<?xml version='1.0'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
-
-<!--
- SPDX-License-Identifier: LGPL-2.1+
--->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1+ -->
<refentry id="resolvectl" conditional='ENABLE_RESOLVE'
xmlns:xi="http://www.w3.org/2001/XInclude">
interface the data was discovered. It also contains information on whether the information could be
authenticated. All data for which local DNSSEC validation succeeds is considered authenticated. Moreover all data
originating from local, trusted sources is also reported authenticated, including resolution of the local host
- name, the <literal>localhost</literal> host name or all data from <filename>/etc/hosts</filename>.</para>
+ name, the <literal>localhost</literal> hostname or all data from <filename>/etc/hosts</filename>.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Commands</title>
+ <variablelist>
+
+ <varlistentry>
+ <term><command>query</command> <replaceable>HOSTNAME|ADDRESS</replaceable>…</term>
+
+ <listitem><para>Resolve domain names, IPv4 and IPv6 addresses.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>service</command>
+ [[<replaceable>NAME</replaceable>] <replaceable>TYPE</replaceable>]
+ <replaceable>DOMAIN</replaceable></term>
+
+ <listitem><para>Resolve <ulink url="https://tools.ietf.org/html/rfc6763">DNS-SD</ulink> and
+ <ulink url="https://tools.ietf.org/html/rfc2782">SRV</ulink> services, depending on the specified list of parameters.
+ If three parameters are passed the first is assumed to be the DNS-SD service name, the second the SRV service type,
+ and the third the domain to search in. In this case a full DNS-SD style SRV and TXT lookup is executed. If only two
+ parameters are specified, the first is assumed to be the SRV service type, and the second the domain to look in. In
+ this case no TXT RR is requested. Finally, if only one parameter is specified, it is assumed to be a domain name,
+ that is already prefixed with an SRV type, and an SRV lookup is done (no TXT).</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>openpgp</command> <replaceable>EMAIL@DOMAIN</replaceable>…</term>
+
+ <listitem><para>Query PGP keys stored as <ulink url="https://tools.ietf.org/html/rfc7929">OPENPGPKEY</ulink>
+ resource records. Specified e-mail addresses are converted to the corresponding DNS domain name, and any
+ OPENPGPKEY keys are printed.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>tlsa</command>
+ [<replaceable>FAMILY</replaceable>]
+ <replaceable>DOMAIN</replaceable>[:<replaceable>PORT</replaceable>]…</term>
+
+ <listitem><para>Query TLS public keys stored as <ulink url="https://tools.ietf.org/html/rfc6698">TLSA</ulink>
+ resource records. A query will be performed for each of the specified names prefixed with the port and family
+ (<literal>_<replaceable>port</replaceable>._<replaceable>family</replaceable>.<replaceable>domain</replaceable></literal>).
+ The port number may be specified after a colon (<literal>:</literal>), otherwise <constant>443</constant> will be used
+ by default. The family may be specified as the first argument, otherwise <constant>tcp</constant> will be used.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>status</command> [<replaceable>LINK</replaceable>…]</term>
+
+ <listitem><para>Shows the global and per-link DNS settings currently in effect. If no command is specified,
+ this is the implied default.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>statistics</command></term>
+
+ <listitem><para>Shows general resolver statistics, including information whether DNSSEC is
+ enabled and available, as well as resolution and validation statistics.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>reset-statistics</command></term>
+
+ <listitem><para>Resets the statistics counters shown in <command>statistics</command> to zero.
+ This operation requires root privileges.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>flush-caches</command></term>
+
+ <listitem><para>Flushes all DNS resource record caches the service maintains locally. This is mostly equivalent
+ to sending the <constant>SIGUSR2</constant> to the <command>systemd-resolved</command>
+ service.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>reset-server-features</command></term>
+
+ <listitem><para>Flushes all feature level information the resolver learnt about specific servers, and ensures
+ that the server feature probing logic is started from the beginning with the next look-up request. This is
+ mostly equivalent to sending the <constant>SIGRTMIN+1</constant> to the <command>systemd-resolved</command>
+ service.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>dns</command> [<replaceable>LINK</replaceable> [<replaceable>SERVER</replaceable>…]]</term>
+ <term><command>domain</command> [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</term>
+ <term><command>default-route</command> [<replaceable>LINK</replaceable> [<replaceable>BOOL</replaceable>…]]</term>
+ <term><command>llmnr</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term>
+ <term><command>mdns</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term>
+ <term><command>dnssec</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term>
+ <term><command>dnsovertls</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term>
+ <term><command>nta</command> [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</term>
+
+ <listitem>
+ <para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS
+ settings for network interfaces. These commands may be used to inform
+ <command>systemd-resolved</command> or <command>systemd-networkd</command> about per-interface DNS
+ configuration determined through external means. The <command>dns</command> command expects IPv4 or
+ IPv6 address specifications of DNS servers to use. The <command>domain</command> command expects
+ valid DNS domains, possibly prefixed with <literal>~</literal>, and configures a per-interface
+ search or route-only domain. The <command>default-route</command> command expects a boolean
+ parameter, and configures whether the link may be used as default route for DNS lookups, i.e. if it
+ is suitable for lookups on domains no other link explicitly is configured for. The
+ <command>llmnr</command>, <command>mdns</command>, <command>dnssec</command> and
+ <command>dnsovertls</command> commands may be used to configure the per-interface LLMNR,
+ MulticastDNS, DNSSEC and DNSOverTLS settings. Finally, <command>nta</command> command may be used
+ to configure additional per-interface DNSSEC NTA domains.</para>
+
+ <para>Commands <command>dns</command>, <command>domain</command> and <command>nta</command> can take
+ a single empty string argument to clear their respective value lists.</para>
+
+ <para>For details about these settings, their possible values and their effect, see the
+ corresponding settings in
+ <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><command>revert <replaceable>LINK</replaceable></command></term>
+
+ <listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all
+ per-interface DNS setting are reset to their defaults, undoing all effects of <command>dns</command>,
+ <command>domain</command>, <command>default-route</command>, <command>llmnr</command>,
+ <command>mdns</command>, <command>dnssec</command>, <command>dnsovertls</command>,
+ <command>nta</command>. Note that when a network interface disappears all configuration is lost
+ automatically, an explicit reverting is not necessary in that case.</para></listitem>
+ </varlistentry>
+
+ <xi:include href="systemctl.xml" xpointer="log-level" />
+ </variablelist>
</refsect1>
<refsect1>
</refsect1>
<refsect1>
- <title>Commands</title>
- <variablelist>
-
- <varlistentry>
- <term><option>query <replaceable>HOSTNAME|ADDRESS</replaceable>…</option></term>
-
- <listitem><para>Resolve domain names, IPv4 and IPv6 addresses.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>service [[<replaceable>NAME</replaceable>] <replaceable>TYPE</replaceable>] <replaceable>DOMAIN</replaceable></option></term>
-
- <listitem><para>Resolve <ulink url="https://tools.ietf.org/html/rfc6763">DNS-SD</ulink> and
- <ulink url="https://tools.ietf.org/html/rfc2782">SRV</ulink> services, depending on the specified list of parameters.
- If three parameters are passed the first is assumed to be the DNS-SD service name, the second the SRV service type,
- and the third the domain to search in. In this case a full DNS-SD style SRV and TXT lookup is executed. If only two
- parameters are specified, the first is assumed to be the SRV service type, and the second the domain to look in. In
- this case no TXT RR is requested. Finally, if only one parameter is specified, it is assumed to be a domain name,
- that is already prefixed with an SRV type, and an SRV lookup is done (no TXT).</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>openpgp <replaceable>EMAIL@DOMAIN</replaceable>…</option></term>
-
- <listitem><para>Query PGP keys stored as <ulink url="https://tools.ietf.org/html/rfc7929">OPENPGPKEY</ulink>
- resource records. Specified e-mail addresses are converted to the corresponding DNS domain name, and any
- OPENPGPKEY keys are printed.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>tlsa [<replaceable>FAMILY</replaceable>] <replaceable>DOMAIN</replaceable>[:<replaceable>PORT</replaceable>]…</option></term>
-
- <listitem><para>Query TLS public keys stored as <ulink url="https://tools.ietf.org/html/rfc6698">TLSA</ulink>
- resource records. A query will be performed for each of the specified names prefixed with the port and family
- (<literal>_<replaceable>port</replaceable>._<replaceable>family</replaceable>.<replaceable>domain</replaceable></literal>).
- The port number may be specified after a colon (<literal>:</literal>), otherwise <constant>443</constant> will be used
- by default. The family may be specified as the first argument, otherwise <constant>tcp</constant> will be used.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>status [<replaceable>LINK</replaceable>…]</option></term>
-
- <listitem><para>Shows the global and per-link DNS settings in currently in effect. If no command is specified,
- this is the implied default.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>statistics</option></term>
-
- <listitem><para>Shows general resolver statistics, including information whether DNSSEC is
- enabled and available, as well as resolution and validation statistics.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>reset-statistics</option></term>
-
- <listitem><para>Resets the statistics counters shown in <option>statistics</option> to zero.
- This operation requires root privileges.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>flush-caches</option></term>
-
- <listitem><para>Flushes all DNS resource record caches the service maintains locally. This is mostly equivalent
- to sending the <constant>SIGUSR2</constant> to the <command>systemd-resolved</command>
- service.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>reset-server-features</option></term>
-
- <listitem><para>Flushes all feature level information the resolver learnt about specific servers, and ensures
- that the server feature probing logic is started from the beginning with the next look-up request. This is
- mostly equivalent to sending the <constant>SIGRTMIN+1</constant> to the <command>systemd-resolved</command>
- service.</para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>dns [<replaceable>LINK</replaceable> [<replaceable>SERVER</replaceable>…]]</option></term>
- <term><option>domain [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</option></term>
- <term><option>llmnr [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
- <term><option>mdns [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
- <term><option>dnssec [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
- <term><option>dnsovertls [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
- <term><option>nta [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</option></term>
-
- <listitem>
- <para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS
- settings for network interfaces that aren't managed by
- <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. (These
- commands will fail when used on interfaces that are managed by <command>systemd-networkd</command>, please
- configure their DNS settings directly inside the <filename>.network</filename> files instead.) These commands
- may be used to inform <command>systemd-resolved</command> about per-interface DNS configuration determined
- through external means. The <option>dns</option> command expects IPv4 or IPv6 address specifications of DNS
- servers to use. The <option>domain</option> command expects valid DNS domains, possibly prefixed with
- <literal>~</literal>, and configures a per-interface search or route-only domain. The <option>llmnr</option>,
- <option>mdns</option>, <option>dnssec</option> and <option>dnsovertls</option> commands may be used to configure
- the per-interface LLMNR, MulticastDNS, DNSSEC and DNSOverTLS settings. Finally, <option>nta</option> command
- may be used to configure additional per-interface DNSSEC NTA domains.</para>
-
- <para>Options <option>dns</option>, <option>domain</option> and <option>nta</option> can take
- a single empty string argument to clear their respective value lists.</para>
-
- <para>For details about these settings, their possible values and their effect, see the corresponding options in
- <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>revert <replaceable>LINK</replaceable></option></term>
-
- <listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all
- per-interface DNS setting are reset to their defaults, undoing all effects of <option>dns</option>,
- <option>domain</option>, <option>llmnr</option>, <option>mdns</option>, <option>dnssec</option>,
- <option>dnsovertls</option>, <option>nta</option>. Note that when a network interface disappears all
- configuration is lost automatically, an explicit reverting is not necessary in that case.</para></listitem>
- </varlistentry>
-
- </variablelist>
- </refsect1>
-
- <refsect1>
- <title>Compatibility with <citerefentry><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry></title>
+ <title>Compatibility with
+ <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry></title>
<para><command>resolvectl</command> is a multi-call binary. When invoked as <literal>resolvconf</literal>
(generally achieved by means of a symbolic link of this name to the <command>resolvectl</command> binary) it
- is run in a limited <citerefentry><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ is run in a limited
+ <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry>
compatibility mode. It accepts mostly the same arguments and pushes all data into
<citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
similar to how <option>dns</option> and <option>domain</option> commands operate. Note that
<command>systemd-resolved.service</command> is the only supported backend, which is different from other
- implementations of this command. Note that not all operations supported by other implementations are supported
- natively. Specifically:</para>
+ implementations of this command.</para>
+
+ <para><filename>/etc/resolv.conf</filename> will only be updated with servers added with this command
+ when <filename>/etc/resolv.conf</filename> is a symlink to
+ <filename>/run/systemd/resolve/resolv.conf</filename>, and not a static file. See the discussion of
+ <filename>/etc/resolv.conf</filename> handling in
+ <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ </para>
+
+ <para>Not all operations supported by other implementations are supported natively. Specifically:</para>
<variablelist>
<varlistentry>
<term><option>-a</option></term>
<listitem><para>Registers per-interface DNS configuration data with
<command>systemd-resolved</command>. Expects a network interface name as only command line argument. Reads
- <citerefentry><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> compatible DNS
- configuration data from its standard input. Relevant fields are <literal>nameserver</literal> and
+ <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>-compatible
+ DNS configuration data from its standard input. Relevant fields are <literal>nameserver</literal> and
<literal>domain</literal>/<literal>search</literal>. This command is mostly identical to invoking
- <command>resolvectl</command> with a combination of <option>dns</option> and
- <option>domain</option> commands.</para></listitem>
+ <command>resolvectl</command> with a combination of <option>dns</option> and <option>domain</option>
+ commands.</para></listitem>
</varlistentry>
<varlistentry>
</variablelist>
- <para>See <citerefentry><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry> for details on this command line options.</para>
+ <para>See
+ <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for details on those command line options.</para>
</refsect1>
<refsect1>
projects / thirdparty / systemd.git / blobdiff