]>
Commit | Line | Data |
---|---|---|
624993ac | 1 | <?xml version='1.0'?> |
3a54a157 | 2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
eea10b26 | 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> |
db9ecf05 | 4 | <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> |
624993ac | 5 | |
b69f810c | 6 | <refentry id="resolvectl" conditional='ENABLE_RESOLVE' |
624993ac LP |
7 | xmlns:xi="http://www.w3.org/2001/XInclude"> |
8 | ||
9 | <refentryinfo> | |
b69f810c | 10 | <title>resolvectl</title> |
624993ac | 11 | <productname>systemd</productname> |
624993ac LP |
12 | </refentryinfo> |
13 | ||
14 | <refmeta> | |
b69f810c | 15 | <refentrytitle>resolvectl</refentrytitle> |
624993ac LP |
16 | <manvolnum>1</manvolnum> |
17 | </refmeta> | |
18 | ||
19 | <refnamediv> | |
b69f810c | 20 | <refname>resolvectl</refname> |
2eee2088 LP |
21 | <refname>resolvconf</refname> |
22 | <refpurpose>Resolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services; introspect and reconfigure the DNS resolver</refpurpose> | |
624993ac LP |
23 | </refnamediv> |
24 | ||
25 | <refsynopsisdiv> | |
26 | <cmdsynopsis> | |
b69f810c | 27 | <command>resolvectl</command> |
624993ac | 28 | <arg choice="opt" rep="repeat">OPTIONS</arg> |
b69f810c YW |
29 | <arg choice="req">COMMAND</arg> |
30 | <arg choice="opt" rep="repeat">NAME</arg> | |
624993ac | 31 | </cmdsynopsis> |
624993ac LP |
32 | </refsynopsisdiv> |
33 | ||
34 | <refsect1> | |
35 | <title>Description</title> | |
36 | ||
b69f810c | 37 | <para><command>resolvectl</command> may be used to resolve domain names, IPv4 and IPv6 addresses, DNS resource |
624993ac LP |
38 | records and services with the |
39 | <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
40 | resolver service. By default, the specified list of parameters will be resolved as hostnames, retrieving their IPv4 | |
1f7eed4c | 41 | and IPv6 addresses. If the parameters specified are formatted as IPv4 or IPv6 addresses the reverse operation is |
624993ac LP |
42 | done, and a hostname is retrieved for the specified addresses.</para> |
43 | ||
cdfe156a LP |
44 | <para>The program's output contains information about the protocol used for the look-up and on which network |
45 | interface the data was discovered. It also contains information on whether the information could be | |
46 | authenticated. All data for which local DNSSEC validation succeeds is considered authenticated. Moreover all data | |
47 | originating from local, trusted sources is also reported authenticated, including resolution of the local host | |
38b38500 | 48 | name, the <literal>localhost</literal> hostname or all data from <filename>/etc/hosts</filename>.</para> |
624993ac LP |
49 | </refsect1> |
50 | ||
b69f810c YW |
51 | <refsect1> |
52 | <title>Commands</title> | |
53 | <variablelist> | |
54 | ||
55 | <varlistentry> | |
8eb6e6ed | 56 | <term><command>query</command> <replaceable>HOSTNAME|ADDRESS</replaceable>…</term> |
b69f810c | 57 | |
b480543c | 58 | <listitem><para>Resolve domain names, as well as IPv4 and IPv6 addresses. When used in conjunction |
018b642a LP |
59 | with <option>--type=</option> or <option>--class=</option> (see below), resolves low-level DNS |
60 | resource records.</para> | |
61 | ||
62 | <para>If a single-label domain name is specified it is searched for according to the configured | |
63 | search domains — unless <option>--search=no</option> or | |
64 | <option>--type=</option>/<option>--class=</option> are specified, both of which turn this logic | |
65 | off.</para> | |
66 | ||
67 | <para>If an international domain name is specified, it is automatically translated according to IDNA | |
68 | rules when resolved via classic DNS — but not for look-ups via MulticastDNS or LLMNR. If | |
69 | <option>--type=</option>/<option>--class=</option> is used IDNA translation is turned off and domain | |
ec07c3c8 AK |
70 | names are processed as specified.</para> |
71 | ||
3557f1a6 LP |
72 | <para>If combined with <option>--json=</option> (only supported in combination with |
73 | <option>--type=</option>) will output the resource record data in a JSON object.</para> | |
74 | ||
ec07c3c8 | 75 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> |
b69f810c YW |
76 | </varlistentry> |
77 | ||
78 | <varlistentry> | |
8eb6e6ed ZJS |
79 | <term><command>service</command> |
80 | [[<replaceable>NAME</replaceable>] <replaceable>TYPE</replaceable>] | |
81 | <replaceable>DOMAIN</replaceable></term> | |
b69f810c | 82 | |
c8cd6d7b ZJS |
83 | <listitem><para>Resolve <ulink url="https://tools.ietf.org/html/rfc6763">RFC 6763 DNS-SD</ulink> and |
84 | <ulink url="https://tools.ietf.org/html/rfc2782">RFC 2782 SRV</ulink> services, depending on the | |
85 | specified list of parameters. If three parameters are passed the first is assumed to be the DNS-SD | |
86 | service name, the second the <constant class='dns'>SRV</constant> service type, and the third the | |
87 | domain to search in. In this case a full DNS-SD style <constant class='dns'>SRV</constant> and | |
88 | <constant class='dns'>TXT</constant> lookup is executed. If only two parameters are specified, the | |
89 | first is assumed to be the <constant class='dns'>SRV</constant> service type, and the second the | |
90 | domain to look in. In this case no <constant class='dns'>TXT</constant> resource record is requested. | |
91 | Finally, if only one parameter is specified, it is assumed to be a domain name, that is already | |
92 | prefixed with an <constant class='dns'>SRV</constant> type, and an <constant | |
93 | class='dns'>SRV</constant> lookup is done (no <constant class='dns'>TXT</constant>).</para> | |
ec07c3c8 AK |
94 | |
95 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
b69f810c YW |
96 | </varlistentry> |
97 | ||
98 | <varlistentry> | |
8eb6e6ed | 99 | <term><command>openpgp</command> <replaceable>EMAIL@DOMAIN</replaceable>…</term> |
b69f810c | 100 | |
9a024bf1 | 101 | <listitem><para>Query PGP keys stored as <constant class='dns'>OPENPGPKEY</constant> resource records, |
857f0e0a | 102 | see <ulink url="https://tools.ietf.org/html/rfc7929">RFC 7929</ulink>. Specified e-mail addresses |
9a024bf1 | 103 | are converted to the corresponding DNS domain name, and any <constant class='dns'>OPENPGPKEY</constant> |
ec07c3c8 AK |
104 | keys are printed.</para> |
105 | ||
106 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
b69f810c YW |
107 | </varlistentry> |
108 | ||
624993ac | 109 | <varlistentry> |
8eb6e6ed ZJS |
110 | <term><command>tlsa</command> |
111 | [<replaceable>FAMILY</replaceable>] | |
112 | <replaceable>DOMAIN</replaceable>[:<replaceable>PORT</replaceable>]…</term> | |
624993ac | 113 | |
9a024bf1 ZJS |
114 | <listitem><para>Query TLS public keys stored as <constant class='dns'>TLSA</constant> resource |
115 | records, see <ulink url="https://tools.ietf.org/html/rfc6698">RFC 6698</ulink>. A query will be | |
116 | performed for each of the specified names prefixed with the port and family | |
b69f810c | 117 | (<literal>_<replaceable>port</replaceable>._<replaceable>family</replaceable>.<replaceable>domain</replaceable></literal>). |
9a024bf1 ZJS |
118 | The port number may be specified after a colon (<literal>:</literal>), otherwise |
119 | <constant>443</constant> will be used by default. The family may be specified as the first argument, | |
ec07c3c8 AK |
120 | otherwise <constant>tcp</constant> will be used.</para> |
121 | ||
122 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
b69f810c YW |
123 | </varlistentry> |
124 | ||
125 | <varlistentry> | |
8eb6e6ed | 126 | <term><command>status</command> [<replaceable>LINK</replaceable>…]</term> |
b69f810c | 127 | |
2c520df4 | 128 | <listitem><para>Shows the global and per-link DNS settings currently in effect. If no command is specified, |
ec07c3c8 AK |
129 | this is the implied default.</para> |
130 | ||
131 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
b69f810c YW |
132 | </varlistentry> |
133 | ||
134 | <varlistentry> | |
8eb6e6ed | 135 | <term><command>statistics</command></term> |
b69f810c YW |
136 | |
137 | <listitem><para>Shows general resolver statistics, including information whether DNSSEC is | |
ec07c3c8 AK |
138 | enabled and available, as well as resolution and validation statistics.</para> |
139 | ||
140 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
624993ac LP |
141 | </varlistentry> |
142 | ||
143 | <varlistentry> | |
8eb6e6ed | 144 | <term><command>reset-statistics</command></term> |
624993ac | 145 | |
8eb6e6ed | 146 | <listitem><para>Resets the statistics counters shown in <command>statistics</command> to zero. |
ec07c3c8 AK |
147 | This operation requires root privileges.</para> |
148 | ||
149 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
624993ac LP |
150 | </varlistentry> |
151 | ||
ba35662f | 152 | <varlistentry> |
8eb6e6ed | 153 | <term><command>flush-caches</command></term> |
ba35662f | 154 | |
9a024bf1 ZJS |
155 | <listitem><para>Flushes all DNS resource record caches the service maintains locally. This is mostly |
156 | equivalent to sending the <constant>SIGUSR2</constant> to the <command>systemd-resolved</command> | |
ec07c3c8 AK |
157 | service.</para> |
158 | ||
159 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
d55b0463 LP |
160 | </varlistentry> |
161 | ||
162 | <varlistentry> | |
8eb6e6ed | 163 | <term><command>reset-server-features</command></term> |
d55b0463 LP |
164 | |
165 | <listitem><para>Flushes all feature level information the resolver learnt about specific servers, and ensures | |
166 | that the server feature probing logic is started from the beginning with the next look-up request. This is | |
167 | mostly equivalent to sending the <constant>SIGRTMIN+1</constant> to the <command>systemd-resolved</command> | |
ec07c3c8 AK |
168 | service.</para> |
169 | ||
170 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
ba35662f LP |
171 | </varlistentry> |
172 | ||
be371fe0 | 173 | <varlistentry> |
8eb6e6ed ZJS |
174 | <term><command>dns</command> [<replaceable>LINK</replaceable> [<replaceable>SERVER</replaceable>…]]</term> |
175 | <term><command>domain</command> [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</term> | |
176 | <term><command>default-route</command> [<replaceable>LINK</replaceable> [<replaceable>BOOL</replaceable>…]]</term> | |
177 | <term><command>llmnr</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term> | |
178 | <term><command>mdns</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term> | |
179 | <term><command>dnssec</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term> | |
180 | <term><command>dnsovertls</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term> | |
181 | <term><command>nta</command> [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</term> | |
b69f810c | 182 | |
74053ff2 | 183 | <listitem> |
8eb6e6ed ZJS |
184 | <para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS |
185 | settings for network interfaces. These commands may be used to inform | |
186 | <command>systemd-resolved</command> or <command>systemd-networkd</command> about per-interface DNS | |
187 | configuration determined through external means. The <command>dns</command> command expects IPv4 or | |
711dd5db YW |
188 | IPv6 address specifications of DNS servers to use. Each address can optionally take a port number |
189 | separated with <literal>:</literal>, a network interface name or index separated with | |
190 | <literal>%</literal>, and a Server Name Indication (SNI) separated with <literal>#</literal>. When | |
191 | IPv6 address is specified with a port number, then the address must be in the square brackets. That | |
192 | is, the acceptable full formats are <literal>111.222.333.444:9953%ifname#example.com</literal> for | |
193 | IPv4 and <literal>[1111:2222::3333]:9953%ifname#example.com</literal> for IPv6. The | |
194 | <command>domain</command> command expects valid DNS domains, possibly prefixed with | |
195 | <literal>~</literal>, and configures a per-interface search or route-only domain. The | |
196 | <command>default-route</command> command expects a boolean parameter, and configures whether the | |
197 | link may be used as default route for DNS lookups, i.e. if it is suitable for lookups on domains no | |
198 | other link explicitly is configured for. The <command>llmnr</command>, <command>mdns</command>, | |
199 | <command>dnssec</command> and <command>dnsovertls</command> commands may be used to configure the | |
200 | per-interface LLMNR, MulticastDNS, DNSSEC and DNSOverTLS settings. Finally, <command>nta</command> | |
201 | command may be used to configure additional per-interface DNSSEC NTA domains.</para> | |
8eb6e6ed ZJS |
202 | |
203 | <para>Commands <command>dns</command>, <command>domain</command> and <command>nta</command> can take | |
74053ff2 DKG |
204 | a single empty string argument to clear their respective value lists.</para> |
205 | ||
8eb6e6ed ZJS |
206 | <para>For details about these settings, their possible values and their effect, see the |
207 | corresponding settings in | |
74053ff2 | 208 | <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> |
aefdc112 AK |
209 | |
210 | <xi:include href="version-info.xml" xpointer="v239"/> | |
14965b94 LP |
211 | </listitem> |
212 | </varlistentry> | |
213 | ||
214 | <varlistentry> | |
8eb6e6ed | 215 | <term><command>revert <replaceable>LINK</replaceable></command></term> |
b69f810c YW |
216 | |
217 | <listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all | |
8eb6e6ed ZJS |
218 | per-interface DNS setting are reset to their defaults, undoing all effects of <command>dns</command>, |
219 | <command>domain</command>, <command>default-route</command>, <command>llmnr</command>, | |
220 | <command>mdns</command>, <command>dnssec</command>, <command>dnsovertls</command>, | |
221 | <command>nta</command>. Note that when a network interface disappears all configuration is lost | |
ec07c3c8 AK |
222 | automatically, an explicit reverting is not necessary in that case.</para> |
223 | ||
224 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
14965b94 LP |
225 | </varlistentry> |
226 | ||
fffbf1dc LP |
227 | <varlistentry> |
228 | <term><command>monitor</command></term> | |
229 | ||
64ebc0da | 230 | <listitem><para>Show a continuous stream of local client resolution queries and their |
fffbf1dc LP |
231 | responses. Whenever a local query is completed the query's DNS resource lookup key and resource |
232 | records are shown. Note that this displays queries issued locally only, and does not immediately | |
233 | relate to DNS requests submitted to configured DNS servers or the LLMNR or MulticastDNS zones, as | |
234 | lookups may be answered from the local cache, or might result in multiple DNS transactions (for | |
235 | example to validate DNSSEC information). If CNAME/CNAME redirection chains are followed, a separate | |
236 | query will be displayed for each element of the chain. Use <option>--json=</option> to enable JSON | |
ec07c3c8 AK |
237 | output.</para> |
238 | ||
239 | <xi:include href="version-info.xml" xpointer="v252"/></listitem> | |
fffbf1dc LP |
240 | </varlistentry> |
241 | ||
6050e8b5 LP |
242 | <varlistentry> |
243 | <term><command>show-cache</command></term> | |
244 | ||
245 | <listitem><para>Show current cache content, per scope. Use <option>--json=</option> to enable JSON | |
ec07c3c8 AK |
246 | output.</para> |
247 | ||
248 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
6050e8b5 LP |
249 | </varlistentry> |
250 | ||
bc837621 KV |
251 | <varlistentry> |
252 | <term><command>show-server-state</command></term> | |
253 | ||
254 | <listitem><para>Show detailed server state information, per DNS Server. Use <option>--json=</option> | |
ec07c3c8 AK |
255 | to enable JSON output.</para> |
256 | ||
257 | <xi:include href="version-info.xml" xpointer="v255"/></listitem> | |
bc837621 KV |
258 | </varlistentry> |
259 | ||
df957849 | 260 | <xi:include href="systemctl.xml" xpointer="log-level" /> |
624993ac LP |
261 | </variablelist> |
262 | </refsect1> | |
263 | ||
e1fac8a6 ZJS |
264 | <refsect1> |
265 | <title>Options</title> | |
266 | <variablelist> | |
267 | <varlistentry> | |
268 | <term><option>-4</option></term> | |
269 | <term><option>-6</option></term> | |
270 | ||
271 | <listitem><para>By default, when resolving a hostname, both IPv4 and IPv6 | |
272 | addresses are acquired. By specifying <option>-4</option> only IPv4 addresses are requested, by specifying | |
273 | <option>-6</option> only IPv6 addresses are requested.</para> | |
ec07c3c8 AK |
274 | |
275 | <xi:include href="version-info.xml" xpointer="v239"/> | |
e1fac8a6 ZJS |
276 | </listitem> |
277 | </varlistentry> | |
278 | ||
279 | <varlistentry> | |
280 | <term><option>-i</option> <replaceable>INTERFACE</replaceable></term> | |
9bfabe14 | 281 | <term><option>--interface=<replaceable>INTERFACE</replaceable></option></term> |
e1fac8a6 ZJS |
282 | |
283 | <listitem><para>Specifies the network interface to execute the query on. This may either be specified as numeric | |
284 | interface index or as network interface string (e.g. <literal>en0</literal>). Note that this option has no | |
285 | effect if system-wide DNS configuration (as configured in <filename>/etc/resolv.conf</filename> or | |
ec07c3c8 AK |
286 | <filename>/etc/systemd/resolved.conf</filename>) in place of per-link configuration is used.</para> |
287 | ||
288 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
e1fac8a6 ZJS |
289 | </varlistentry> |
290 | ||
291 | <varlistentry> | |
292 | <term><option>-p</option> <replaceable>PROTOCOL</replaceable></term> | |
9bfabe14 | 293 | <term><option>--protocol=<replaceable>PROTOCOL</replaceable></option></term> |
e1fac8a6 ZJS |
294 | |
295 | <listitem><para>Specifies the network protocol for the query. May be one of <literal>dns</literal> | |
296 | (i.e. classic unicast DNS), <literal>llmnr</literal> (<ulink | |
297 | url="https://tools.ietf.org/html/rfc4795">Link-Local Multicast Name Resolution</ulink>), | |
298 | <literal>llmnr-ipv4</literal>, <literal>llmnr-ipv6</literal> (LLMNR via the indicated underlying IP | |
299 | protocols), <literal>mdns</literal> (<ulink url="https://www.ietf.org/rfc/rfc6762.txt">Multicast DNS</ulink>), | |
300 | <literal>mdns-ipv4</literal>, <literal>mdns-ipv6</literal> (MDNS via the indicated underlying IP protocols). | |
301 | By default the lookup is done via all protocols suitable for the lookup. If used, limits the set of | |
302 | protocols that may be used. Use this option multiple times to enable resolving via multiple protocols at the | |
303 | same time. The setting <literal>llmnr</literal> is identical to specifying this switch once with | |
304 | <literal>llmnr-ipv4</literal> and once via <literal>llmnr-ipv6</literal>. Note that this option does not force | |
305 | the service to resolve the operation with the specified protocol, as that might require a suitable network | |
306 | interface and configuration. | |
307 | The special value <literal>help</literal> may be used to list known values. | |
ec07c3c8 AK |
308 | </para> |
309 | ||
310 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
e1fac8a6 ZJS |
311 | </varlistentry> |
312 | ||
313 | <varlistentry> | |
314 | <term><option>-t</option> <replaceable>TYPE</replaceable></term> | |
9bfabe14 | 315 | <term><option>--type=<replaceable>TYPE</replaceable></option></term> |
e1fac8a6 | 316 | <term><option>-c</option> <replaceable>CLASS</replaceable></term> |
9bfabe14 | 317 | <term><option>--class=<replaceable>CLASS</replaceable></option></term> |
e1fac8a6 | 318 | |
018b642a | 319 | <listitem><para>When used in conjunction with the <command>query</command> command, specifies the DNS |
9a024bf1 ZJS |
320 | resource record type (e.g. <constant class='dns'>A</constant>, <constant class='dns'>AAAA</constant>, |
321 | <constant class='dns'>MX</constant>, …) and class (e.g. <constant>IN</constant>, | |
322 | <constant>ANY</constant>, …) to look up. If these options are used a DNS resource record set matching | |
323 | the specified class and type is requested. The class defaults to <constant>IN</constant> if only a | |
324 | type is specified. The special value <literal>help</literal> may be used to list known values.</para> | |
018b642a LP |
325 | |
326 | <para>Without these options <command>resolvectl query</command> provides high-level domain name to | |
327 | address and address to domain name resolution. With these options it provides low-level DNS resource | |
328 | record resolution. The search domain logic is automatically turned off when these options are used, | |
329 | i.e. specified domain names need to be fully qualified domain names. Moreover, IDNA internal domain | |
330 | name translation is turned off as well, i.e. international domain names should be specified in | |
331 | <literal>xn--…</literal> notation, unless look-up in MulticastDNS/LLMNR is desired, in which case | |
ec07c3c8 AK |
332 | UTF-8 characters should be used.</para> |
333 | ||
334 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
e1fac8a6 ZJS |
335 | </varlistentry> |
336 | ||
337 | <varlistentry> | |
9bfabe14 | 338 | <term><option>--service-address=<replaceable>BOOL</replaceable></option></term> |
e1fac8a6 ZJS |
339 | |
340 | <listitem><para>Takes a boolean parameter. If true (the default), when doing a service lookup with | |
9a024bf1 | 341 | <option>--service</option> the hostnames contained in the <constant class='dns'>SRV</constant> |
ec07c3c8 AK |
342 | resource records are resolved as well.</para> |
343 | ||
344 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
e1fac8a6 ZJS |
345 | </varlistentry> |
346 | ||
347 | <varlistentry> | |
9bfabe14 | 348 | <term><option>--service-txt=<replaceable>BOOL</replaceable></option></term> |
e1fac8a6 | 349 | |
9a024bf1 ZJS |
350 | <listitem><para>Takes a boolean parameter. If true (the default), when doing a DNS-SD service lookup |
351 | with <option>--service</option> the <constant class='dns'>TXT</constant> service metadata record is | |
ec07c3c8 AK |
352 | resolved as well.</para> |
353 | ||
354 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
e1fac8a6 ZJS |
355 | </varlistentry> |
356 | ||
357 | <varlistentry> | |
9bfabe14 | 358 | <term><option>--cname=<replaceable>BOOL</replaceable></option></term> |
e1fac8a6 | 359 | |
9a024bf1 ZJS |
360 | <listitem><para>Takes a boolean parameter. If true (the default), DNS <constant |
361 | class='dns'>CNAME</constant> or <constant class='dns'>DNAME</constant> redirections are | |
e1fac8a6 | 362 | followed. Otherwise, if a CNAME or DNAME record is encountered while resolving, an error is |
ec07c3c8 AK |
363 | returned.</para> |
364 | ||
365 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
e1fac8a6 ZJS |
366 | </varlistentry> |
367 | ||
d711322c | 368 | <varlistentry> |
9bfabe14 | 369 | <term><option>--validate=<replaceable>BOOL</replaceable></option></term> |
d711322c LP |
370 | |
371 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true | |
372 | (the default), DNSSEC validation is applied as usual — under the condition that it is enabled for the | |
373 | network and for <filename>systemd-resolved.service</filename> as a whole. If false, DNSSEC validation | |
374 | is disabled for the specific query, regardless of whether it is enabled for the network or in the | |
375 | service. Note that setting this option to true does not force DNSSEC validation on systems/networks | |
376 | where DNSSEC is turned off. This option is only suitable to turn off such validation where otherwise | |
ec07c3c8 AK |
377 | enabled, not enable validation where otherwise disabled.</para> |
378 | ||
379 | <xi:include href="version-info.xml" xpointer="v248"/></listitem> | |
d711322c LP |
380 | </varlistentry> |
381 | ||
382 | <varlistentry> | |
9bfabe14 | 383 | <term><option>--synthesize=<replaceable>BOOL</replaceable></option></term> |
d711322c LP |
384 | |
385 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true | |
386 | (the default), select domains are resolved on the local system, among them | |
17f244e8 LP |
387 | <literal>localhost</literal>, <literal>_gateway</literal>, <literal>_outbound</literal>, |
388 | <literal>_localdnsstub</literal> and <literal>_localdnsproxy</literal> or entries from | |
389 | <filename>/etc/hosts</filename>. If false these domains are not resolved locally, and either fail (in | |
390 | case of <literal>localhost</literal>, <literal>_gateway</literal> or <literal>_outbound</literal> and | |
391 | suchlike) or go to the network via regular DNS/mDNS/LLMNR lookups (in case of | |
ec07c3c8 AK |
392 | <filename>/etc/hosts</filename> entries).</para> |
393 | ||
394 | <xi:include href="version-info.xml" xpointer="v248"/></listitem> | |
d711322c LP |
395 | </varlistentry> |
396 | ||
397 | <varlistentry> | |
9bfabe14 | 398 | <term><option>--cache=<replaceable>BOOL</replaceable></option></term> |
d711322c LP |
399 | |
400 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true | |
401 | (the default), lookups use the local DNS resource record cache. If false, lookups are routed to the | |
ec07c3c8 AK |
402 | network instead, regardless if already available in the local cache.</para> |
403 | ||
404 | <xi:include href="version-info.xml" xpointer="v248"/></listitem> | |
d711322c LP |
405 | </varlistentry> |
406 | ||
407 | <varlistentry> | |
9bfabe14 | 408 | <term><option>--zone=<replaceable>BOOL</replaceable></option></term> |
d711322c LP |
409 | |
410 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true | |
411 | (the default), lookups are answered from locally registered LLMNR or mDNS resource records, if | |
412 | defined. If false, locally registered LLMNR/mDNS records are not considered for the lookup | |
ec07c3c8 AK |
413 | request.</para> |
414 | ||
415 | <xi:include href="version-info.xml" xpointer="v248"/></listitem> | |
d711322c LP |
416 | </varlistentry> |
417 | ||
418 | <varlistentry> | |
9bfabe14 | 419 | <term><option>--trust-anchor=<replaceable>BOOL</replaceable></option></term> |
d711322c LP |
420 | |
421 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true | |
422 | (the default), lookups for DS and DNSKEY are answered from the local DNSSEC trust anchors if | |
ec07c3c8 AK |
423 | possible. If false, the local trust store is not considered for the lookup request.</para> |
424 | ||
425 | <xi:include href="version-info.xml" xpointer="v248"/></listitem> | |
d711322c LP |
426 | </varlistentry> |
427 | ||
428 | <varlistentry> | |
9bfabe14 | 429 | <term><option>--network=<replaceable>BOOL</replaceable></option></term> |
d711322c LP |
430 | |
431 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true | |
432 | (the default), lookups are answered via DNS, LLMNR or mDNS network requests if they cannot be | |
433 | synthesized locally, or be answered from the local cache, zone or trust anchors (see above). If false, | |
434 | the request is not answered from the network and will thus fail if none of the indicated sources can | |
ec07c3c8 AK |
435 | answer them.</para> |
436 | ||
437 | <xi:include href="version-info.xml" xpointer="v248"/></listitem> | |
d711322c LP |
438 | </varlistentry> |
439 | ||
e1fac8a6 | 440 | <varlistentry> |
9bfabe14 | 441 | <term><option>--search=<replaceable>BOOL</replaceable></option></term> |
e1fac8a6 | 442 | |
018b642a LP |
443 | <listitem><para>Takes a boolean parameter. If true (the default), any specified single-label |
444 | hostnames will be searched in the domains configured in the search domain list, if it is | |
445 | non-empty. Otherwise, the search domain logic is disabled. Note that this option has no effect if | |
446 | <option>--type=</option> is used (see above), in which case the search domain logic is | |
ec07c3c8 AK |
447 | unconditionally turned off.</para> |
448 | ||
449 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
e1fac8a6 ZJS |
450 | </varlistentry> |
451 | ||
452 | <varlistentry> | |
453 | <term><option>--raw</option><optional>=payload|packet</optional></term> | |
454 | ||
455 | <listitem><para>Dump the answer as binary data. If there is no argument or if the argument is | |
456 | <literal>payload</literal>, the payload of the packet is exported. If the argument is | |
457 | <literal>packet</literal>, the whole packet is dumped in wire format, prefixed by | |
458 | length specified as a little-endian 64-bit number. This format allows multiple packets | |
ec07c3c8 AK |
459 | to be dumped and unambiguously parsed.</para> |
460 | ||
461 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
e1fac8a6 ZJS |
462 | </varlistentry> |
463 | ||
464 | <varlistentry> | |
9bfabe14 | 465 | <term><option>--legend=<replaceable>BOOL</replaceable></option></term> |
e1fac8a6 ZJS |
466 | |
467 | <listitem><para>Takes a boolean parameter. If true (the default), column headers and meta information about the | |
ec07c3c8 AK |
468 | query response are shown. Otherwise, this output is suppressed.</para> |
469 | ||
470 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
e1fac8a6 ZJS |
471 | </varlistentry> |
472 | ||
5ed91481 | 473 | <varlistentry> |
9bfabe14 | 474 | <term><option>--stale-data=<replaceable>BOOL</replaceable></option></term> |
5ed91481 KV |
475 | |
476 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true | |
477 | (the default), lookups are answered with stale data (expired resource records) if | |
ec07c3c8 AK |
478 | possible. If false, the stale data is not considered for the lookup request.</para> |
479 | ||
480 | <xi:include href="version-info.xml" xpointer="v254"/></listitem> | |
5ed91481 KV |
481 | </varlistentry> |
482 | ||
36418a47 | 483 | <varlistentry> |
9bfabe14 | 484 | <term><option>--relax-single-label=<replaceable>BOOL</replaceable></option></term> |
36418a47 LP |
485 | |
486 | <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If | |
487 | true, rules regarding routing of single-label names are relaxed. Defaults to false. By default, | |
488 | lookups of single label names are assumed to refer to local hosts to be resolved via local resolution | |
489 | such as LLMNR or via search domain qualification and are not routed to upstream servers as is. If | |
490 | this option is enabled these rules are disabled and the queries are routed upstream anyway. Also see | |
491 | the <varname>ResolveUnicastSingleLabel=</varname> option in | |
492 | <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> | |
493 | which provides a system-wide option that controls this behaviour.</para> | |
494 | ||
495 | <xi:include href="version-info.xml" xpointer="v256"/></listitem> | |
496 | </varlistentry> | |
497 | ||
fffbf1dc | 498 | <xi:include href="standard-options.xml" xpointer="json" /> |
3557f1a6 | 499 | <xi:include href="standard-options.xml" xpointer="j" /> |
fffbf1dc | 500 | <xi:include href="standard-options.xml" xpointer="no-pager" /> |
e1fac8a6 ZJS |
501 | <xi:include href="standard-options.xml" xpointer="help" /> |
502 | <xi:include href="standard-options.xml" xpointer="version" /> | |
e1fac8a6 ZJS |
503 | </variablelist> |
504 | </refsect1> | |
505 | ||
2eee2088 | 506 | <refsect1> |
42ecca2e ZJS |
507 | <title>Compatibility with |
508 | <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry></title> | |
2eee2088 | 509 | |
b69f810c YW |
510 | <para><command>resolvectl</command> is a multi-call binary. When invoked as <literal>resolvconf</literal> |
511 | (generally achieved by means of a symbolic link of this name to the <command>resolvectl</command> binary) it | |
42ecca2e ZJS |
512 | is run in a limited |
513 | <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
2eee2088 LP |
514 | compatibility mode. It accepts mostly the same arguments and pushes all data into |
515 | <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, | |
b69f810c | 516 | similar to how <option>dns</option> and <option>domain</option> commands operate. Note that |
2eee2088 | 517 | <command>systemd-resolved.service</command> is the only supported backend, which is different from other |
924ccc35 ZJS |
518 | implementations of this command.</para> |
519 | ||
520 | <para><filename>/etc/resolv.conf</filename> will only be updated with servers added with this command | |
521 | when <filename>/etc/resolv.conf</filename> is a symlink to | |
522 | <filename>/run/systemd/resolve/resolv.conf</filename>, and not a static file. See the discussion of | |
523 | <filename>/etc/resolv.conf</filename> handling in | |
524 | <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. | |
525 | </para> | |
526 | ||
527 | <para>Not all operations supported by other implementations are supported natively. Specifically:</para> | |
2eee2088 LP |
528 | |
529 | <variablelist> | |
530 | <varlistentry> | |
531 | <term><option>-a</option></term> | |
532 | <listitem><para>Registers per-interface DNS configuration data with | |
533 | <command>systemd-resolved</command>. Expects a network interface name as only command line argument. Reads | |
b7a47345 ZJS |
534 | <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>-compatible |
535 | DNS configuration data from its standard input. Relevant fields are <literal>nameserver</literal> and | |
2eee2088 | 536 | <literal>domain</literal>/<literal>search</literal>. This command is mostly identical to invoking |
b7a47345 | 537 | <command>resolvectl</command> with a combination of <option>dns</option> and <option>domain</option> |
ec07c3c8 AK |
538 | commands.</para> |
539 | ||
540 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
2eee2088 LP |
541 | </varlistentry> |
542 | ||
543 | <varlistentry> | |
544 | <term><option>-d</option></term> | |
545 | <listitem><para>Unregisters per-interface DNS configuration data with <command>systemd-resolved</command>. This | |
ec07c3c8 AK |
546 | command is mostly identical to invoking <command>resolvectl revert</command>.</para> |
547 | ||
548 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
2eee2088 LP |
549 | </varlistentry> |
550 | ||
551 | <varlistentry> | |
552 | <term><option>-f</option></term> | |
553 | ||
554 | <listitem><para>When specified <option>-a</option> and <option>-d</option> will not complain about missing | |
ec07c3c8 AK |
555 | network interfaces and will silently execute no operation in that case.</para> |
556 | ||
557 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
2eee2088 LP |
558 | </varlistentry> |
559 | ||
560 | <varlistentry> | |
561 | <term><option>-x</option></term> | |
562 | ||
563 | <listitem><para>This switch for "exclusive" operation is supported only partially. It is mapped to an | |
564 | additional configured search domain of <literal>~.</literal> — i.e. ensures that DNS traffic is preferably | |
565 | routed to the DNS servers on this interface, unless there are other, more specific domains configured on other | |
ec07c3c8 AK |
566 | interfaces.</para> |
567 | ||
568 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
2eee2088 LP |
569 | </varlistentry> |
570 | ||
571 | <varlistentry> | |
572 | <term><option>-m</option></term> | |
573 | <term><option>-p</option></term> | |
574 | ||
ec07c3c8 AK |
575 | <listitem><para>These switches are not supported and are silently ignored.</para> |
576 | ||
577 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
2eee2088 LP |
578 | </varlistentry> |
579 | ||
580 | <varlistentry> | |
581 | <term><option>-u</option></term> | |
582 | <term><option>-I</option></term> | |
583 | <term><option>-i</option></term> | |
584 | <term><option>-l</option></term> | |
585 | <term><option>-R</option></term> | |
586 | <term><option>-r</option></term> | |
587 | <term><option>-v</option></term> | |
588 | <term><option>-V</option></term> | |
589 | <term><option>--enable-updates</option></term> | |
590 | <term><option>--disable-updates</option></term> | |
591 | <term><option>--are-updates-enabled</option></term> | |
592 | ||
ec07c3c8 AK |
593 | <listitem><para>These switches are not supported and the command will fail if used.</para> |
594 | ||
595 | <xi:include href="version-info.xml" xpointer="v239"/></listitem> | |
2eee2088 LP |
596 | </varlistentry> |
597 | ||
598 | </variablelist> | |
599 | ||
42ecca2e ZJS |
600 | <para>See |
601 | <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry> | |
602 | for details on those command line options.</para> | |
2eee2088 LP |
603 | </refsect1> |
604 | ||
624993ac LP |
605 | <refsect1> |
606 | <title>Examples</title> | |
607 | ||
608 | <example> | |
9a024bf1 | 609 | <title>Retrieve the addresses of the <literal>www.0pointer.net</literal> domain (<constant class='dns'>A</constant> and <constant class='dns'>AAAA</constant> resource records)</title> |
624993ac | 610 | |
b088e905 | 611 | <programlisting>$ resolvectl query www.0pointer.net |
edb4843f ZJS |
612 | www.0pointer.net: 2a01:238:43ed:c300:10c3:bcf3:3266:da74 |
613 | 85.214.157.71 | |
614 | ||
615 | -- Information acquired via protocol DNS in 611.6ms. | |
616 | -- Data is authenticated: no | |
617 | </programlisting> | |
624993ac LP |
618 | </example> |
619 | ||
620 | <example> | |
9a024bf1 ZJS |
621 | <title>Retrieve the domain of the <literal>85.214.157.71</literal> IP address |
622 | (<constant class='dns'>PTR</constant> resource record)</title> | |
624993ac | 623 | |
b088e905 | 624 | <programlisting>$ resolvectl query 85.214.157.71 |
edb4843f ZJS |
625 | 85.214.157.71: gardel.0pointer.net |
626 | ||
627 | -- Information acquired via protocol DNS in 1.2997s. | |
628 | -- Data is authenticated: no | |
629 | </programlisting> | |
624993ac LP |
630 | </example> |
631 | ||
632 | <example> | |
9a024bf1 ZJS |
633 | <title>Retrieve the <constant class='dns'>MX</constant> record of the <literal>yahoo.com</literal> |
634 | domain</title> | |
624993ac | 635 | |
b088e905 | 636 | <programlisting>$ resolvectl --legend=no -t MX query yahoo.com |
edb4843f ZJS |
637 | yahoo.com. IN MX 1 mta7.am0.yahoodns.net |
638 | yahoo.com. IN MX 1 mta6.am0.yahoodns.net | |
639 | yahoo.com. IN MX 1 mta5.am0.yahoodns.net | |
640 | </programlisting> | |
624993ac LP |
641 | </example> |
642 | ||
643 | <example> | |
9a024bf1 | 644 | <title>Resolve an <constant class='dns'>SRV</constant> service</title> |
624993ac | 645 | |
b69f810c | 646 | <programlisting>$ resolvectl service _xmpp-server._tcp gmail.com |
edb4843f ZJS |
647 | _xmpp-server._tcp/gmail.com: alt1.xmpp-server.l.google.com:5269 [priority=20, weight=0] |
648 | 173.194.210.125 | |
649 | alt4.xmpp-server.l.google.com:5269 [priority=20, weight=0] | |
650 | 173.194.65.125 | |
1eecafb8 | 651 | … |
edb4843f | 652 | </programlisting> |
624993ac LP |
653 | </example> |
654 | ||
edb4843f | 655 | <example> |
9a024bf1 | 656 | <title>Retrieve a PGP key (<constant class='dns'>OPENPGP</constant> resource record)</title> |
edb4843f | 657 | |
b69f810c | 658 | <programlisting>$ resolvectl openpgp zbyszek@fedoraproject.org |
edb4843f ZJS |
659 | d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproject.org. IN OPENPGPKEY |
660 | mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5soJjlMyf | |
661 | MFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2Cjk3xUwAynCsSs | |
1eecafb8 | 662 | … |
82d1d240 ZJS |
663 | </programlisting> |
664 | </example> | |
665 | ||
666 | <example> | |
9a024bf1 | 667 | <title>Retrieve a TLS key (<constant class='dns'>TLSA</constant> resource record)</title> |
82d1d240 | 668 | |
b69f810c | 669 | <programlisting>$ resolvectl tlsa tcp fedoraproject.org:443 |
236d312b | 670 | _443._tcp.fedoraproject.org IN TLSA 0 0 1 19400be5b7a31fb733917700789d2f0a2471c0c9d506c0e504c06c16d7cb17c0 |
82d1d240 ZJS |
671 | -- Cert. usage: CA constraint |
672 | -- Selector: Full Certificate | |
673 | -- Matching type: SHA-256 | |
edb4843f | 674 | </programlisting> |
9a024bf1 ZJS |
675 | |
676 | <para><literal>tcp</literal> and <literal>:443</literal> are optional and could be skipped.</para> | |
edb4843f | 677 | </example> |
624993ac LP |
678 | </refsect1> |
679 | ||
680 | <refsect1> | |
681 | <title>See Also</title> | |
13a69c12 DT |
682 | <para><simplelist type="inline"> |
683 | <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> | |
684 | <member><citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
685 | <member><citerefentry><refentrytitle>systemd.dnssd</refentrytitle><manvolnum>5</manvolnum></citerefentry></member> | |
686 | <member><citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
687 | <member><citerefentry><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry></member> | |
688 | </simplelist></para> | |
624993ac LP |
689 | </refsect1> |
690 | </refentry> |