]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/shared/resolve-util.h
networkd-test: stop varlink socket before setting up runtime directories
[thirdparty/systemd.git] / src / shared / resolve-util.h
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
af49ca27
LP
2#pragma once
3
69a283c5
DDM
4#include "conf-parser-forward.h"
5#include "forward.h"
af49ca27 6
a8d09063 7/* 127.0.0.53 in native endian (The IP address we listen on with the full DNS stub, i.e. that does LLMNR/mDNS, and stuff) */
00d28db3
YW
8#define INADDR_DNS_STUB ((in_addr_t) 0x7f000035U)
9
a8d09063
LP
10/* 127.0.0.54 in native endian (The IP address we listen on we only implement "proxy" mode) */
11#define INADDR_DNS_PROXY_STUB ((in_addr_t) 0x7f000036U)
12
056c398b
LP
13/* 127.0.0.2 is an address we always map to the local hostname. This is different from 127.0.0.1 which maps to "localhost" */
14#define INADDR_LOCALADDRESS ((in_addr_t) 0x7f000002U)
15
69a283c5 16typedef enum DnsCacheMode {
37d7a7d9
JN
17 DNS_CACHE_MODE_NO,
18 DNS_CACHE_MODE_YES,
19 DNS_CACHE_MODE_NO_NEGATIVE,
20 _DNS_CACHE_MODE_MAX,
bbb697fe 21 _DNS_CACHE_MODE_INVALID = -EINVAL,
69a283c5 22} DnsCacheMode;
af49ca27 23
bce459e3 24/* Do not change the order, see link_get_llmnr_support() or link_get_mdns_support(). */
69a283c5 25typedef enum ResolveSupport {
af49ca27 26 RESOLVE_SUPPORT_NO,
af49ca27 27 RESOLVE_SUPPORT_RESOLVE,
bce459e3 28 RESOLVE_SUPPORT_YES,
af49ca27 29 _RESOLVE_SUPPORT_MAX,
2d93c20e 30 _RESOLVE_SUPPORT_INVALID = -EINVAL,
69a283c5 31} ResolveSupport;
af49ca27 32
69a283c5 33typedef enum DnssecMode {
ad6c0475
LP
34 /* No DNSSEC validation is done */
35 DNSSEC_NO,
36
37 /* Validate locally, if the server knows DO, but if not,
38 * don't. Don't trust the AD bit. If the server doesn't do
39 * DNSSEC properly, downgrade to non-DNSSEC operation. Of
40 * course, we then are vulnerable to a downgrade attack, but
41 * that's life and what is configured. */
42 DNSSEC_ALLOW_DOWNGRADE,
43
44 /* Insist on DNSSEC server support, and rather fail than downgrading. */
45 DNSSEC_YES,
46
47 _DNSSEC_MODE_MAX,
2d93c20e 48 _DNSSEC_MODE_INVALID = -EINVAL,
69a283c5 49} DnssecMode;
ad6c0475 50
69a283c5 51typedef enum DnsOverTlsMode {
5d67a7ae 52 /* No connection is made for DNS-over-TLS */
c9299be2 53 DNS_OVER_TLS_NO,
5d67a7ae
IT
54
55 /* Try to connect using DNS-over-TLS, but if connection fails,
2aed63f4 56 * fall back to using an unencrypted connection */
c9299be2 57 DNS_OVER_TLS_OPPORTUNISTIC,
5d67a7ae 58
4310bfc2
IT
59 /* Enforce DNS-over-TLS and require valid server certificates */
60 DNS_OVER_TLS_YES,
61
c9299be2 62 _DNS_OVER_TLS_MODE_MAX,
2d93c20e 63 _DNS_OVER_TLS_MODE_INVALID = -EINVAL,
69a283c5 64} DnsOverTlsMode;
5d67a7ae 65
a2106925
LP
66CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support);
67CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode);
c9299be2 68CONFIG_PARSER_PROTOTYPE(config_parse_dns_over_tls_mode);
37d7a7d9 69CONFIG_PARSER_PROTOTYPE(config_parse_dns_cache_mode);
af49ca27
LP
70
71const char* resolve_support_to_string(ResolveSupport p) _const_;
72ResolveSupport resolve_support_from_string(const char *s) _pure_;
ad6c0475
LP
73
74const char* dnssec_mode_to_string(DnssecMode p) _const_;
75DnssecMode dnssec_mode_from_string(const char *s) _pure_;
5d67a7ae 76
c9299be2
IT
77const char* dns_over_tls_mode_to_string(DnsOverTlsMode p) _const_;
78DnsOverTlsMode dns_over_tls_mode_from_string(const char *s) _pure_;
00d28db3
YW
79
80bool dns_server_address_valid(int family, const union in_addr_union *sa);
37d7a7d9
JN
81
82const char* dns_cache_mode_to_string(DnsCacheMode p) _const_;
83DnsCacheMode dns_cache_mode_from_string(const char *s) _pure_;
08281474
LP
84
85/* A resolv.conf file containing the DNS server and domain data we learnt from uplink, i.e. the full uplink data */
86#define PRIVATE_UPLINK_RESOLV_CONF "/run/systemd/resolve/resolv.conf"
87
88/* A resolv.conf file containing the domain data we learnt from uplink, but our own DNS server address. */
89#define PRIVATE_STUB_RESOLV_CONF "/run/systemd/resolve/stub-resolv.conf"
90
91/* A static resolv.conf file containing no domains, but only our own DNS server address */
b0d3095f 92#define PRIVATE_STATIC_RESOLV_CONF LIBEXECDIR "/resolv.conf"