="standard-options.xml" xpointer="help" />
405 <xi:include href="standard-options.xml" xpointer="version" />
e1fac8a6
ZJS		 406 </variablelist>
407 </refsect1>
408
2eee2088 409 <refsect1>
42ecca2e
ZJS		 410 <title>Compatibility with
411 <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry></title>
2eee2088 412
b69f810c
YW		 413 <para><command>resolvectl</command> is a multi-call binary. When invoked as <literal>resolvconf</literal>
414 (generally achieved by means of a symbolic link of this name to the <command>resolvectl</command> binary) it
42ecca2e
ZJS		 415 is run in a limited
416 <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry>
2eee2088
LP		 417 compatibility mode. It accepts mostly the same arguments and pushes all data into
418 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
b69f810c 419 similar to how <option>dns</option> and <option>domain</option> commands operate. Note that
2eee2088 420 <command>systemd-resolved.service</command> is the only supported backend, which is different from other
924ccc35
ZJS		 421 implementations of this command.</para>
422
423 <para><filename>/etc/resolv.conf</filename> will only be updated with servers added with this command
424 when <filename>/etc/resolv.conf</filename> is a symlink to
425 <filename>/run/systemd/resolve/resolv.conf</filename>, and not a static file. See the discussion of
426 <filename>/etc/resolv.conf</filename> handling in
427 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
428 </para>
429
430 <para>Not all operations supported by other implementations are supported natively. Specifically:</para>
2eee2088
LP		 431
432 <variablelist>
433 <varlistentry>
434 <term><option>-a</option></term>
435 <listitem><para>Registers per-interface DNS configuration data with
436 <command>systemd-resolved</command>. Expects a network interface name as only command line argument. Reads
b7a47345
ZJS		 437 <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>-compatible
438 DNS configuration data from its standard input. Relevant fields are <literal>nameserver</literal> and
2eee2088 439 <literal>domain</literal>/<literal>search</literal>. This command is mostly identical to invoking
b7a47345
ZJS		 440 <command>resolvectl</command> with a combination of <option>dns</option> and <option>domain</option>
441 commands.</para></listitem>
2eee2088
LP		 442 </varlistentry>
443
444 <varlistentry>
445 <term><option>-d</option></term>
446 <listitem><para>Unregisters per-interface DNS configuration data with <command>systemd-resolved</command>. This
b69f810c 447 command is mostly identical to invoking <command>resolvectl revert</command>.</para></listitem>
2eee2088
LP		 448 </varlistentry>
449
450 <varlistentry>
451 <term><option>-f</option></term>
452
453 <listitem><para>When specified <option>-a</option> and <option>-d</option> will not complain about missing
454 network interfaces and will silently execute no operation in that case.</para></listitem>
455 </varlistentry>
456
457 <varlistentry>
458 <term><option>-x</option></term>
459
460 <listitem><para>This switch for "exclusive" operation is supported only partially. It is mapped to an
461 additional configured search domain of <literal>~.</literal> — i.e. ensures that DNS traffic is preferably
462 routed to the DNS servers on this interface, unless there are other, more specific domains configured on other
463 interfaces.</para></listitem>
464 </varlistentry>
465
466 <varlistentry>
467 <term><option>-m</option></term>
468 <term><option>-p</option></term>
469
470 <listitem><para>These switches are not supported and are silently ignored.</para></listitem>
471 </varlistentry>
472
473 <varlistentry>
474 <term><option>-u</option></term>
475 <term><option>-I</option></term>
476 <term><option>-i</option></term>
477 <term><option>-l</option></term>
478 <term><option>-R</option></term>
479 <term><option>-r</option></term>
480 <term><option>-v</option></term>
481 <term><option>-V</option></term>
482 <term><option>--enable-updates</option></term>
483 <term><option>--disable-updates</option></term>
484 <term><option>--are-updates-enabled</option></term>
485
486 <listitem><para>These switches are not supported and the command will fail if used.</para></listitem>
487 </varlistentry>
488
489 </variablelist>
490
42ecca2e
ZJS		 491 <para>See
492 <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry>
493 for details on those command line options.</para>
2eee2088
LP		 494 </refsect1>
495
624993ac
LP		 496 <refsect1>
497 <title>Examples</title>
498
499 <example>
9a024bf1 500 <title>Retrieve the addresses of the <literal>www.0pointer.net</literal> domain (<constant class='dns'>A</constant> and <constant class='dns'>AAAA</constant> resource records)</title>
624993ac 501
b088e905 502 <programlisting>$ resolvectl query www.0pointer.net
edb4843f
ZJS		 503www.0pointer.net: 2a01:238:43ed:c300:10c3:bcf3:3266:da74
504 85.214.157.71
505
506-- Information acquired via protocol DNS in 611.6ms.
507-- Data is authenticated: no
508</programlisting>
624993ac
LP		 509 </example>
510
511 <example>
9a024bf1
ZJS		 512 <title>Retrieve the domain of the <literal>85.214.157.71</literal> IP address
513 (<constant class='dns'>PTR</constant> resource record)</title>
624993ac 514
b088e905 515 <programlisting>$ resolvectl query 85.214.157.71
edb4843f
ZJS		 51685.214.157.71: gardel.0pointer.net
517
518-- Information acquired via protocol DNS in 1.2997s.
519-- Data is authenticated: no
520</programlisting>
624993ac
LP		 521 </example>
522
523 <example>
9a024bf1
ZJS		 524 <title>Retrieve the <constant class='dns'>MX</constant> record of the <literal>yahoo.com</literal>
525 domain</title>
624993ac 526
b088e905 527 <programlisting>$ resolvectl --legend=no -t MX query yahoo.com
edb4843f
ZJS		 528yahoo.com. IN MX 1 mta7.am0.yahoodns.net
529yahoo.com. IN MX 1 mta6.am0.yahoodns.net
530yahoo.com. IN MX 1 mta5.am0.yahoodns.net
531</programlisting>
624993ac
LP		 532 </example>
533
534 <example>
9a024bf1 535 <title>Resolve an <constant class='dns'>SRV</constant> service</title>
624993ac 536
b69f810c 537 <programlisting>$ resolvectl service _xmpp-server._tcp gmail.com
edb4843f
ZJS		 538_xmpp-server._tcp/gmail.com: alt1.xmpp-server.l.google.com:5269 [priority=20, weight=0]
539 173.194.210.125
540 alt4.xmpp-server.l.google.com:5269 [priority=20, weight=0]
541 173.194.65.125
1eecafb8 542
edb4843f 543</programlisting>
624993ac
LP		 544 </example>
545
edb4843f 546 <example>
9a024bf1 547 <title>Retrieve a PGP key (<constant class='dns'>OPENPGP</constant> resource record)</title>
edb4843f 548
b69f810c 549 <programlisting>$ resolvectl openpgp zbyszek@fedoraproject.org
edb4843f
ZJS		 550d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproject.org. IN OPENPGPKEY
551 mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5soJjlMyf
552 MFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2Cjk3xUwAynCsSs
1eecafb8 553
82d1d240
ZJS		 554</programlisting>
555 </example>
556
557 <example>
9a024bf1 558 <title>Retrieve a TLS key (<constant class='dns'>TLSA</constant> resource record)</title>
82d1d240 559
b69f810c 560 <programlisting>$ resolvectl tlsa tcp fedoraproject.org:443
236d312b 561_443._tcp.fedoraproject.org IN TLSA 0 0 1 19400be5b7a31fb733917700789d2f0a2471c0c9d506c0e504c06c16d7cb17c0
82d1d240
ZJS		 562 -- Cert. usage: CA constraint
563 -- Selector: Full Certificate
564 -- Matching type: SHA-256
edb4843f 565</programlisting>
9a024bf1
ZJS		 566
567 <para><literal>tcp</literal> and <literal>:443</literal> are optional and could be skipped.</para>
edb4843f 568 </example>
624993ac
LP		 569 </refsect1>
570
571 <refsect1>
572 <title>See Also</title>
573 <para>
574 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
14965b94
LP		 575 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
576 <citerefentry><refentrytitle>systemd.dnssd</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
2eee2088
LP		 577 <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
578 <citerefentry><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry>
624993ac
LP		 579 </para>
580 </refsect1>
581</refentry>
Unnamed repository; edit this file 'description' to name the repository.