Merge pull request #32677 from keszybz/wording-fixes

[thirdparty/systemd.git] / man / org.freedesktop.resolve1.xml

<?xml version="1.0"?>
<!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->

<refentry id="org.freedesktop.resolve1" conditional='ENABLE_RESOLVE'
    xmlns:xi="http://www.w3.org/2001/XInclude">
  <refentryinfo>
    <title>org.freedesktop.resolve1</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>org.freedesktop.resolve1</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>org.freedesktop.resolve1</refname>
    <refpurpose>The D-Bus interface of systemd-resolved</refpurpose>
  </refnamediv>

  <refsect1>
    <title>Introduction</title>

    <para>
    <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    is a system service that provides hostname resolution and caching using DNS, LLMNR, and mDNS. It also
    does DNSSEC validation. This page describes the resolve semantics and the D-Bus interface.</para>

    <para>This page contains an API reference only. If you are looking for a longer explanation how to use
    this API, please consult
    <ulink url="https://wiki.freedesktop.org/www/Software/systemd/writing-network-configuration-managers">
    Writing Network Configuration Managers</ulink> and
    <ulink url="https://wiki.freedesktop.org/www/Software/systemd/writing-resolver-clients">Writing Resolver
    Clients</ulink>.
    </para>
  </refsect1>

  <refsect1>
    <title>The Manager Object</title>

    <para>The service exposes the following interfaces on the Manager object on the bus:</para>

    <programlisting executable="systemd-resolved" node="/org/freedesktop/resolve1" interface="org.freedesktop.resolve1.Manager">
node /org/freedesktop/resolve1 {
  interface org.freedesktop.resolve1.Manager {
    methods:
      ResolveHostname(in  i ifindex,
                      in  s name,
                      in  i family,
                      in  t flags,
                      out a(iiay) addresses,
                      out s canonical,
                      out t flags);
      ResolveAddress(in  i ifindex,
                     in  i family,
                     in  ay address,
                     in  t flags,
                     out a(is) names,
                     out t flags);
      ResolveRecord(in  i ifindex,
                    in  s name,
                    in  q class,
                    in  q type,
                    in  t flags,
                    out a(iqqay) records,
                    out t flags);
      ResolveService(in  i ifindex,
                     in  s name,
                     in  s type,
                     in  s domain,
                     in  i family,
                     in  t flags,
                     out a(qqqsa(iiay)s) srv_data,
                     out aay txt_data,
                     out s canonical_name,
                     out s canonical_type,
                     out s canonical_domain,
                     out t flags);
      GetLink(in  i ifindex,
              out o path);
      SetLinkDNS(in  i ifindex,
                 in  a(iay) addresses);
      SetLinkDNSEx(in  i ifindex,
                   in  a(iayqs) addresses);
      SetLinkDomains(in  i ifindex,
                     in  a(sb) domains);
      SetLinkDefaultRoute(in  i ifindex,
                          in  b enable);
      SetLinkLLMNR(in  i ifindex,
                   in  s mode);
      SetLinkMulticastDNS(in  i ifindex,
                          in  s mode);
      SetLinkDNSOverTLS(in  i ifindex,
                        in  s mode);
      SetLinkDNSSEC(in  i ifindex,
                    in  s mode);
      SetLinkDNSSECNegativeTrustAnchors(in  i ifindex,
                                        in  as names);
      RevertLink(in  i ifindex);
      RegisterService(in  s id,
                      in  s name_template,
                      in  s type,
                      in  q service_port,
                      in  q service_priority,
                      in  q service_weight,
                      in  aa{say} txt_datas,
                      out o service_path);
      UnregisterService(in  o service_path);
      ResetStatistics();
      FlushCaches();
      ResetServerFeatures();
    properties:
      readonly s LLMNRHostname = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s LLMNR = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s MulticastDNS = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s DNSOverTLS = '...';
      readonly a(iiay) DNS = [...];
      readonly a(iiayqs) DNSEx = [...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly a(iiay) FallbackDNS = [...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
      readonly a(iiayqs) FallbackDNSEx = [...];
      readonly (iiay) CurrentDNSServer = ...;
      readonly (iiayqs) CurrentDNSServerEx = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(isb) Domains = [...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly (tt) TransactionStatistics = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly (ttt) CacheStatistics = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s DNSSEC = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly (tttt) DNSSECStatistics = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b DNSSECSupported = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly as DNSSECNegativeTrustAnchors = ['...', ...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s DNSStubListener = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s ResolvConfMode = '...';
  };
  interface org.freedesktop.DBus.Peer { ... };
  interface org.freedesktop.DBus.Introspectable { ... };
  interface org.freedesktop.DBus.Properties { ... };
};
    </programlisting>

    <!--Autogenerated cross-references for systemd.directives, do not edit-->

    <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.resolve1.Manager"/>

    <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.resolve1.Manager"/>

    <variablelist class="dbus-method" generated="True" extra-ref="ResolveHostname()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="ResolveAddress()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="ResolveRecord()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="ResolveService()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="GetLink()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDNS()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDNSEx()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDomains()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDefaultRoute()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetLinkLLMNR()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetLinkMulticastDNS()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDNSOverTLS()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDNSSEC()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDNSSECNegativeTrustAnchors()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="RevertLink()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="RegisterService()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="UnregisterService()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="ResetStatistics()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="FlushCaches()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="ResetServerFeatures()"/>

    <variablelist class="dbus-property" generated="True" extra-ref="LLMNRHostname"/>

    <variablelist class="dbus-property" generated="True" extra-ref="LLMNR"/>

    <variablelist class="dbus-property" generated="True" extra-ref="MulticastDNS"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNSOverTLS"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNS"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNSEx"/>

    <variablelist class="dbus-property" generated="True" extra-ref="FallbackDNS"/>

    <variablelist class="dbus-property" generated="True" extra-ref="FallbackDNSEx"/>

    <variablelist class="dbus-property" generated="True" extra-ref="CurrentDNSServer"/>

    <variablelist class="dbus-property" generated="True" extra-ref="CurrentDNSServerEx"/>

    <variablelist class="dbus-property" generated="True" extra-ref="Domains"/>

    <variablelist class="dbus-property" generated="True" extra-ref="TransactionStatistics"/>

    <variablelist class="dbus-property" generated="True" extra-ref="CacheStatistics"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNSSEC"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNSSECStatistics"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNSSECSupported"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNSSECNegativeTrustAnchors"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNSStubListener"/>

    <variablelist class="dbus-property" generated="True" extra-ref="ResolvConfMode"/>

    <!--End of Autogenerated section-->

    <refsect2>
      <title>Methods</title>

      <para><function>ResolveHostname()</function> takes a hostname and resolves it to one or more IP
      addresses.  As parameters it takes the Linux network interface index to execute the query on, or 0 if
      it may be done on any suitable interface. The <varname>name</varname> parameter specifies the hostname
      to resolve. Note that if required, IDNA conversion is applied to this name unless it is resolved via
      LLMNR or MulticastDNS. The <varname>family</varname> parameter limits the results to a specific address
      family. It may be <constant>AF_INET</constant>, <constant>AF_INET6</constant> or
      <constant>AF_UNSPEC</constant>. If <constant>AF_UNSPEC</constant> is specified (recommended), both
      kinds are retrieved, subject to local network configuration (i.e. if no local, routable IPv6 address is
      found, no IPv6 address is retrieved; and similarly for IPv4). A 64-bit <varname>flags</varname> field
      may be used to alter the behaviour of the resolver operation (see below). The method returns an array
      of address records. Each address record consists of the interface index the address belongs to, an
      address family as well as a byte array with the actual IP address data (which either has 4 or 16
      elements, depending on the address family). The returned address family will be one of
      <constant>AF_INET</constant> or <constant>AF_INET6</constant>. For IPv6, the returned address interface
      index should be used to initialize the .sin6_scope_id field of a
      <structname>struct sockaddr_in6</structname> instance to permit support for resolution to link-local IP
      addresses. The address array is followed by the canonical name of the host, which may or may not be
      identical to the resolved hostname. Finally, a 64-bit <varname>flags</varname> field is returned that
      is defined similarly to the <varname>flags</varname> field that was passed in, but contains information
      about the resolved data (see below). If the hostname passed in is an IPv4 or IPv6 address formatted as
      string, it is parsed, and the result is returned. In this case, no network communication is
      done.</para>

      <para><function>ResolveAddress()</function> executes the reverse operation: it takes an IP address and
      acquires one or more hostnames for it. As parameters it takes the interface index to execute the query
      on, or <constant>0</constant> if all suitable interfaces are OK. The <varname>family</varname>
      parameter indicates the address family of the IP address to resolve. It may be either
      <constant>AF_INET</constant> or <constant>AF_INET6</constant>. The <varname>address</varname> parameter
      takes the raw IP address data (as either a 4 or 16 byte array). The <varname>flags</varname> input
      parameter may be used to alter the resolver operation (see below). The method returns an array of name
      records, each consisting of an interface index and a hostname.  The <varname>flags</varname> output
      field contains additional information about the resolver operation (see below).</para>

      <para><function>ResolveRecord()</function> takes a DNS resource record (RR) type, class and name, and
      retrieves the full resource record set (RRset), including the RDATA, for it. As parameter it takes the
      Linux network interface index to execute the query on, or <constant>0</constant> if it may be done on
      any suitable interface. The <varname>name</varname> parameter specifies the RR domain name to look up
      (no IDNA conversion is applied), followed by the 16-bit class and type fields (which may be
      ANY). Finally, a <varname>flags</varname> field may be passed in to alter behaviour of the look-up (see
      below). On completion, an array of RR items is returned. Each array entry consists of the network interface
      index the RR was discovered on, the type and class field of the RR found, and a byte array of the raw
      RR discovered. The raw RR data starts with the RR's domain name, in the original casing, followed
      by the RR type, class, TTL and RDATA, in the binary format documented in
      <ulink url="https://www.ietf.org/rfc/rfc1035.txt">RFC 1035</ulink>. For RRs that support name
      compression in the payload (such as MX or PTR), the compression is expanded in the returned
      data.</para>

      <para>Note that currently, the class field has to be specified as IN or ANY. Specifying a different
      class will return an error indicating that look-ups of this kind are unsupported. Similarly, some
      special types are not supported either (AXFR, OPT, …). While <filename>systemd-resolved</filename> parses and validates resource
      records of many types, it is crucial that clients using this API understand that the RR data originates
      from the network and should be thoroughly validated before use.</para>

      <para><function>ResolveService()</function> may be used to resolve a DNS
      <constant class="dns">SRV</constant> service record, as well as the hostnames referenced in it, and
      possibly an accompanying DNS-SD <constant class="dns">TXT</constant> record containing additional
      service metadata.  The primary benefit of using this method over <function>ResolveRecord()</function>
      specifying the <constant class="dns">SRV</constant> type is that it will resolve the
      <constant class="dns">SRV</constant> and <constant class="dns">TXT</constant> RRs as well as the
      hostnames referenced in the SRV in a single operation. As parameters it takes a Linux network interface
      index, a service name, a service type and a service domain. This method may be invoked in three
      different modes:</para>

      <orderedlist>
        <listitem><para>To resolve a DNS-SD service, specify the service name (e.g. <literal>Lennart's
        Files</literal>), the service type (e.g. <literal>_webdav._tcp</literal>) and the domain to search in
        (e.g. <literal>local</literal>) as the three service parameters. The service name must be in UTF-8
        format, and no IDNA conversion is applied to it in this mode (as mandated by the DNS-SD
        specifications). However, if necessary, IDNA conversion is applied to the domain parameter.</para>
        </listitem>

        <listitem><para>To resolve a plain <constant class="dns">SRV</constant> record, set the service name
        parameter to the empty string and set the service type and domain properly. (IDNA conversion is
        applied to the domain, if necessary.)</para></listitem>

        <listitem><para>Alternatively, leave both the service name and type empty and specify the full domain
        name of the <constant class="dns">SRV</constant> record (i.e. prefixed with the service type) in the
        domain parameter. (No IDNA conversion is applied in this mode.)</para></listitem>
      </orderedlist>

      <para>The <varname>family</varname> parameter of the <function>ResolveService()</function> method encodes
      the desired family of the addresses to resolve (use <constant>AF_INET</constant>,
      <constant>AF_INET6</constant>, or <constant>AF_UNSPEC</constant>). If this is enabled (Use the
      <constant>NO_ADDRESS</constant> flag to turn address resolution off, see below). The
      <varname>flags</varname> parameter takes a couple of flags that may be used to alter the resolver
      operation.</para>

      <para>On completion, <function>ResolveService()</function> returns an array of
      <constant class="dns">SRV</constant> record structures. Each items consisting of the priority, weight and port
      fields as well as the hostname to contact, as encoded in the <constant class="dns">SRV</constant>
      record. Immediately following is an array of the addresses of this hostname, with each item consisting
      of the interface index, the address family and the address data in a byte array. This address array is
      followed by the canonicalized hostname. After this array of <constant class="dns">SRV</constant> record
      structures an array of byte arrays follows that encodes the TXT RR strings, in case DNS-SD look-ups are
      enabled. The next parameters are the canonical service name, type and domain. This may or may not be
      identical to the parameters passed in. Finally, a <varname>flags</varname> field is returned that
      contains information about the resolver operation performed.</para>

      <para>The <function>ResetStatistics()</function> method resets the various statistics counters that
      <filename>systemd-resolved</filename> maintains to zero. (For details, see the statistics properties below.)</para>

      <para>The <function>GetLink()</function> method takes a network interface index and returns the object
      path to the <interfacename>org.freedesktop.resolve1.Link</interfacename> object corresponding to it.
      </para>

      <para>The <function>SetLinkDNS()</function> method sets the DNS servers to use on a specific
      interface. This method (and the following ones) may be used by network management software to configure
      per-interface DNS settings. It takes a network interface index as well as an array of DNS server IP
      address records. Each array item consists of an address family (either <constant>AF_INET</constant> or
      <constant>AF_INET6</constant>), followed by a 4-byte or 16-byte array with the raw address data. This
      method is a one-step shortcut for retrieving the Link object for a network interface using
      <function>GetLink()</function> (see above) and then invoking the <function>SetDNS()</function> method
      (see below) on it.</para>

      <para><function>SetLinkDNSEx()</function> is similar to <function>SetLinkDNS()</function>, but allows
      an IP port (instead of the default 53) and DNS name to be specified for each DNS server. The server
      name is used for Server Name Indication (SNI), which is useful when DNS-over-TLS is
      used. C.f. <varname>DNS=</varname> in
      <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
      </para>

      <para><function>SetLinkDefaultRoute()</function> specifies whether the link shall be used as the
      default route for name queries. See the description of name routing in
      <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      for details.</para>

      <para>The <function>SetLinkDomains()</function> method sets the search and routing domains to use on a
      specific network interface for DNS look-ups. It takes a network interface index and an array of domains,
      each with a boolean parameter indicating whether the specified domain shall be used as a search domain
      (false), or just as a routing domain (true). Search domains are used for qualifying single-label names into
      FQDN when looking up hostnames, as well as for making routing decisions on which interface to send
      queries ending in the domain to. Routing domains are only used for routing decisions and not used for single-label
      name qualification. Pass the search domains in the order they should be used.</para>

      <para>The <function>SetLinkLLMNR()</function> method enables or disables LLMNR support on a specific
      network interface. It takes a network interface index as well as a string that may either be empty or one of
      <literal>yes</literal>, <literal>no</literal> or <literal>resolve</literal>. If empty, the systemd-wide
      default LLMNR setting is used. If <literal>yes</literal>, LLMNR is used for resolution of single-label
      names and the local hostname is registered on all local LANs for LLMNR resolution by peers. If
      <literal>no</literal>, LLMNR is turned off fully on this interface. If <literal>resolve</literal>, LLMNR
      is only enabled for resolving names, but the local hostname is not registered for other peers to
      use.</para>

      <para>Similarly, the <function>SetLinkMulticastDNS()</function> method enables or disables MulticastDNS
      support on a specific interface. It takes the same parameters as <function>SetLinkLLMNR()</function>
      described above.</para>

      <para>The <function>SetLinkDNSSEC()</function> method enables or disables DNSSEC validation on a
      specific network interface. It takes a network interface index as well as a string that may either be
      empty or one of <literal>yes</literal>, <literal>no</literal>, or <literal>allow-downgrade</literal>. When
      empty, the system-wide default DNSSEC setting is used. If <literal>yes</literal>, full DNSSEC validation
      is done for all look-ups. If the selected DNS server does not support DNSSEC, look-ups will fail if this
      mode is used. If <literal>no</literal>, DNSSEC validation is fully disabled. If
      <literal>allow-downgrade</literal>, DNSSEC validation is enabled, but is turned off automatically if the
      selected server does not support it (thus opening up behaviour to downgrade attacks). Note that DNSSEC
      only applies to traditional DNS, not to LLMNR or MulticastDNS.</para>

      <para>The <function>SetLinkDNSSECNegativeTrustAnchors()</function> method may be used to configure DNSSEC
      Negative Trust Anchors (NTAs) for a specific network interface. It takes a network interface index and a
      list of domains as arguments.</para>

      <para>The <function>SetLinkDNSOverTLS()</function> method enables or disables DNS-over-TLS.
      C.f. <varname>DNSOverTLS=</varname> in
      <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      for details.</para>

      <para>Network management software integrating with <filename>systemd-resolved</filename> should call
      <function>SetLinkDNS()</function> or <function>SetLinkDNSEx()</function>,
      <function>SetLinkDefaultRoute()</function>, <function>SetLinkDomains()</function> and others after the
      interface appeared in the kernel (and thus after a network interface index has been assigned), but
      before the network interfaces is activated (<constant>IFF_UP</constant> set) so that all settings take
      effect during the full time the network interface is up. It is safe to alter settings while the
      interface is up, however. Use <function>RevertLink()</function> (described below) to reset all
      per-interface settings.</para>

      <para>The <function>RevertLink()</function> method may be used to revert all per-link settings
      described above to the defaults.</para>

      <para>The <function>FlushCaches()</function> flushes all resource record caches maintained by the
      resolver, and ensures that any subsequent lookups re-request their responses from their sources.</para>

      <para>The <function>ResetServerFeatures()</function> flushes any feature information learned about
      remote DNS servers. This ensures that subsequent lookups will be initially attempted at the highest DNS
      protocol feature level again, possibly requiring a (potentially slow) downgrade cycle to recognize the
      supported feature level again.</para>

      <para>The <function>RegisterService()</function> method may be used to register a DNS-SD service on the
      host. This functionality is closely related to the functionality provided by
      <citerefentry><refentrytitle>systemd.dnssd</refentrytitle><manvolnum>5</manvolnum></citerefentry>
      files. It takes a server identifier string as first parameter (this is just a local identifier, and
      should be chosen so that it neither collides with the basename of <filename>*.dnssd</filename> files
      nor with names chosen by other IPC clients). It also takes a name template string for the DNS-SD
      service name visible on the network. This string is subject to specifier expansation, as documented for
      the <varname>Name=</varname> setting in <filename>*.dnssd</filename> files. It also takes a service
      type string containing the DNS-SD service type, as well as an IP port, a priority/weight pair for the
      DNS-SD SRV record. Finally, it takes an array of TXT record data. It returns an object path which may be
      used as handle to the registered service.</para>

      <para>The <function>UnregisterService()</function> method undoes the effect of
      <function>RegisterService()</function> and deletes a DNS-SD service previously created via IPC
      again.</para>

      <refsect3>
        <title>The Flags Parameter</title>

        <para>The four methods above accept and return a 64-bit flags value. In most cases passing 0 is sufficient
        and recommended. However, the following flags are defined to alter the look-up:</para>

        <programlisting>/* Input+Output: Protocol/scope */
#define SD_RESOLVED_DNS                (UINT64_C(1) &lt;&lt;  0)
#define SD_RESOLVED_LLMNR_IPV4         (UINT64_C(1) &lt;&lt;  1)
#define SD_RESOLVED_LLMNR_IPV6         (UINT64_C(1) &lt;&lt;  2)
#define SD_RESOLVED_MDNS_IPV4          (UINT64_C(1) &lt;&lt;  3)
#define SD_RESOLVED_MDNS_IPV6          (UINT64_C(1) &lt;&lt;  4)

/* Input: Restrictions */
#define SD_RESOLVED_NO_CNAME           (UINT64_C(1) &lt;&lt;  5)
#define SD_RESOLVED_NO_TXT             (UINT64_C(1) &lt;&lt;  6)
#define SD_RESOLVED_NO_ADDRESS         (UINT64_C(1) &lt;&lt;  7)
#define SD_RESOLVED_NO_SEARCH          (UINT64_C(1) &lt;&lt;  8)
#define SD_RESOLVED_NO_VALIDATE        (UINT64_C(1) &lt;&lt; 10)
#define SD_RESOLVED_NO_SYNTHESIZE      (UINT64_C(1) &lt;&lt; 11)
#define SD_RESOLVED_NO_CACHE           (UINT64_C(1) &lt;&lt; 12)
#define SD_RESOLVED_NO_ZONE            (UINT64_C(1) &lt;&lt; 13)
#define SD_RESOLVED_NO_TRUST_ANCHOR    (UINT64_C(1) &lt;&lt; 14)
#define SD_RESOLVED_NO_NETWORK         (UINT64_C(1) &lt;&lt; 15)
#define SD_RESOLVED_NO_STALE           (UINT64_C(1) &lt;&lt; 24)
#define SD_RESOLVED_RELAX_SINGLE_LABEL (UINT64_C(1) &lt;&lt; 25)

/* Output: Security */
#define SD_RESOLVED_AUTHENTICATED      (UINT64_C(1) &lt;&lt;  9)
#define SD_RESOLVED_CONFIDENTIAL       (UINT64_C(1) &lt;&lt; 18)

/* Output: Origin */
#define SD_RESOLVED_SYNTHETIC          (UINT64_C(1) &lt;&lt; 19)
#define SD_RESOLVED_FROM_CACHE         (UINT64_C(1) &lt;&lt; 20)
#define SD_RESOLVED_FROM_ZONE          (UINT64_C(1) &lt;&lt; 21)
#define SD_RESOLVED_FROM_TRUST_ANCHOR  (UINT64_C(1) &lt;&lt; 22)
#define SD_RESOLVED_FROM_NETWORK       (UINT64_C(1) &lt;&lt; 23)
</programlisting>

        <para>On input, the first five flags control the protocols to use for the look-up. They refer to
        classic unicast DNS, LLMNR via IPv4/UDP and IPv6/UDP respectively, as well as MulticastDNS via
        IPv4/UDP and IPv6/UDP. If all of these five bits are off on input (which is strongly recommended) the
        look-up will be done via all suitable protocols for the specific look-up. Note that these flags
        operate as filter only, but cannot force a look-up to be done via a protocol. Specifically,
        <filename>systemd-resolved</filename> will only route look-ups within the .local TLD to MulticastDNS
        (plus some reverse look-up address domains), and single-label names to LLMNR (plus some reverse
        address lookup domains). It will route neither of these to Unicast DNS servers. Also, it will do
        LLMNR and Multicast DNS only on interfaces suitable for multicast.</para>

        <para>On output, these five flags indicate which protocol was used to execute the operation, and
        hence where the data was found.</para>

        <para>The primary use cases for these five flags are follow-up look-ups based on DNS data retrieved
        earlier. In this case it is often a good idea to limit the follow-up look-up to the protocol that was
        used to discover the first DNS result.</para>

        <para>The NO_CNAME flag controls whether CNAME/DNAME resource records shall be followed during the
        look-up. This flag is only available at input, none of the functions will return it on output. If a
        CNAME/DNAME RR is discovered while resolving a hostname, an error is returned instead. By default,
        when the flag is off, CNAME/DNAME RRs are followed.</para>

        <para>The NO_TXT and NO_ADDRESS flags only influence operation of the
        <function>ResolveService()</function> method. They are only defined for input, not output. If NO_TXT
        is set, the DNS-SD TXT RR look-up is not done in the same operation. If NO_ADDRESS is set, the
        discovered hostnames are not implicitly translated to their addresses.</para>

        <para>The NO_SEARCH flag turns off the search domain logic. It is only defined for input in
        <function>ResolveHostname()</function>. When specified, single-label hostnames are not qualified
        using defined search domains, if any are configured. Note that <function>ResolveRecord()</function>
        will never qualify single-label domain names using search domains. Also note that multi-label
        hostnames are never subject to search list expansion.</para>

        <para>NO_VALIDATE can be set to disable validation via DNSSEC even if it would normally be
        used.</para>

        <para>The next six flags allow disabling certain sources during resolution. NO_SYNTHESIZE disables
        synthetic records, e.g. the local host name, see section SYNTHETIC RECORDS in
        <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
        for more information. NO_CACHE disables the use of the cache of previously resolved records. NO_ZONE
        disables answers using locally registered public LLMNR/mDNS resource records. NO_TRUST_ANCHOR
        disables answers using locally configured trust anchors. NO_NETWORK requires all answers to be
        provided without using the network, i.e. either from local sources or the cache. NO_STALE flag
        can be set to disable answering request with stale records.</para>

        <para>The AUTHENTICATED bit is defined only in the output flags of the four functions. If set, the
        returned data has been fully authenticated. Specifically, this bit is set for all DNSSEC-protected
        data for which a full trust chain may be established to a trusted domain anchor. It is also set for
        locally synthesized data, such as <literal>localhost</literal> or data from
        <filename>/etc/hosts</filename>. Moreover, it is set for all LLMNR or mDNS RRs which originate from
        the local host. Applications that require authenticated RR data for operation should check this flag
        before trusting the data. Note that <filename>systemd-resolved</filename> will never return
        invalidated data, hence this flag simply allows one to discern the cases where data is known to be
        trusted, or where there is proof that the data is "rightfully" unauthenticated (which includes cases
        where the underlying protocol or server does not support authenticating data).</para>

        <para>CONFIDENTIAL means the query was resolved via encrypted channels or never left this
        system.</para>

        <para>The next five bits flags are used in output and provide information about the origin of the
        answer. FROM_SYNTHETIC means the query was (at least partially) synthesized locally. FROM_CACHE means
        the query was answered (at least partially) using the cache. FROM_ZONE means the query was answered
        (at least partially) based on public, locally registered records. FROM_TRUST_ANCHOR means the query
        was answered (at least partially) using local trust anchors. FROM_NETWORK means the query was
        answered (at least partially) using the network.</para>
      </refsect3>
    </refsect2>

    <refsect2>
      <title>Properties</title>

      <para>The <varname>LLMNR</varname> and <varname>MulticastDNS</varname> properties report whether LLMNR
      and MulticastDNS are (globally) enabled. Each may be one of <literal>yes</literal>,
      <literal>no</literal>, and <literal>resolve</literal>. See <function>SetLinkLLMNR()</function>
      and <function>SetLinkMulticastDNS()</function> above.</para>

      <para><varname>LLMNRHostname</varname> contains the hostname currently exposed on the network via
      LLMNR. It usually follows the system hostname as may be queried via
      <citerefentry project="man-pages"><refentrytitle>gethostname</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
      but may differ if a conflict is detected on the network.</para>

      <para><varname>DNS</varname> and <varname>DNSEx</varname> contain arrays of all DNS servers currently
      used by <filename>systemd-resolved</filename>. <varname>DNS</varname> contains information similar to
      the DNS server data in <filename>/run/systemd/resolve/resolv.conf</filename>. Each structure in the
      array consists of a numeric network interface index, an address family, and a byte array containing the
      DNS server address (either 4 bytes in length for IPv4 or 16 bytes in lengths for IPv6).
      <varname>DNSEx</varname> is similar, but additionally contains the IP port and server name (used for
      Server Name Indication, SNI). Both arrays contain DNS servers configured system-wide, including those
      possibly read from a foreign <filename>/etc/resolv.conf</filename> or the <varname>DNS=</varname>
      setting in <filename>/etc/systemd/resolved.conf</filename>, as well as per-interface DNS server
      information either retrieved from
      <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      or configured by external software via <function>SetLinkDNS()</function> or
      <function>SetLinkDNSEx()</function> (see above). The network interface index will be 0 for the
      system-wide configured services and non-zero for the per-link servers.</para>

      <para><varname>FallbackDNS</varname> and <varname>FallbackDNSEx</varname> contain arrays of all DNS
      servers configured as fallback servers, if any, using the same format as <varname>DNS</varname> and
      <varname>DNSEx</varname> described above. See the description of <varname>FallbackDNS=</varname> in
      <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
      the description of when those servers are used.</para>

      <para><varname>CurrentDNSServer</varname> and <varname>CurrentDNSServerEx</varname> specify the server
      that is currently used for query resolution, in the same format as a single entry in the
      <varname>DNS</varname> and <varname>DNSEx</varname> arrays described above.</para>

      <para>Similarly, the <varname>Domains</varname> property contains an array of all search and routing
      domains currently used by <filename>systemd-resolved</filename>. Each entry consists of a network
      interface index (again, 0 encodes system-wide entries), the actual domain name, and whether the entry
      is used only for routing (true) or for both routing and searching (false).</para>

      <para>The <varname>TransactionStatistics</varname> property contains information about the number of
      transactions <filename>systemd-resolved</filename> has processed. It contains a pair of unsigned 64-bit counters, the first
      containing the number of currently ongoing transactions, the second the number of total transactions
      <filename>systemd-resolved</filename> is processing or has processed. The latter value may be reset using the
      <function>ResetStatistics()</function> method described above. Note that the number of transactions does
      not directly map to the number of issued resolver bus method calls. While simple look-ups usually require a
      single transaction only, more complex look-ups might result in more, for example when CNAMEs or DNSSEC
      are in use.</para>

      <para>The <varname>CacheStatistics</varname> property contains information about the executed cache
      operations so far. It exposes three 64-bit counters: the first being the total number of current cache
      entries (both positive and negative), the second the number of cache hits, and the third the number of
      cache misses. The latter counters may be reset using <function>ResetStatistics()</function> (see
      above).</para>

      <para>The <varname>DNSSEC</varname> property specifies current status of DNSSEC validation. It is one
      of <literal>yes</literal> (validation is enforced), <literal>no</literal> (no validation is done),
      <literal>allow-downgrade</literal> (validation is done if the current DNS server supports it). See the
      description of <varname>DNSSEC=</varname> in
      <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
      </para>

      <para>The <varname>DNSSECStatistics</varname> property contains information about the DNSSEC
      validations executed so far. It contains four 64-bit counters: the number of secure, insecure, bogus,
      and indeterminate DNSSEC validations so far. The counters are increased for each validated RRset, and
      each non-existence proof. The secure counter is increased for each operation that successfully verified
      a signed reply, the insecure counter is increased for each operation that successfully verified that an
      unsigned reply is rightfully unsigned. The bogus counter is increased for each operation where the
      validation did not check out and the data is likely to have been tempered with. Finally the
      indeterminate counter is increased for each operation which did not complete because the necessary keys
      could not be acquired or the cryptographic algorithms were unknown.</para>

      <para>The <varname>DNSSECSupported</varname> boolean property reports whether DNSSEC is enabled and
      the selected DNS servers support it. It combines information about system-wide and per-link DNS
      settings (see below), and only reports true if DNSSEC is enabled and supported on every interface for
      which DNS is configured and for the system-wide settings if there are any. Note that <filename>systemd-resolved</filename> assumes
      DNSSEC is supported by DNS servers until it verifies that this is not the case. Thus, the reported
      value may initially be true, until the first transactions are executed.</para>

      <para>The <varname>DNSOverTLS</varname> boolean property reports whether DNS-over-TLS is enabled.
      </para>

      <para>The <varname>ResolvConfMode</varname> property exposes how <filename>/etc/resolv.conf</filename>
      is managed on the host. Currently, the values <literal>uplink</literal>, <literal>stub</literal>,
      <literal>static</literal> (these three correspond to the three different files
      <filename>systemd-resolved.service</filename> provides), <literal>foreign</literal> (the file is
      managed by admin or another service, <filename>systemd-resolved.service</filename> just consumes it),
      <literal>missing</literal> (<filename>/etc/resolv.conf</filename> is missing).</para>

      <para>The <varname>DNSStubListener</varname> property reports whether the stub listener on port 53 is
      enabled. Possible values are <literal>yes</literal> (enabled), <literal>no</literal> (disabled),
      <literal>udp</literal> (only the UDP listener is enabled), and <literal>tcp</literal> (only the TCP
      listener is enabled).</para>

      <para>The <varname>DNSSECNegativeTrustAnchors</varname> property contains a list of recognized DNSSEC
      negative trust anchors and contains a list of domains.</para>
    </refsect2>
  </refsect1>

  <refsect1>
    <title>Link Object</title>

    <programlisting executable="systemd-resolved" node="/org/freedesktop/resolve1/link/_1" interface="org.freedesktop.resolve1.Link">
node /org/freedesktop/resolve1/link/_1 {
  interface org.freedesktop.resolve1.Link {
    methods:
      SetDNS(in  a(iay) addresses);
      SetDNSEx(in  a(iayqs) addresses);
      SetDomains(in  a(sb) domains);
      SetDefaultRoute(in  b enable);
      SetLLMNR(in  s mode);
      SetMulticastDNS(in  s mode);
      SetDNSOverTLS(in  s mode);
      SetDNSSEC(in  s mode);
      SetDNSSECNegativeTrustAnchors(in  as names);
      Revert();
    properties:
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly t ScopesMask = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(iay) DNS = [...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(iayqs) DNSEx = [...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly (iay) CurrentDNSServer = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly (iayqs) CurrentDNSServerEx = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly a(sb) Domains = [...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b DefaultRoute = ...;
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s LLMNR = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s MulticastDNS = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s DNSOverTLS = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly s DNSSEC = '...';
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly as DNSSECNegativeTrustAnchors = ['...', ...];
      @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
      readonly b DNSSECSupported = ...;
  };
  interface org.freedesktop.DBus.Peer { ... };
  interface org.freedesktop.DBus.Introspectable { ... };
  interface org.freedesktop.DBus.Properties { ... };
};
    </programlisting>

    <!--Autogenerated cross-references for systemd.directives, do not edit-->

    <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.resolve1.Link"/>

    <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.resolve1.Link"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetDNS()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetDNSEx()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetDomains()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetDefaultRoute()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetLLMNR()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetMulticastDNS()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetDNSOverTLS()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetDNSSEC()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="SetDNSSECNegativeTrustAnchors()"/>

    <variablelist class="dbus-method" generated="True" extra-ref="Revert()"/>

    <variablelist class="dbus-property" generated="True" extra-ref="ScopesMask"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNS"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNSEx"/>

    <variablelist class="dbus-property" generated="True" extra-ref="CurrentDNSServer"/>

    <variablelist class="dbus-property" generated="True" extra-ref="CurrentDNSServerEx"/>

    <variablelist class="dbus-property" generated="True" extra-ref="Domains"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DefaultRoute"/>

    <variablelist class="dbus-property" generated="True" extra-ref="LLMNR"/>

    <variablelist class="dbus-property" generated="True" extra-ref="MulticastDNS"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNSOverTLS"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNSSEC"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNSSECNegativeTrustAnchors"/>

    <variablelist class="dbus-property" generated="True" extra-ref="DNSSECSupported"/>

    <!--End of Autogenerated section-->

    <para>For each Linux network interface a "Link" object is created which exposes per-link DNS
    configuration and state. Use <function>GetLink()</function> on the Manager interface to retrieve the
    object path for a link object given the network interface index (see above).</para>

    <refsect2>
      <title>Methods</title>

      <para>The various methods exposed by the Link interface are equivalent to their similarly named
      counterparts on the Manager interface. e.g. <function>SetDNS()</function> on the Link object maps to
      <function>SetLinkDNS()</function> on the Manager object, the main difference being that the later
      expects an interface index to be specified. Invoking the methods on the Manager interface has the
      benefit of reducing roundtrips, as it is not necessary to first request the Link object path via
      <function>GetLink()</function> before invoking the methods. The same relationship holds for
      <function>SetDNSEx()</function>, <function>SetDomains()</function>,
      <function>SetDefaultRoute()</function>, <function>SetLLMNR()</function>,
      <function>SetMulticastDNS()</function>, <function>SetDNSOverTLS()</function>,
      <function>SetDNSSEC()</function>, <function>SetDNSSECNegativeTrustAnchors()</function>, and
      <function>Revert()</function>. For further details on these methods see the
      <interfacename>Manager</interfacename> documentation above.</para>
    </refsect2>

    <refsect2>
      <title>Properties</title>

      <para><varname>ScopesMask</varname> defines which resolver scopes are currently active on this
      interface. This 64-bit unsigned integer field is a bit mask consisting of a subset of the bits of the
      flags parameter describe above. Specifically, it may have the DNS, LLMNR and MDNS bits (the latter in
      IPv4 and IPv6 flavours) set. Each individual bit is set when the protocol applies to a specific
      interface and is enabled for it. It is unset otherwise. Specifically, a multicast-capable interface in
      the "UP" state with an IP address is suitable for LLMNR or MulticastDNS, and any interface that is UP and
      has an IP address is suitable for DNS. Note the relationship of the bits exposed here with the LLMNR
      and MulticastDNS properties also exposed on the Link interface. The latter expose what is *configured*
      to be used on the interface, the former expose what is actually used on the interface, taking into
      account the abilities of the interface.</para>

      <para><varname>DNSSECSupported</varname> exposes a boolean field that indicates whether DNSSEC is
      currently configured and in use on the interface. Note that if DNSSEC is enabled on an interface, it is
      assumed available until it is detected that the configured server does not actually support it. Thus,
      this property may initially report that DNSSEC is supported on an interface.</para>

      <para><varname>DefaultRoute</varname> exposes a boolean field that indicates whether the interface will
      be used as default route for name queries. See <function>SetLinkDefaultRoute()</function> above.</para>

      <para>The other properties reflect the state of the various configuration settings for the link which
      may be set with the various methods calls such as <function>SetDNS()</function> or
      <function>SetLLMNR()</function>.</para>
    </refsect2>
  </refsect1>

  <refsect1>
    <title>Common Errors</title>

    <para>Many bus methods <filename>systemd-resolved</filename> exposes (in particular the resolver methods such
    as <function>ResolveHostname()</function> on the <interfacename>Manager</interfacename> interface) may return
    some of the following errors:</para>

    <variablelist>
      <varlistentry><term><constant>org.freedesktop.resolve1.NoNameServers</constant></term>
      <listitem><para>No suitable DNS servers were found to resolve a request.</para>

      <xi:include href="version-info.xml" xpointer="v246"/></listitem>
      </varlistentry>

      <varlistentry><term><constant>org.freedesktop.resolve1.InvalidReply</constant></term>
      <listitem><para>A response from the selected DNS server was not understood.</para>

      <xi:include href="version-info.xml" xpointer="v246"/></listitem>
      </varlistentry>

      <varlistentry><term><constant>org.freedesktop.resolve1.NoSuchRR</constant></term>
      <listitem><para>The requested name exists, but there is no resource record of the requested type for
      it. (This is the DNS NODATA case).</para>

      <xi:include href="version-info.xml" xpointer="v246"/></listitem></varlistentry>

      <varlistentry><term><constant>org.freedesktop.resolve1.CNameLoop</constant></term>
      <listitem><para>The look-up failed because a CNAME or DNAME loop was detected.</para>

      <xi:include href="version-info.xml" xpointer="v246"/></listitem>
      </varlistentry>

      <varlistentry><term><constant>org.freedesktop.resolve1.Aborted</constant></term>
      <listitem><para>The look-up was aborted because the selected protocol became unavailable while the
      operation was ongoing.</para>

      <xi:include href="version-info.xml" xpointer="v246"/></listitem>
      </varlistentry>

      <varlistentry><term><constant>org.freedesktop.resolve1.NoSuchService</constant></term>
      <listitem><para>A service look-up was successful, but the <constant class="dns">SRV</constant> record
      reported that the service is not available.</para>

      <xi:include href="version-info.xml" xpointer="v246"/></listitem></varlistentry>

      <varlistentry><term><constant>org.freedesktop.resolve1.DnssecFailed</constant></term>
      <listitem><para>The acquired response did not pass DNSSEC validation.</para>

      <xi:include href="version-info.xml" xpointer="v246"/></listitem>
      </varlistentry>

      <varlistentry><term><constant>org.freedesktop.resolve1.NoTrustAnchor</constant></term>
      <listitem><para>No chain of trust could be established for the response to a configured DNSSEC trust
      anchor.</para>

      <xi:include href="version-info.xml" xpointer="v246"/></listitem>
      </varlistentry>

      <varlistentry><term><constant>org.freedesktop.resolve1.ResourceRecordTypeUnsupported</constant></term>
      <listitem><para>The requested resource record type is not supported on the selected DNS servers. This
      error is generated for example when an RRSIG record is requested from a DNS server that does not
      support DNSSEC.</para>

      <xi:include href="version-info.xml" xpointer="v246"/></listitem>

      </varlistentry>

      <varlistentry><term><constant>org.freedesktop.resolve1.NoSuchLink</constant></term>
      <listitem><para>No network interface with the specified network interface index exists.
      </para>

      <xi:include href="version-info.xml" xpointer="v246"/></listitem></varlistentry>

      <varlistentry><term><constant>org.freedesktop.resolve1.LinkBusy</constant></term>
      <listitem><para>The requested configuration change could not be made because
      <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      already took possession of the interface and supplied configuration data for it.</para>

      <xi:include href="version-info.xml" xpointer="v246"/></listitem>
      </varlistentry>

      <varlistentry><term><constant>org.freedesktop.resolve1.NetworkDown</constant></term>
      <listitem><para>The requested look-up failed because the system is currently not connected to any
      suitable network.</para>

      <xi:include href="version-info.xml" xpointer="v246"/></listitem></varlistentry>

      <varlistentry><term><constant>org.freedesktop.resolve1.DnsError.NXDOMAIN</constant></term>
      <term><constant>org.freedesktop.resolve1.DnsError.REFUSED</constant></term>
      <term>...</term>
      <listitem><para>The look-up failed with a DNS return code reporting a failure. The error names used as
      suffixes here are defined in by IANA in
      <ulink url="https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6">DNS RCODEs</ulink>.
      </para>

      <xi:include href="version-info.xml" xpointer="v246"/></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Examples</title>

    <example>
      <title>Introspect <interfacename>org.freedesktop.resolve1.Manager</interfacename> on the bus</title>

      <programlisting>
$ gdbus introspect --system \
  --dest org.freedesktop.resolve1 \
  --object-path /org/freedesktop/resolve1
      </programlisting>
    </example>

    <example>
      <title>Introspect <interfacename>org.freedesktop.resolve1.Link</interfacename> on the bus</title>

      <programlisting>
$ gdbus introspect --system \
  --dest org.freedesktop.resolve1 \
  --object-path /org/freedesktop/resolve1/link/_11
      </programlisting>
    </example>
  </refsect1>

  <xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
</refentry>