2 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4 <!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
6 <refentry id=
"resolvectl" conditional='ENABLE_RESOLVE'
7 xmlns:
xi=
"http://www.w3.org/2001/XInclude">
10 <title>resolvectl
</title>
11 <productname>systemd
</productname>
15 <refentrytitle>resolvectl
</refentrytitle>
16 <manvolnum>1</manvolnum>
20 <refname>resolvectl
</refname>
21 <refname>resolvconf
</refname>
22 <refpurpose>Resolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services; introspect and reconfigure the DNS resolver
</refpurpose>
27 <command>resolvectl
</command>
28 <arg choice=
"opt" rep=
"repeat">OPTIONS
</arg>
29 <arg choice=
"req">COMMAND
</arg>
30 <arg choice=
"opt" rep=
"repeat">NAME
</arg>
35 <title>Description
</title>
37 <para><command>resolvectl
</command> may be used to resolve domain names, IPv4 and IPv6 addresses, DNS resource
38 records and services with the
39 <citerefentry><refentrytitle>systemd-resolved.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
40 resolver service. By default, the specified list of parameters will be resolved as hostnames, retrieving their IPv4
41 and IPv6 addresses. If the parameters specified are formatted as IPv4 or IPv6 addresses the reverse operation is
42 done, and a hostname is retrieved for the specified addresses.
</para>
44 <para>The program's output contains information about the protocol used for the look-up and on which network
45 interface the data was discovered. It also contains information on whether the information could be
46 authenticated. All data for which local DNSSEC validation succeeds is considered authenticated. Moreover all data
47 originating from local, trusted sources is also reported authenticated, including resolution of the local host
48 name, the
<literal>localhost
</literal> hostname or all data from
<filename>/etc/hosts
</filename>.
</para>
52 <title>Commands
</title>
56 <term><command>query
</command> <replaceable>HOSTNAME|ADDRESS
</replaceable>…
</term>
58 <listitem><para>Resolve domain names, as well as IPv4 and IPv6 addresses. When used in conjunction
59 with
<option>--type=
</option> or
<option>--class=
</option> (see below), resolves low-level DNS
60 resource records.
</para>
62 <para>If a single-label domain name is specified it is searched for according to the configured
63 search domains — unless
<option>--search=no
</option> or
64 <option>--type=
</option>/
<option>--class=
</option> are specified, both of which turn this logic
67 <para>If an international domain name is specified, it is automatically translated according to IDNA
68 rules when resolved via classic DNS — but not for look-ups via MulticastDNS or LLMNR. If
69 <option>--type=
</option>/
<option>--class=
</option> is used IDNA translation is turned off and domain
70 names are processed as specified.
</para></listitem>
74 <term><command>service
</command>
75 [[
<replaceable>NAME
</replaceable>]
<replaceable>TYPE
</replaceable>]
76 <replaceable>DOMAIN
</replaceable></term>
78 <listitem><para>Resolve
<ulink url=
"https://tools.ietf.org/html/rfc6763">DNS-SD
</ulink> and
<ulink
79 url=
"https://tools.ietf.org/html/rfc2782">SRV
</ulink> services, depending on the specified list of
80 parameters. If three parameters are passed the first is assumed to be the DNS-SD service name, the
81 second the
<constant class='dns'
>SRV
</constant> service type, and the third the domain to search in.
82 In this case a full DNS-SD style
<constant class='dns'
>SRV
</constant> and
<constant
83 class='dns'
>TXT
</constant> lookup is executed. If only two parameters are specified, the first is
84 assumed to be the
<constant class='dns'
>SRV
</constant> service type, and the second the domain to look
85 in. In this case no
<constant class='dns'
>TXT
</constant> resource record is requested. Finally, if
86 only one parameter is specified, it is assumed to be a domain name, that is already prefixed with an
87 <constant class='dns'
>SRV
</constant> type, and an
<constant class='dns'
>SRV
</constant> lookup is done
88 (no
<constant class='dns'
>TXT
</constant>).
</para></listitem>
92 <term><command>openpgp
</command> <replaceable>EMAIL@DOMAIN
</replaceable>…
</term>
94 <listitem><para>Query PGP keys stored as
<constant class='dns'
>OPENPGPKEY
</constant> resource records,
95 see
<ulink url=
"https://tools.ietf.org/html/rfc7929">RFC
7929</ulink>. Specified e-mail addresses
96 are converted to the corresponding DNS domain name, and any
<constant class='dns'
>OPENPGPKEY
</constant>
97 keys are printed.
</para></listitem>
101 <term><command>tlsa
</command>
102 [
<replaceable>FAMILY
</replaceable>]
103 <replaceable>DOMAIN
</replaceable>[:
<replaceable>PORT
</replaceable>]…
</term>
105 <listitem><para>Query TLS public keys stored as
<constant class='dns'
>TLSA
</constant> resource
106 records, see
<ulink url=
"https://tools.ietf.org/html/rfc6698">RFC
6698</ulink>. A query will be
107 performed for each of the specified names prefixed with the port and family
108 (
<literal>_
<replaceable>port
</replaceable>._
<replaceable>family
</replaceable>.
<replaceable>domain
</replaceable></literal>).
109 The port number may be specified after a colon (
<literal>:
</literal>), otherwise
110 <constant>443</constant> will be used by default. The family may be specified as the first argument,
111 otherwise
<constant>tcp
</constant> will be used.
</para></listitem>
115 <term><command>status
</command> [
<replaceable>LINK
</replaceable>…]
</term>
117 <listitem><para>Shows the global and per-link DNS settings currently in effect. If no command is specified,
118 this is the implied default.
</para></listitem>
122 <term><command>statistics
</command></term>
124 <listitem><para>Shows general resolver statistics, including information whether DNSSEC is
125 enabled and available, as well as resolution and validation statistics.
</para></listitem>
129 <term><command>reset-statistics
</command></term>
131 <listitem><para>Resets the statistics counters shown in
<command>statistics
</command> to zero.
132 This operation requires root privileges.
</para></listitem>
136 <term><command>flush-caches
</command></term>
138 <listitem><para>Flushes all DNS resource record caches the service maintains locally. This is mostly
139 equivalent to sending the
<constant>SIGUSR2
</constant> to the
<command>systemd-resolved
</command>
140 service.
</para></listitem>
144 <term><command>reset-server-features
</command></term>
146 <listitem><para>Flushes all feature level information the resolver learnt about specific servers, and ensures
147 that the server feature probing logic is started from the beginning with the next look-up request. This is
148 mostly equivalent to sending the
<constant>SIGRTMIN+
1</constant> to the
<command>systemd-resolved
</command>
149 service.
</para></listitem>
153 <term><command>dns
</command> [
<replaceable>LINK
</replaceable> [
<replaceable>SERVER
</replaceable>…]]
</term>
154 <term><command>domain
</command> [
<replaceable>LINK
</replaceable> [
<replaceable>DOMAIN
</replaceable>…]]
</term>
155 <term><command>default-route
</command> [
<replaceable>LINK
</replaceable> [
<replaceable>BOOL
</replaceable>…]]
</term>
156 <term><command>llmnr
</command> [
<replaceable>LINK
</replaceable> [
<replaceable>MODE
</replaceable>]]
</term>
157 <term><command>mdns
</command> [
<replaceable>LINK
</replaceable> [
<replaceable>MODE
</replaceable>]]
</term>
158 <term><command>dnssec
</command> [
<replaceable>LINK
</replaceable> [
<replaceable>MODE
</replaceable>]]
</term>
159 <term><command>dnsovertls
</command> [
<replaceable>LINK
</replaceable> [
<replaceable>MODE
</replaceable>]]
</term>
160 <term><command>nta
</command> [
<replaceable>LINK
</replaceable> [
<replaceable>DOMAIN
</replaceable>…]]
</term>
163 <para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS
164 settings for network interfaces. These commands may be used to inform
165 <command>systemd-resolved
</command> or
<command>systemd-networkd
</command> about per-interface DNS
166 configuration determined through external means. The
<command>dns
</command> command expects IPv4 or
167 IPv6 address specifications of DNS servers to use. Each address can optionally take a port number
168 separated with
<literal>:
</literal>, a network interface name or index separated with
169 <literal>%
</literal>, and a Server Name Indication (SNI) separated with
<literal>#
</literal>. When
170 IPv6 address is specified with a port number, then the address must be in the square brackets. That
171 is, the acceptable full formats are
<literal>111.222.333.444:
9953%ifname#example.com
</literal> for
172 IPv4 and
<literal>[
1111:
2222::
3333]:
9953%ifname#example.com
</literal> for IPv6. The
173 <command>domain
</command> command expects valid DNS domains, possibly prefixed with
174 <literal>~
</literal>, and configures a per-interface search or route-only domain. The
175 <command>default-route
</command> command expects a boolean parameter, and configures whether the
176 link may be used as default route for DNS lookups, i.e. if it is suitable for lookups on domains no
177 other link explicitly is configured for. The
<command>llmnr
</command>,
<command>mdns
</command>,
178 <command>dnssec
</command> and
<command>dnsovertls
</command> commands may be used to configure the
179 per-interface LLMNR, MulticastDNS, DNSSEC and DNSOverTLS settings. Finally,
<command>nta
</command>
180 command may be used to configure additional per-interface DNSSEC NTA domains.
</para>
182 <para>Commands
<command>dns
</command>,
<command>domain
</command> and
<command>nta
</command> can take
183 a single empty string argument to clear their respective value lists.
</para>
185 <para>For details about these settings, their possible values and their effect, see the
186 corresponding settings in
187 <citerefentry><refentrytitle>systemd.network
</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para>
192 <term><command>revert
<replaceable>LINK
</replaceable></command></term>
194 <listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all
195 per-interface DNS setting are reset to their defaults, undoing all effects of
<command>dns
</command>,
196 <command>domain
</command>,
<command>default-route
</command>,
<command>llmnr
</command>,
197 <command>mdns
</command>,
<command>dnssec
</command>,
<command>dnsovertls
</command>,
198 <command>nta
</command>. Note that when a network interface disappears all configuration is lost
199 automatically, an explicit reverting is not necessary in that case.
</para></listitem>
203 <term><command>monitor
</command></term>
205 <listitem><para>Show a continuous stream of local client resolution queries and their
206 responses. Whenever a local query is completed the query's DNS resource lookup key and resource
207 records are shown. Note that this displays queries issued locally only, and does not immediately
208 relate to DNS requests submitted to configured DNS servers or the LLMNR or MulticastDNS zones, as
209 lookups may be answered from the local cache, or might result in multiple DNS transactions (for
210 example to validate DNSSEC information). If CNAME/CNAME redirection chains are followed, a separate
211 query will be displayed for each element of the chain. Use
<option>--json=
</option> to enable JSON
212 output.
</para></listitem>
215 <xi:include href=
"systemctl.xml" xpointer=
"log-level" />
220 <title>Options
</title>
223 <term><option>-
4</option></term>
224 <term><option>-
6</option></term>
226 <listitem><para>By default, when resolving a hostname, both IPv4 and IPv6
227 addresses are acquired. By specifying
<option>-
4</option> only IPv4 addresses are requested, by specifying
228 <option>-
6</option> only IPv6 addresses are requested.
</para>
233 <term><option>-i
</option> <replaceable>INTERFACE
</replaceable></term>
234 <term><option>--interface=
</option><replaceable>INTERFACE
</replaceable></term>
236 <listitem><para>Specifies the network interface to execute the query on. This may either be specified as numeric
237 interface index or as network interface string (e.g.
<literal>en0
</literal>). Note that this option has no
238 effect if system-wide DNS configuration (as configured in
<filename>/etc/resolv.conf
</filename> or
239 <filename>/etc/systemd/resolved.conf
</filename>) in place of per-link configuration is used.
</para></listitem>
243 <term><option>-p
</option> <replaceable>PROTOCOL
</replaceable></term>
244 <term><option>--protocol=
</option><replaceable>PROTOCOL
</replaceable></term>
246 <listitem><para>Specifies the network protocol for the query. May be one of
<literal>dns
</literal>
247 (i.e. classic unicast DNS),
<literal>llmnr
</literal> (
<ulink
248 url=
"https://tools.ietf.org/html/rfc4795">Link-Local Multicast Name Resolution
</ulink>),
249 <literal>llmnr-ipv4
</literal>,
<literal>llmnr-ipv6
</literal> (LLMNR via the indicated underlying IP
250 protocols),
<literal>mdns
</literal> (
<ulink url=
"https://www.ietf.org/rfc/rfc6762.txt">Multicast DNS
</ulink>),
251 <literal>mdns-ipv4
</literal>,
<literal>mdns-ipv6
</literal> (MDNS via the indicated underlying IP protocols).
252 By default the lookup is done via all protocols suitable for the lookup. If used, limits the set of
253 protocols that may be used. Use this option multiple times to enable resolving via multiple protocols at the
254 same time. The setting
<literal>llmnr
</literal> is identical to specifying this switch once with
255 <literal>llmnr-ipv4
</literal> and once via
<literal>llmnr-ipv6
</literal>. Note that this option does not force
256 the service to resolve the operation with the specified protocol, as that might require a suitable network
257 interface and configuration.
258 The special value
<literal>help
</literal> may be used to list known values.
263 <term><option>-t
</option> <replaceable>TYPE
</replaceable></term>
264 <term><option>--type=
</option><replaceable>TYPE
</replaceable></term>
265 <term><option>-c
</option> <replaceable>CLASS
</replaceable></term>
266 <term><option>--class=
</option><replaceable>CLASS
</replaceable></term>
268 <listitem><para>When used in conjunction with the
<command>query
</command> command, specifies the DNS
269 resource record type (e.g.
<constant class='dns'
>A
</constant>,
<constant class='dns'
>AAAA
</constant>,
270 <constant class='dns'
>MX
</constant>, …) and class (e.g.
<constant>IN
</constant>,
271 <constant>ANY
</constant>, …) to look up. If these options are used a DNS resource record set matching
272 the specified class and type is requested. The class defaults to
<constant>IN
</constant> if only a
273 type is specified. The special value
<literal>help
</literal> may be used to list known values.
</para>
275 <para>Without these options
<command>resolvectl query
</command> provides high-level domain name to
276 address and address to domain name resolution. With these options it provides low-level DNS resource
277 record resolution. The search domain logic is automatically turned off when these options are used,
278 i.e. specified domain names need to be fully qualified domain names. Moreover, IDNA internal domain
279 name translation is turned off as well, i.e. international domain names should be specified in
280 <literal>xn--…
</literal> notation, unless look-up in MulticastDNS/LLMNR is desired, in which case
281 UTF-
8 characters should be used.
</para></listitem>
285 <term><option>--service-address=
</option><replaceable>BOOL
</replaceable></term>
287 <listitem><para>Takes a boolean parameter. If true (the default), when doing a service lookup with
288 <option>--service
</option> the hostnames contained in the
<constant class='dns'
>SRV
</constant>
289 resource records are resolved as well.
</para></listitem>
293 <term><option>--service-txt=
</option><replaceable>BOOL
</replaceable></term>
295 <listitem><para>Takes a boolean parameter. If true (the default), when doing a DNS-SD service lookup
296 with
<option>--service
</option> the
<constant class='dns'
>TXT
</constant> service metadata record is
297 resolved as well.
</para></listitem>
301 <term><option>--cname=
</option><replaceable>BOOL
</replaceable></term>
303 <listitem><para>Takes a boolean parameter. If true (the default), DNS
<constant
304 class='dns'
>CNAME
</constant> or
<constant class='dns'
>DNAME
</constant> redirections are
305 followed. Otherwise, if a CNAME or DNAME record is encountered while resolving, an error is
306 returned.
</para></listitem>
310 <term><option>--validate=
</option><replaceable>BOOL
</replaceable></term>
312 <listitem><para>Takes a boolean parameter; used in conjunction with
<command>query
</command>. If true
313 (the default), DNSSEC validation is applied as usual — under the condition that it is enabled for the
314 network and for
<filename>systemd-resolved.service
</filename> as a whole. If false, DNSSEC validation
315 is disabled for the specific query, regardless of whether it is enabled for the network or in the
316 service. Note that setting this option to true does not force DNSSEC validation on systems/networks
317 where DNSSEC is turned off. This option is only suitable to turn off such validation where otherwise
318 enabled, not enable validation where otherwise disabled.
</para></listitem>
322 <term><option>--synthesize=
</option><replaceable>BOOL
</replaceable></term>
324 <listitem><para>Takes a boolean parameter; used in conjunction with
<command>query
</command>. If true
325 (the default), select domains are resolved on the local system, among them
326 <literal>localhost
</literal>,
<literal>_gateway
</literal> and
<literal>_outbound
</literal>, or
327 entries from
<filename>/etc/hosts
</filename>. If false these domains are not resolved locally, and
328 either fail (in case of
<literal>localhost
</literal>,
<literal>_gateway
</literal> or
329 <literal>_outbound
</literal> and suchlike) or go to the network via regular DNS/mDNS/LLMNR lookups
330 (in case of
<filename>/etc/hosts
</filename> entries).
</para></listitem>
334 <term><option>--cache=
</option><replaceable>BOOL
</replaceable></term>
336 <listitem><para>Takes a boolean parameter; used in conjunction with
<command>query
</command>. If true
337 (the default), lookups use the local DNS resource record cache. If false, lookups are routed to the
338 network instead, regardless if already available in the local cache.
</para></listitem>
342 <term><option>--zone=
</option><replaceable>BOOL
</replaceable></term>
344 <listitem><para>Takes a boolean parameter; used in conjunction with
<command>query
</command>. If true
345 (the default), lookups are answered from locally registered LLMNR or mDNS resource records, if
346 defined. If false, locally registered LLMNR/mDNS records are not considered for the lookup
347 request.
</para></listitem>
351 <term><option>--trust-anchor=
</option><replaceable>BOOL
</replaceable></term>
353 <listitem><para>Takes a boolean parameter; used in conjunction with
<command>query
</command>. If true
354 (the default), lookups for DS and DNSKEY are answered from the local DNSSEC trust anchors if
355 possible. If false, the local trust store is not considered for the lookup request.
</para></listitem>
359 <term><option>--network=
</option><replaceable>BOOL
</replaceable></term>
361 <listitem><para>Takes a boolean parameter; used in conjunction with
<command>query
</command>. If true
362 (the default), lookups are answered via DNS, LLMNR or mDNS network requests if they cannot be
363 synthesized locally, or be answered from the local cache, zone or trust anchors (see above). If false,
364 the request is not answered from the network and will thus fail if none of the indicated sources can
365 answer them.
</para></listitem>
369 <term><option>--search=
</option><replaceable>BOOL
</replaceable></term>
371 <listitem><para>Takes a boolean parameter. If true (the default), any specified single-label
372 hostnames will be searched in the domains configured in the search domain list, if it is
373 non-empty. Otherwise, the search domain logic is disabled. Note that this option has no effect if
374 <option>--type=
</option> is used (see above), in which case the search domain logic is
375 unconditionally turned off.
</para></listitem>
379 <term><option>--raw
</option><optional>=payload|packet
</optional></term>
381 <listitem><para>Dump the answer as binary data. If there is no argument or if the argument is
382 <literal>payload
</literal>, the payload of the packet is exported. If the argument is
383 <literal>packet
</literal>, the whole packet is dumped in wire format, prefixed by
384 length specified as a little-endian
64-bit number. This format allows multiple packets
385 to be dumped and unambiguously parsed.
</para></listitem>
389 <term><option>--legend=
</option><replaceable>BOOL
</replaceable></term>
391 <listitem><para>Takes a boolean parameter. If true (the default), column headers and meta information about the
392 query response are shown. Otherwise, this output is suppressed.
</para></listitem>
395 <xi:include href=
"standard-options.xml" xpointer=
"json" />
398 <term><option>-j
</option></term>
400 <listitem><para>Short for
<option>--json=auto
</option></para></listitem>
403 <xi:include href=
"standard-options.xml" xpointer=
"no-pager" />
404 <xi:include href=
"standard-options.xml" xpointer=
"help" />
405 <xi:include href=
"standard-options.xml" xpointer=
"version" />
410 <title>Compatibility with
411 <citerefentry project=
"debian"><refentrytitle>resolvconf
</refentrytitle><manvolnum>8</manvolnum></citerefentry></title>
413 <para><command>resolvectl
</command> is a multi-call binary. When invoked as
<literal>resolvconf
</literal>
414 (generally achieved by means of a symbolic link of this name to the
<command>resolvectl
</command> binary) it
416 <citerefentry project=
"debian"><refentrytitle>resolvconf
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
417 compatibility mode. It accepts mostly the same arguments and pushes all data into
418 <citerefentry><refentrytitle>systemd-resolved.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
419 similar to how
<option>dns
</option> and
<option>domain
</option> commands operate. Note that
420 <command>systemd-resolved.service
</command> is the only supported backend, which is different from other
421 implementations of this command.
</para>
423 <para><filename>/etc/resolv.conf
</filename> will only be updated with servers added with this command
424 when
<filename>/etc/resolv.conf
</filename> is a symlink to
425 <filename>/run/systemd/resolve/resolv.conf
</filename>, and not a static file. See the discussion of
426 <filename>/etc/resolv.conf
</filename> handling in
427 <citerefentry><refentrytitle>systemd-resolved.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
430 <para>Not all operations supported by other implementations are supported natively. Specifically:
</para>
434 <term><option>-a
</option></term>
435 <listitem><para>Registers per-interface DNS configuration data with
436 <command>systemd-resolved
</command>. Expects a network interface name as only command line argument. Reads
437 <citerefentry project='man-pages'
><refentrytitle>resolv.conf
</refentrytitle><manvolnum>5</manvolnum></citerefentry>-compatible
438 DNS configuration data from its standard input. Relevant fields are
<literal>nameserver
</literal> and
439 <literal>domain
</literal>/
<literal>search
</literal>. This command is mostly identical to invoking
440 <command>resolvectl
</command> with a combination of
<option>dns
</option> and
<option>domain
</option>
441 commands.
</para></listitem>
445 <term><option>-d
</option></term>
446 <listitem><para>Unregisters per-interface DNS configuration data with
<command>systemd-resolved
</command>. This
447 command is mostly identical to invoking
<command>resolvectl revert
</command>.
</para></listitem>
451 <term><option>-f
</option></term>
453 <listitem><para>When specified
<option>-a
</option> and
<option>-d
</option> will not complain about missing
454 network interfaces and will silently execute no operation in that case.
</para></listitem>
458 <term><option>-x
</option></term>
460 <listitem><para>This switch for
"exclusive" operation is supported only partially. It is mapped to an
461 additional configured search domain of
<literal>~.
</literal> — i.e. ensures that DNS traffic is preferably
462 routed to the DNS servers on this interface, unless there are other, more specific domains configured on other
463 interfaces.
</para></listitem>
467 <term><option>-m
</option></term>
468 <term><option>-p
</option></term>
470 <listitem><para>These switches are not supported and are silently ignored.
</para></listitem>
474 <term><option>-u
</option></term>
475 <term><option>-I
</option></term>
476 <term><option>-i
</option></term>
477 <term><option>-l
</option></term>
478 <term><option>-R
</option></term>
479 <term><option>-r
</option></term>
480 <term><option>-v
</option></term>
481 <term><option>-V
</option></term>
482 <term><option>--enable-updates
</option></term>
483 <term><option>--disable-updates
</option></term>
484 <term><option>--are-updates-enabled
</option></term>
486 <listitem><para>These switches are not supported and the command will fail if used.
</para></listitem>
492 <citerefentry project=
"debian"><refentrytitle>resolvconf
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
493 for details on those command line options.
</para>
497 <title>Examples
</title>
500 <title>Retrieve the addresses of the
<literal>www
.0pointer.net
</literal> domain (
<constant class='dns'
>A
</constant> and
<constant class='dns'
>AAAA
</constant> resource records)
</title>
502 <programlisting>$ resolvectl query www
.0pointer.net
503 www
.0pointer.net:
2a01:
238:
43ed:c300:
10c3:bcf3:
3266:da74
506 -- Information acquired via protocol DNS in
611.6ms.
507 -- Data is authenticated: no
512 <title>Retrieve the domain of the
<literal>85.214.157.71</literal> IP address
513 (
<constant class='dns'
>PTR
</constant> resource record)
</title>
515 <programlisting>$ resolvectl query
85.214.157.71
516 85.214.157.71: gardel
.0pointer.net
518 -- Information acquired via protocol DNS in
1.2997s.
519 -- Data is authenticated: no
524 <title>Retrieve the
<constant class='dns'
>MX
</constant> record of the
<literal>yahoo.com
</literal>
527 <programlisting>$ resolvectl --legend=no -t MX query yahoo.com
528 yahoo.com. IN MX
1 mta7.am0.yahoodns.net
529 yahoo.com. IN MX
1 mta6.am0.yahoodns.net
530 yahoo.com. IN MX
1 mta5.am0.yahoodns.net
535 <title>Resolve an
<constant class='dns'
>SRV
</constant> service
</title>
537 <programlisting>$ resolvectl service _xmpp-server._tcp gmail.com
538 _xmpp-server._tcp/gmail.com: alt1.xmpp-server.l.google.com:
5269 [priority=
20, weight=
0]
540 alt4.xmpp-server.l.google.com:
5269 [priority=
20, weight=
0]
547 <title>Retrieve a PGP key (
<constant class='dns'
>OPENPGP
</constant> resource record)
</title>
549 <programlisting>$ resolvectl openpgp zbyszek@fedoraproject.org
550 d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproject.org. IN OPENPGPKEY
551 mQINBFBHPMsBEACeInGYJCb+
7TurKfb6wGyTottCDtiSJB310i37/
6ZYoeIay/
5soJjlMyf
552 MFQ9T2XNT/
0LM
6gTa
0MpC
1st
9LnzYTMsT
6tzRly
1D
1UbVI
6xw
0g
0vE
5y
2Cjk
3xUwAynCsSs
558 <title>Retrieve a TLS key (
<constant class='dns'
>TLSA
</constant> resource record)
</title>
560 <programlisting>$ resolvectl tlsa tcp fedoraproject.org:
443
561 _443._tcp.fedoraproject.org IN TLSA
0 0 1 19400be5b7a31fb733917700789d2f0a2471c0c9d506c0e504c06c16d7cb17c0
562 -- Cert. usage: CA constraint
563 -- Selector: Full Certificate
564 -- Matching type: SHA-
256
567 <para><literal>tcp
</literal> and
<literal>:
443</literal> are optional and could be skipped.
</para>
572 <title>See Also
</title>
574 <citerefentry><refentrytitle>systemd
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
575 <citerefentry><refentrytitle>systemd-resolved.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
576 <citerefentry><refentrytitle>systemd.dnssd
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
577 <citerefentry><refentrytitle>systemd-networkd.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
578 <citerefentry><refentrytitle>resolvconf
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
projects / thirdparty / systemd.git / blob