[thirdparty/systemd.git] / man / systemd-resolved.service.xml

<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">

<!--
  This file is part of systemd.

  Copyright 2014 Tom Gundersen

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->

<refentry id="systemd-resolved.service" conditional='ENABLE_RESOLVE'>

  <refentryinfo>
    <title>systemd-resolved.service</title>
    <productname>systemd</productname>

    <authorgroup>
      <author>
        <contrib>Developer</contrib>
        <firstname>Tom</firstname>
        <surname>Gundersen</surname>
        <email>teg@jklm.no</email>
      </author>
    </authorgroup>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-resolved.service</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-resolved.service</refname>
    <refname>systemd-resolved</refname>
    <refpurpose>Network Name Resolution manager</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>systemd-resolved.service</filename></para>
    <para><filename>/usr/lib/systemd/systemd-resolved</filename></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>systemd-resolved</command> is a system service that provides network name resolution to local
    applications. It implements a caching and validating DNS/DNSSEC stub resolver, as well as an LLMNR resolver and
    responder. Local applications may submit network name resolution requests via three interfaces:</para>

    <itemizedlist>
      <listitem><para>The native, fully-featured API <command>systemd-resolved</command> exposes on the bus. See the
      <ulink url="https://www.freedesktop.org/wiki/Software/systemd/resolved">API Documentation</ulink> for
      details. Usage of this API is generally recommended to clients as it is asynchronous and fully featured (for
      example, properly returns DNSSEC validation status and interface scope for addresses as necessary for supporting
      link-local networking).</para></listitem>

      <listitem><para>The glibc
      <citerefentry project='man-pages'><refentrytitle>getaddrinfo</refentrytitle><manvolnum>3</manvolnum></citerefentry> API as defined
      by <ulink url="https://tools.ietf.org/html/rfc3493">RFC3493</ulink> and its related resolver functions,
      including <citerefentry project='man-pages'><refentrytitle>gethostbyname</refentrytitle><manvolnum>3</manvolnum></citerefentry>. This
      API is widely supported, including beyond the Linux platform. In its current form it does not expose DNSSEC
      validation status information however, and is synchronous only. This API is backed by the glibc Name Service
      Switch (<citerefentry project='man-pages'><refentrytitle>nss</refentrytitle><manvolnum>5</manvolnum></citerefentry>). Usage of the
      glibc NSS module <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      is required in order to allow glibc's NSS resolver functions to resolve host names via
      <command>systemd-resolved</command>.</para></listitem>

      <listitem><para>Additionally, <command>systemd-resolved</command> provides a local DNS stub listener on IP
      address 127.0.0.53 on the local loopback interface. Programs issuing DNS requests directly, bypassing any local
      API may be directed to this stub, in order to connect them to <command>systemd-resolved</command>. Note however
      that it is strongly recommended that local programs use the glibc NSS or bus APIs instead (as described above),
      as various network resolution concepts (such as link-local addressing, or LLMNR Unicode domains) cannot be mapped
      to the unicast DNS protocol.</para></listitem>
    </itemizedlist>

    <para>The DNS servers contacted are determined from the global settings in
    <filename>/etc/systemd/resolved.conf</filename>, the per-link static settings in
    <filename>/etc/systemd/network/*.network</filename> files, the per-link dynamic settings received over DHCP and any
    DNS server information made available by other system services. See
    <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> and
    <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details
    about systemd's own configuration files for DNS servers. To improve compatibility,
    <filename>/etc/resolv.conf</filename> is read in order to discover configured system DNS servers, but only if it is
    not a symlink to <filename>/run/systemd/resolve/stub-resolv.conf</filename> or
    <filename>/run/systemd/resolve/resolv.conf</filename> (see below).</para>

    <para><command>systemd-resolved</command> synthesizes DNS resource records (RRs) for the following cases:</para>

    <itemizedlist>
      <listitem><para>The local, configured hostname is resolved to
      all locally configured IP addresses ordered by their scope, or
      — if none are configured — the IPv4 address 127.0.0.2 (which
      is on the local loopback) and the IPv6 address ::1 (which is the
      local host).</para></listitem>

      <listitem><para>The hostnames <literal>localhost</literal> and
      <literal>localhost.localdomain</literal> (as well as any hostname
      ending in <literal>.localhost</literal> or <literal>.localhost.localdomain</literal>)
      are resolved to the IP addresses 127.0.0.1 and ::1.</para></listitem>

      <listitem><para>The hostname <literal>gateway</literal> is
      resolved to all current default routing gateway addresses,
      ordered by their metric. This assigns a stable hostname to the
      current gateway, useful for referencing it independently of the
      current network configuration state.</para></listitem>

      <listitem><para>The mappings defined in <filename>/etc/hosts</filename> are resolved
      to their configured addresses and back, but they will not affect lookups for
      non-address types (like MX).</para></listitem>
    </itemizedlist>

    <para>Lookup requests are routed to the available DNS servers
    and LLMNR interfaces according to the following rules:</para>

    <itemizedlist>
      <listitem><para>Lookups for the special hostname
      <literal>localhost</literal> are never routed to the
      network. (A few other, special domains are handled the same way.)</para></listitem>

      <listitem><para>Single-label names are routed to all local
      interfaces capable of IP multicasting, using the LLMNR
      protocol. Lookups for IPv4 addresses are only sent via LLMNR on
      IPv4, and lookups for IPv6 addresses are only sent via LLMNR on
      IPv6. Lookups for the locally configured host name and the
      <literal>gateway</literal> host name are never routed to
      LLMNR.</para></listitem>

      <listitem><para>Multi-label names are routed to all local
      interfaces that have a DNS server configured, plus the globally
      configured DNS server if there is one. Address lookups from the
      link-local address range are never routed to
      DNS.</para></listitem>
    </itemizedlist>

    <para>If lookups are routed to multiple interfaces, the first
    successful response is returned (thus effectively merging the
    lookup zones on all matching interfaces). If the lookup failed on
    all interfaces, the last failing response is returned.</para>

    <para>Routing of lookups may be influenced by configuring
    per-interface domain names. See
    <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
    for details. Lookups for a hostname ending in one of the
    per-interface domains are exclusively routed to the matching
    interfaces.</para>

    <para>See the <ulink url="https://www.freedesktop.org/wiki/Software/systemd/resolved"> resolved D-Bus API
    Documentation</ulink> for information about the APIs <filename>systemd-resolved</filename> provides.</para>

  </refsect1>

  <refsect1>
    <title><filename>/etc/resolv.conf</filename></title>

    <para>Four modes of handling <filename>/etc/resolv.conf</filename> (see
    <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>) are
    supported:</para>

    <itemizedlist>
      <listitem><para><command>systemd-resolved</command> maintains the
      <filename>/run/systemd/resolve/stub-resolv.conf</filename> file for compatibility with traditional Linux
      programs. This file may be symlinked from <filename>/etc/resolv.conf</filename>. This file lists the 127.0.0.53
      DNS stub (see above) as the only DNS server. It also contains a list of search domains that are in use by
      systemd-resolved. The list of search domains is always kept up-to-date. Note that
      <filename>/run/systemd/resolve/stub-resolv.conf</filename> should not be used directly by applications, but only
      through a symlink from <filename>/etc/resolv.conf</filename>. This file may be symlinked from
      <filename>/etc/resolv.conf</filename> in order to connect all local clients that bypass local DNS APIs to
      <command>systemd-resolved</command> with correct search domains settings. This mode of operation is
      recommended.</para></listitem>

      <listitem><para>A static file <filename>/usr/lib/systemd/resolv.conf</filename> is provided that lists
      the 127.0.0.53 DNS stub (see above) as only DNS server. This file may be symlinked from
      <filename>/etc/resolv.conf</filename> in order to connect all local clients that bypass local DNS APIs to
      <command>systemd-resolved</command>. This file does not contain any search domains.</para></listitem>

      <listitem><para><command>systemd-resolved</command> maintains the
      <filename>/run/systemd/resolve/resolv.conf</filename> file for compatibility with traditional Linux
      programs. This file may be symlinked from <filename>/etc/resolv.conf</filename> and is always kept up-to-date,
      containing information about all known DNS servers. Note the file format's limitations: it does not know a
      concept of per-interface DNS servers and hence only contains system-wide DNS server definitions. Note that
      <filename>/run/systemd/resolve/resolv.conf</filename> should not be used directly by applications, but only
      through a symlink from <filename>/etc/resolv.conf</filename>. If this mode of operation is used local clients
      that bypass any local DNS API will also bypass <command>systemd-resolved</command> and will talk directly to the
      known DNS servers.</para> </listitem>

      <listitem><para>Alternatively, <filename>/etc/resolv.conf</filename> may be managed by other packages, in which
      case <command>systemd-resolved</command> will read it for DNS configuration data. In this mode of operation
      <command>systemd-resolved</command> is consumer rather than provider of this configuration
      file. </para></listitem>
    </itemizedlist>

    <para>Note that the selected mode of operation for this file is detected fully automatically, depending on whether
    <filename>/etc/resolv.conf</filename> is a symlink to <filename>/run/systemd/resolve/resolv.conf</filename> or
    lists 127.0.0.53 as DNS server.</para>
  </refsect1>

  <refsect1>
    <title>Signals</title>

    <variablelist>
      <varlistentry>
        <term><constant>SIGUSR1</constant></term>

        <listitem><para>Upon reception of the <constant>SIGUSR1</constant> process signal
        <command>systemd-resolved</command> will dump the contents of all DNS resource record caches it maintains, as
        well as all feature level information it learnt about configured DNS servers into the system
        logs.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGUSR2</constant></term>

        <listitem><para>Upon reception of the <constant>SIGUSR2</constant> process signal
        <command>systemd-resolved</command> will flush all caches it maintains. Note that it should normally not be
        necessary to request this explicitly – except for debugging purposes – as <command>systemd-resolved</command>
        flushes the caches automatically anyway any time the host's network configuration changes. Sending this signal
        to <command>systemd-resolved</command> is equivalent to the <command>systemd-resolve --flush-caches</command>
        command, however the latter is recommended since it operates in a synchronous way.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><constant>SIGRTMIN+1</constant></term>

        <listitem><para>Upon reception of the <constant>SIGRTMIN+1</constant> process signal
        <command>systemd-resolved</command> will forget everything it learnt about the configured DNS
        servers. Specifically any information about server feature support is flushed out, and the server feature
        probing logic is restarted on the next request, starting with the most fully featured level. Note that it
        should normally not be necessary to request this explicitly – except for debugging purposes – as
        <command>systemd-resolved</command> automatically forgets learnt information any time the DNS server
        configuration changes. Sending this signal to <command>systemd-resolved</command> is equivalent to the
        <command>systemd-resolve --reset-server-features</command> command, however the latter is recommended since it
        operates in a synchronous way.</para></listitem>
      </varlistentry>
    </variablelist>

  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>dnssec-trust-anchors.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-resolve</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry project='man-pages'><refentrytitle>hosts</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>

</refentry>
Commit	Line	Data
2dc6b11d	1	<?xml version='1.0'?> <!--- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil --->
091a364c	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76	3	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
091a364c TG	4
	5	<!--
	6	This file is part of systemd.
	7
	8	Copyright 2014 Tom Gundersen
	9
	10	systemd is free software; you can redistribute it and/or modify it
	11	under the terms of the GNU Lesser General Public License as published by
	12	the Free Software Foundation; either version 2.1 of the License, or
	13	(at your option) any later version.
	14
	15	systemd is distributed in the hope that it will be useful, but
	16	WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	18	Lesser General Public License for more details.
	19
	20	You should have received a copy of the GNU Lesser General Public License
	21	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	22	-->
	23
1ec57f33	24	<refentry id="systemd-resolved.service" conditional='ENABLE_RESOLVE'>
091a364c	25
798d3a52 ZJS	26	<refentryinfo>
	27	<title>systemd-resolved.service</title>
	28	<productname>systemd</productname>
	29
	30	<authorgroup>
	31	<author>
	32	<contrib>Developer</contrib>
	33	<firstname>Tom</firstname>
	34	<surname>Gundersen</surname>
	35	<email>teg@jklm.no</email>
	36	</author>
	37	</authorgroup>
	38	</refentryinfo>
	39
	40	<refmeta>
	41	<refentrytitle>systemd-resolved.service</refentrytitle>
	42	<manvolnum>8</manvolnum>
	43	</refmeta>
	44
	45	<refnamediv>
	46	<refname>systemd-resolved.service</refname>
	47	<refname>systemd-resolved</refname>
	48	<refpurpose>Network Name Resolution manager</refpurpose>
	49	</refnamediv>
	50
	51	<refsynopsisdiv>
	52	<para><filename>systemd-resolved.service</filename></para>
12b42c76	53	<para><filename>/usr/lib/systemd/systemd-resolved</filename></para>
798d3a52 ZJS	54	</refsynopsisdiv>
	55
	56	<refsect1>
	57	<title>Description</title>
	58
624993ac LP	59	<para><command>systemd-resolved</command> is a system service that provides network name resolution to local
624993ac LP	60	applications. It implements a caching and validating DNS/DNSSEC stub resolver, as well as an LLMNR resolver and
b541146b LP	61	responder. Local applications may submit network name resolution requests via three interfaces:</para>
	62
	63	<itemizedlist>
	64	<listitem><para>The native, fully-featured API <command>systemd-resolved</command> exposes on the bus. See the
28a0ad81	65	<ulink url="https://www.freedesktop.org/wiki/Software/systemd/resolved">API Documentation</ulink> for
b541146b LP	66	details. Usage of this API is generally recommended to clients as it is asynchronous and fully featured (for
	67	example, properly returns DNSSEC validation status and interface scope for addresses as necessary for supporting
	68	link-local networking).</para></listitem>
	69
	70	<listitem><para>The glibc
0a07667d	71	<citerefentry project='man-pages'><refentrytitle>getaddrinfo</refentrytitle><manvolnum>3</manvolnum></citerefentry> API as defined
fc549b96	72	by <ulink url="https://tools.ietf.org/html/rfc3493">RFC3493</ulink> and its related resolver functions,
0a07667d	73	including <citerefentry project='man-pages'><refentrytitle>gethostbyname</refentrytitle><manvolnum>3</manvolnum></citerefentry>. This
b541146b LP	74	API is widely supported, including beyond the Linux platform. In its current form it does not expose DNSSEC
b541146b LP	75	validation status information however, and is synchronous only. This API is backed by the glibc Name Service
0a07667d	76	Switch (<citerefentry project='man-pages'><refentrytitle>nss</refentrytitle><manvolnum>5</manvolnum></citerefentry>). Usage of the
b541146b LP	77	glibc NSS module <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>
	78	is required in order to allow glibc's NSS resolver functions to resolve host names via
	79	<command>systemd-resolved</command>.</para></listitem>
	80
	81	<listitem><para>Additionally, <command>systemd-resolved</command> provides a local DNS stub listener on IP
	82	address 127.0.0.53 on the local loopback interface. Programs issuing DNS requests directly, bypassing any local
91fe95e1 LP	83	API may be directed to this stub, in order to connect them to <command>systemd-resolved</command>. Note however
	84	that it is strongly recommended that local programs use the glibc NSS or bus APIs instead (as described above),
	85	as various network resolution concepts (such as link-local addressing, or LLMNR Unicode domains) cannot be mapped
	86	to the unicast DNS protocol.</para></listitem>
b541146b	87	</itemizedlist>
798d3a52	88
b541146b LP	89	<para>The DNS servers contacted are determined from the global settings in
	90	<filename>/etc/systemd/resolved.conf</filename>, the per-link static settings in
	91	<filename>/etc/systemd/network/*.network</filename> files, the per-link dynamic settings received over DHCP and any
	92	DNS server information made available by other system services. See
	93	<citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> and
	94	<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details
	95	about systemd's own configuration files for DNS servers. To improve compatibility,
	96	<filename>/etc/resolv.conf</filename> is read in order to discover configured system DNS servers, but only if it is
e6b2d948 DJL	97	not a symlink to <filename>/run/systemd/resolve/stub-resolv.conf</filename> or
e6b2d948 DJL	98	<filename>/run/systemd/resolve/resolv.conf</filename> (see below).</para>
b541146b LP	99
b541146b LP	100	<para><command>systemd-resolved</command> synthesizes DNS resource records (RRs) for the following cases:</para>
2dc6b11d LP	101
	102	<itemizedlist>
	103	<listitem><para>The local, configured hostname is resolved to
	104	all locally configured IP addresses ordered by their scope, or
	105	— if none are configured — the IPv4 address 127.0.0.2 (which
	106	is on the local loopback) and the IPv6 address ::1 (which is the
	107	local host).</para></listitem>
	108
63003524 DH	109	<listitem><para>The hostnames <literal>localhost</literal> and
	110	<literal>localhost.localdomain</literal> (as well as any hostname
	111	ending in <literal>.localhost</literal> or <literal>.localhost.localdomain</literal>)
	112	are resolved to the IP addresses 127.0.0.1 and ::1.</para></listitem>
2dc6b11d LP	113
	114	<listitem><para>The hostname <literal>gateway</literal> is
	115	resolved to all current default routing gateway addresses,
	116	ordered by their metric. This assigns a stable hostname to the
	117	current gateway, useful for referencing it independently of the
	118	current network configuration state.</para></listitem>
394bac4f	119
4050e04b MP	120	<listitem><para>The mappings defined in <filename>/etc/hosts</filename> are resolved
	121	to their configured addresses and back, but they will not affect lookups for
	122	non-address types (like MX).</para></listitem>
2dc6b11d LP	123	</itemizedlist>
	124
	125	<para>Lookup requests are routed to the available DNS servers
	126	and LLMNR interfaces according to the following rules:</para>
	127
	128	<itemizedlist>
	129	<listitem><para>Lookups for the special hostname
	130	<literal>localhost</literal> are never routed to the
624993ac	131	network. (A few other, special domains are handled the same way.)</para></listitem>
2dc6b11d LP	132
	133	<listitem><para>Single-label names are routed to all local
	134	interfaces capable of IP multicasting, using the LLMNR
	135	protocol. Lookups for IPv4 addresses are only sent via LLMNR on
	136	IPv4, and lookups for IPv6 addresses are only sent via LLMNR on
	137	IPv6. Lookups for the locally configured host name and the
	138	<literal>gateway</literal> host name are never routed to
	139	LLMNR.</para></listitem>
	140
	141	<listitem><para>Multi-label names are routed to all local
e223f799	142	interfaces that have a DNS server configured, plus the globally
2dc6b11d	143	configured DNS server if there is one. Address lookups from the
7f3fdb7f	144	link-local address range are never routed to
2dc6b11d LP	145	DNS.</para></listitem>
	146	</itemizedlist>
	147
	148	<para>If lookups are routed to multiple interfaces, the first
	149	successful response is returned (thus effectively merging the
	150	lookup zones on all matching interfaces). If the lookup failed on
b938cb90	151	all interfaces, the last failing response is returned.</para>
2dc6b11d LP	152
2dc6b11d LP	153	<para>Routing of lookups may be influenced by configuring
b938cb90	154	per-interface domain names. See
2dc6b11d LP	155	<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	156	for details. Lookups for a hostname ending in one of the
	157	per-interface domains are exclusively routed to the matching
	158	interfaces.</para>
	159
28a0ad81	160	<para>See the <ulink url="https://www.freedesktop.org/wiki/Software/systemd/resolved"> resolved D-Bus API
a0956ed0 LP	161	Documentation</ulink> for information about the APIs <filename>systemd-resolved</filename> provides.</para>
a0956ed0 LP	162
798d3a52 ZJS	163	</refsect1>
798d3a52 ZJS	164
b541146b LP	165	<refsect1>
	166	<title><filename>/etc/resolv.conf</filename></title>
	167
e6b2d948	168	<para>Four modes of handling <filename>/etc/resolv.conf</filename> (see
0a07667d	169	<citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>) are
b541146b LP	170	supported:</para>
	171
	172	<itemizedlist>
e6b2d948 DJL	173	<listitem><para><command>systemd-resolved</command> maintains the
	174	<filename>/run/systemd/resolve/stub-resolv.conf</filename> file for compatibility with traditional Linux
	175	programs. This file may be symlinked from <filename>/etc/resolv.conf</filename>. This file lists the 127.0.0.53
	176	DNS stub (see above) as the only DNS server. It also contains a list of search domains that are in use by
	177	systemd-resolved. The list of search domains is always kept up-to-date. Note that
	178	<filename>/run/systemd/resolve/stub-resolv.conf</filename> should not be used directly by applications, but only
	179	through a symlink from <filename>/etc/resolv.conf</filename>. This file may be symlinked from
	180	<filename>/etc/resolv.conf</filename> in order to connect all local clients that bypass local DNS APIs to
	181	<command>systemd-resolved</command> with correct search domains settings. This mode of operation is
	182	recommended.</para></listitem>
	183
b541146b LP	184	<listitem><para>A static file <filename>/usr/lib/systemd/resolv.conf</filename> is provided that lists
	185	the 127.0.0.53 DNS stub (see above) as only DNS server. This file may be symlinked from
	186	<filename>/etc/resolv.conf</filename> in order to connect all local clients that bypass local DNS APIs to
e6b2d948	187	<command>systemd-resolved</command>. This file does not contain any search domains.</para></listitem>
b541146b LP	188
	189	<listitem><para><command>systemd-resolved</command> maintains the
	190	<filename>/run/systemd/resolve/resolv.conf</filename> file for compatibility with traditional Linux
	191	programs. This file may be symlinked from <filename>/etc/resolv.conf</filename> and is always kept up-to-date,
	192	containing information about all known DNS servers. Note the file format's limitations: it does not know a
	193	concept of per-interface DNS servers and hence only contains system-wide DNS server definitions. Note that
	194	<filename>/run/systemd/resolve/resolv.conf</filename> should not be used directly by applications, but only
	195	through a symlink from <filename>/etc/resolv.conf</filename>. If this mode of operation is used local clients
	196	that bypass any local DNS API will also bypass <command>systemd-resolved</command> and will talk directly to the
	197	known DNS servers.</para> </listitem>
	198
	199	<listitem><para>Alternatively, <filename>/etc/resolv.conf</filename> may be managed by other packages, in which
	200	case <command>systemd-resolved</command> will read it for DNS configuration data. In this mode of operation
	201	<command>systemd-resolved</command> is consumer rather than provider of this configuration
	202	file. </para></listitem>
	203	</itemizedlist>
	204
	205	<para>Note that the selected mode of operation for this file is detected fully automatically, depending on whether
	206	<filename>/etc/resolv.conf</filename> is a symlink to <filename>/run/systemd/resolve/resolv.conf</filename> or
	207	lists 127.0.0.53 as DNS server.</para>
	208	</refsect1>
	209
2c7284a9 LP	210	<refsect1>
	211	<title>Signals</title>
	212
	213	<variablelist>
	214	<varlistentry>
	215	<term><constant>SIGUSR1</constant></term>
	216
d55b0463	217	<listitem><para>Upon reception of the <constant>SIGUSR1</constant> process signal
cf84484a LP	218	<command>systemd-resolved</command> will dump the contents of all DNS resource record caches it maintains, as
	219	well as all feature level information it learnt about configured DNS servers into the system
	220	logs.</para></listitem>
2c7284a9 LP	221	</varlistentry>
	222
	223	<varlistentry>
	224	<term><constant>SIGUSR2</constant></term>
	225
d55b0463 LP	226	<listitem><para>Upon reception of the <constant>SIGUSR2</constant> process signal
	227	<command>systemd-resolved</command> will flush all caches it maintains. Note that it should normally not be
	228	necessary to request this explicitly – except for debugging purposes – as <command>systemd-resolved</command>
	229	flushes the caches automatically anyway any time the host's network configuration changes. Sending this signal
	230	to <command>systemd-resolved</command> is equivalent to the <command>systemd-resolve --flush-caches</command>
	231	command, however the latter is recommended since it operates in a synchronous way.</para></listitem>
	232	</varlistentry>
	233
	234	<varlistentry>
	235	<term><constant>SIGRTMIN+1</constant></term>
	236
	237	<listitem><para>Upon reception of the <constant>SIGRTMIN+1</constant> process signal
	238	<command>systemd-resolved</command> will forget everything it learnt about the configured DNS
	239	servers. Specifically any information about server feature support is flushed out, and the server feature
	240	probing logic is restarted on the next request, starting with the most fully featured level. Note that it
	241	should normally not be necessary to request this explicitly – except for debugging purposes – as
	242	<command>systemd-resolved</command> automatically forgets learnt information any time the DNS server
	243	configuration changes. Sending this signal to <command>systemd-resolved</command> is equivalent to the
	244	<command>systemd-resolve --reset-server-features</command> command, however the latter is recommended since it
	245	operates in a synchronous way.</para></listitem>
2c7284a9 LP	246	</varlistentry>
2c7284a9 LP	247	</variablelist>
d55b0463	248
2c7284a9 LP	249	</refsect1>
2c7284a9 LP	250
798d3a52 ZJS	251	<refsect1>
	252	<title>See Also</title>
	253	<para>
	254	<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	255	<citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
b5a8703f	256	<citerefentry><refentrytitle>dnssec-trust-anchors.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
437293cf	257	<citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
624993ac	258	<citerefentry><refentrytitle>systemd-resolve</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1c18f60a	259	<citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
394bac4f	260	<citerefentry project='man-pages'><refentrytitle>hosts</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a52 ZJS	261	<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
	262	<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
	263	</para>
	264	</refsect1>
091a364c TG	265
091a364c TG	266	</refentry>