PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS
screen resolution for HiDPI systems, and now provides loader
configuration settings to change the resolution explicitly.
- * systemd-resolved now supports DNS-over-TLS ("PrivateDNS"). It's still
- turned off by default, use PrivateDNS=opportunistic to turn it on in
+ * systemd-resolved now supports DNS-over-TLS. It's still
+ turned off by default, use DNSOverTLS=opportunistic to turn it on in
resolved.conf. We intend to make this the default as soon as couple
of additional techniques for optimizing the initial latency caused by
establishing a TLS/TCP connection are implemented.
<term><option>llmnr [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
<term><option>mdns [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
<term><option>dnssec [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
- <term><option>privatedns [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
+ <term><option>dnsovertls [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
<term><option>nta [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</option></term>
<listitem><para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS
through external means. The <option>dns</option> command expects IPv4 or IPv6 address specifications of DNS
servers to use. The <option>domain</option> command expects valid DNS domains, possibly prefixed with
<literal>~</literal>, and configures a per-interface search or route-only domain. The <option>llmnr</option>,
- <option>mdns</option>, <option>dnssec</option> and <option>privatedns</option> commands may be used to configure
- the per-interface LLMNR, MulticastDNS, DNSSEC and PrivateDNS settings. Finally, <option>nta</option> command
+ <option>mdns</option>, <option>dnssec</option> and <option>dnsovertls</option> commands may be used to configure
+ the per-interface LLMNR, MulticastDNS, DNSSEC and DNSOverTLS settings. Finally, <option>nta</option> command
may be used to configure additional per-interface DNSSEC NTA domains. For details about these settings, their
possible values and their effect, see the corresponding options in
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
<listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all
per-interface DNS setting are reset to their defaults, undoing all effects of <option>dns</option>,
<option>domain</option>, <option>llmnr</option>, <option>mdns</option>, <option>dnssec</option>,
- <option>privatedns</option>, <option>nta</option>. Note that when a network interface disappears all
+ <option>dnsovertls</option>, <option>nta</option>. Note that when a network interface disappears all
configuration is lost automatically, an explicit reverting is not necessary in that case.</para></listitem>
</varlistentry>
</varlistentry>
<varlistentry>
- <term><varname>PrivateDNS=</varname></term>
+ <term><varname>DNSOverTLS=</varname></term>
<listitem>
<para>Takes false or
<literal>opportunistic</literal>. When set to <literal>opportunistic</literal>
<para>Note as the resolver is not capable of authenticating
the server, it is vulnerable for "man-in-the-middle" attacks.</para>
- <para>In addition to this global PrivateDNS setting
+ <para>In addition to this global DNSOverTLS setting
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- also maintains per-link PrivateDNS settings. For system DNS
- servers (see above), only the global PrivateDNS setting is in
+ also maintains per-link DNSOverTLS settings. For system DNS
+ servers (see above), only the global DNSOverTLS setting is in
effect. For per-link DNS servers the per-link
setting is in effect, unless it is unset in which case the
global setting is used instead.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><varname>PrivateDNS=</varname></term>
+ <term><varname>DNSOverTLS=</varname></term>
<listitem>
<para>Takes false or
<literal>opportunistic</literal>. When set to <literal>opportunistic</literal>, enables
support on the link. This option defines a
per-interface setting for
<citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>'s
- global <varname>PrivateDNS=</varname> option. Defaults to
+ global <varname>DNSOverTLS=</varname> option. Defaults to
false. This setting is read by
<citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
</listitem>
'DNSSEC_' + default_dnssec.underscorify().to_upper())
substs.set('DEFAULT_DNSSEC_MODE', default_dnssec)
-default_private_dns = get_option('default-private-dns')
+default_dns_over_tls = get_option('default-dns-over-tls')
if fuzzer_build
- default_private_dns = 'no'
+ default_dns_over_tls = 'no'
endif
-if default_private_dns != 'no' and conf.get('HAVE_GNUTLS') == 0
- message('default-private-dns cannot be set to strict or opportunistic when gnutls is disabled. Setting default-private-dns to no.')
- default_private_dns = 'no'
+if default_dns_over_tls != 'no' and conf.get('HAVE_GNUTLS') == 0
+ message('default-dns-over-tls cannot be set to strict or opportunistic when gnutls is disabled. Setting default-dns-over-tls to no.')
+ default_dns_over_tls = 'no'
endif
-conf.set('DEFAULT_PRIVATE_DNS_MODE',
- 'PRIVATE_DNS_' + default_private_dns.underscorify().to_upper())
-substs.set('DEFAULT_PRIVATE_DNS_MODE', default_private_dns)
+conf.set('DEFAULT_DNS_OVER_TLS_MODE',
+ 'DNS_OVER_TLS_' + default_dns_over_tls.underscorify().to_upper())
+substs.set('DEFAULT_DNS_OVER_TLS_MODE', default_dns_over_tls)
want_importd = get_option('importd')
if want_importd != 'false'
'symbolic gateway hostnames: @0@'.format(', '.join(gateway_hostnames)),
'default DNSSEC mode: @0@'.format(default_dnssec),
- 'default private DNS mode: @0@'.format(default_private_dns),
+ 'default DNS-over-TLS mode: @0@'.format(default_dns_over_tls),
'default cgroup hierarchy: @0@'.format(default_hierarchy),
'default KillUserProcesses setting: @0@'.format(kill_user_processes)]
description : 'default DNSSEC mode',
choices : ['yes', 'allow-downgrade', 'no'],
value : 'allow-downgrade')
-option('default-private-dns', type : 'combo',
- description : 'default private DNS mode',
+option('default-dns-over-tls', type : 'combo',
+ description : 'default DNS-over-TLS mode',
choices : ['opportunistic', 'no'],
value : 'no')
option('dns-servers', type : 'string',
[LINK]='revert dns domain nta'
[RESOLVE]='llmnr mdns'
[DNSSEC]='dnssec'
- [PRIVATEDNS]='privatedns'
+ [DNSOVERTLS]='dnsovertls'
[STANDALONE]='statistics reset-statistics flush-caches reset-server-features'
)
local -A ARGS=(
[FAMILY]='tcp udp sctp'
[RESOLVE]='yes no resolve'
[DNSSEC]='yes no allow-downgrade'
- [PRIVATEDNS]='no opportunistic'
+ [DNSOVERTLS]='no opportunistic'
)
local interfaces=$( __get_interfaces )
comps=""
fi
- elif __contains_word "$verb" ${VERBS[LINK]} ${VERBS[RESOLVE]} ${VERBS[DNSSEC]} ${VERBS[PRIVATEDNS]}; then
+ elif __contains_word "$verb" ${VERBS[LINK]} ${VERBS[RESOLVE]} ${VERBS[DNSSEC]} ${VERBS[DNSOVERTLS]}; then
for ((i++; i < COMP_CWORD; i++)); do
if __contains_word "${COMP_WORDS[i]}" $interfaces &&
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
comps=''
fi
- elif __contains_word "$verb" ${VERBS[PRIVATEDNS]}; then
+ elif __contains_word "$verb" ${VERBS[DNSOVERTLS]}; then
name=
for ((i++; i < COMP_CWORD; i++)); do
- if __contains_word "${COMP_WORDS[i]}" ${ARGS[PRIVATEDNS]} &&
+ if __contains_word "${COMP_WORDS[i]}" ${ARGS[DNSOVERTLS]} &&
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
name=${COMP_WORDS[i]}
break;
done
if [[ -z $name ]]; then
- comps=${ARGS[PRIVATEDNS]}
+ comps=${ARGS[DNSOVERTLS]}
else
comps=''
fi
--set-dnssec)
comps="yes no allow-downgrade"
;;
- --set-privatedns)
+ --set-dnsovertls)
comps="no opportunistic"
;;
esac
return network_link_get_string(ifindex, "MDNS", mdns);
}
-_public_ int sd_network_link_get_private_dns(int ifindex, char **private_dns) {
- return network_link_get_string(ifindex, "PRIVATE_DNS", private_dns);
+_public_ int sd_network_link_get_dns_over_tls(int ifindex, char **dns_over_tls) {
+ return network_link_get_string(ifindex, "DNS_OVER_TLS", dns_over_tls);
}
_public_ int sd_network_link_get_dnssec(int ifindex, char **dnssec) {
fprintf(f, "MDNS=%s\n",
resolve_support_to_string(link->network->mdns));
- if (link->network->private_dns_mode != _PRIVATE_DNS_MODE_INVALID)
- fprintf(f, "PRIVATE_DNS=%s\n",
- private_dns_mode_to_string(link->network->private_dns_mode));
+ if (link->network->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
+ fprintf(f, "DNS_OVER_TLS=%s\n",
+ dns_over_tls_mode_to_string(link->network->dns_over_tls_mode));
if (link->network->dnssec_mode != _DNSSEC_MODE_INVALID)
fprintf(f, "DNSSEC=%s\n",
Network.DNS, config_parse_dns, 0, 0
Network.LLMNR, config_parse_resolve_support, 0, offsetof(Network, llmnr)
Network.MulticastDNS, config_parse_resolve_support, 0, offsetof(Network, mdns)
-Network.PrivateDNS, config_parse_private_dns_mode, 0, offsetof(Network, private_dns_mode)
+Network.DNSOverTLS, config_parse_dns_over_tls_mode, 0, offsetof(Network, dns_over_tls_mode)
Network.DNSSEC, config_parse_dnssec_mode, 0, offsetof(Network, dnssec_mode)
Network.DNSSECNegativeTrustAnchors, config_parse_dnssec_negative_trust_anchors, 0, 0
Network.NTP, config_parse_ntp, 0, offsetof(Network, ntp)
network->llmnr = RESOLVE_SUPPORT_YES;
network->mdns = RESOLVE_SUPPORT_NO;
network->dnssec_mode = _DNSSEC_MODE_INVALID;
- network->private_dns_mode = _PRIVATE_DNS_MODE_INVALID;
+ network->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
network->link_local = ADDRESS_FAMILY_IPV6;
ResolveSupport llmnr;
ResolveSupport mdns;
DnssecMode dnssec_mode;
- PrivateDnsMode private_dns_mode;
+ DnsOverTlsMode dns_over_tls_mode;
Set *dnssec_negative_trust_anchors;
LIST_FIELDS(Network, networks);
char **arg_set_domain = NULL;
static const char *arg_set_llmnr = NULL;
static const char *arg_set_mdns = NULL;
-static const char *arg_set_private_dns = NULL;
+static const char *arg_set_dns_over_tls = NULL;
static const char *arg_set_dnssec = NULL;
static char **arg_set_nta = NULL;
uint64_t scopes_mask;
const char *llmnr;
const char *mdns;
- const char *private_dns;
+ const char *dns_over_tls;
const char *dnssec;
char *current_dns;
char **dns;
{ "Domains", "a(sb)", map_link_domains, offsetof(struct link_info, domains) },
{ "LLMNR", "s", NULL, offsetof(struct link_info, llmnr) },
{ "MulticastDNS", "s", NULL, offsetof(struct link_info, mdns) },
- { "PrivateDNS", "s", NULL, offsetof(struct link_info, private_dns) },
+ { "DNSOverTLS", "s", NULL, offsetof(struct link_info, dns_over_tls) },
{ "DNSSEC", "s", NULL, offsetof(struct link_info, dnssec) },
{ "DNSSECNegativeTrustAnchors", "as", NULL, offsetof(struct link_info, ntas) },
{ "DNSSECSupported", "b", NULL, offsetof(struct link_info, dnssec_supported) },
if (mode == STATUS_PRIVATE) {
printf("%sLink %i (%s)%s: %s\n",
ansi_highlight(), ifindex, name, ansi_normal(),
- strna(link_info.private_dns));
+ strna(link_info.dns_over_tls));
r = 0;
goto finish;
printf(" LLMNR setting: %s\n"
"MulticastDNS setting: %s\n"
- " PrivateDNS setting: %s\n"
+ " DNSOverTLS setting: %s\n"
" DNSSEC setting: %s\n"
" DNSSEC supported: %s\n",
strna(link_info.llmnr),
strna(link_info.mdns),
- strna(link_info.private_dns),
+ strna(link_info.dns_over_tls),
strna(link_info.dnssec),
yes_no(link_info.dnssec_supported));
char **ntas;
const char *llmnr;
const char *mdns;
- const char *private_dns;
+ const char *dns_over_tls;
const char *dnssec;
bool dnssec_supported;
} global_info = {};
{ "DNSSECNegativeTrustAnchors", "as", NULL, offsetof(struct global_info, ntas) },
{ "LLMNR", "s", NULL, offsetof(struct global_info, llmnr) },
{ "MulticastDNS", "s", NULL, offsetof(struct global_info, mdns) },
- { "PrivateDNS", "s", NULL, offsetof(struct global_info, private_dns) },
+ { "DNSOverTLS", "s", NULL, offsetof(struct global_info, dns_over_tls) },
{ "DNSSEC", "s", NULL, offsetof(struct global_info, dnssec) },
{ "DNSSECSupported", "b", NULL, offsetof(struct global_info, dnssec_supported) },
{}
if (mode == STATUS_PRIVATE) {
printf("%sGlobal%s: %s\n", ansi_highlight(), ansi_normal(),
- strna(global_info.private_dns));
+ strna(global_info.dns_over_tls));
r = 0;
goto finish;
printf(" LLMNR setting: %s\n"
"MulticastDNS setting: %s\n"
- " PrivateDNS setting: %s\n"
+ " DNSOverTLS setting: %s\n"
" DNSSEC setting: %s\n"
" DNSSEC supported: %s\n",
strna(global_info.llmnr),
strna(global_info.mdns),
- strna(global_info.private_dns),
+ strna(global_info.dns_over_tls),
strna(global_info.dnssec),
yes_no(global_info.dnssec_supported));
return 0;
}
-static int verb_private_dns(int argc, char **argv, void *userdata) {
+static int verb_dns_over_tls(int argc, char **argv, void *userdata) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
sd_bus *bus = userdata;
int ifindex, r;
"org.freedesktop.resolve1",
"/org/freedesktop/resolve1",
"org.freedesktop.resolve1.Manager",
- "SetLinkPrivateDNS",
+ "SetLinkDNSOverTLS",
&error,
NULL,
"is", ifindex, argv[2]);
sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_LINK))
return 0;
- return log_error_errno(r, "Failed to set PrivateDNS configuration: %s", bus_error_message(&error, r));
+ return log_error_errno(r, "Failed to set DNSOverTLS configuration: %s", bus_error_message(&error, r));
}
return 0;
" --set-domain=DOMAIN Set per-interface search domain\n"
" --set-llmnr=MODE Set per-interface LLMNR mode\n"
" --set-mdns=MODE Set per-interface MulticastDNS mode\n"
- " --set-privatedns=MODE Set per-interface PrivateDNS mode\n"
+ " --set-dnsovertls=MODE Set per-interface DNS-over-TLS mode\n"
" --set-dnssec=MODE Set per-interface DNSSEC mode\n"
" --set-nta=DOMAIN Set per-interface DNSSEC NTA\n"
" --revert Revert per-interface configuration\n"
" domain [LINK [DOMAIN...]] Get/set per-interface search domain\n"
" llmnr [LINK [MODE]] Get/set per-interface LLMNR mode\n"
" mdns [LINK [MODE]] Get/set per-interface MulticastDNS mode\n"
- " privatedns [LINK [MODE]] Get/set per-interface PrivateDNS mode\n"
+ " dnsovertls [LINK [MODE]] Get/set per-interface DNS-over-TLS mode\n"
" dnssec [LINK [MODE]] Get/set per-interface DNSSEC mode\n"
" nta [LINK [DOMAIN...]] Get/set per-interface DNSSEC NTA\n"
" revert LINK Revert per-interface configuration\n"
{ "set-domain", required_argument, NULL, ARG_SET_DOMAIN },
{ "set-llmnr", required_argument, NULL, ARG_SET_LLMNR },
{ "set-mdns", required_argument, NULL, ARG_SET_MDNS },
- { "set-privatedns", required_argument, NULL, ARG_SET_PRIVATE },
+ { "set-dnsovertls", required_argument, NULL, ARG_SET_PRIVATE },
{ "set-dnssec", required_argument, NULL, ARG_SET_DNSSEC },
{ "set-nta", required_argument, NULL, ARG_SET_NTA },
{ "revert", no_argument, NULL, ARG_REVERT_LINK },
break;
case ARG_SET_PRIVATE:
- arg_set_private_dns = optarg;
+ arg_set_dns_over_tls = optarg;
arg_mode = MODE_SET_LINK;
break;
if (IN_SET(arg_mode, MODE_SET_LINK, MODE_REVERT_LINK)) {
if (arg_ifindex <= 0) {
- log_error("--set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-privatedns=, --set-dnssec=, --set-nta= and --revert require --interface=.");
+ log_error("--set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-dnsovertls=, --set-dnssec=, --set-nta= and --revert require --interface=.");
return -EINVAL;
}
{ "domain", VERB_ANY, VERB_ANY, 0, verb_domain },
{ "llmnr", VERB_ANY, 3, 0, verb_llmnr },
{ "mdns", VERB_ANY, 3, 0, verb_mdns },
- { "privatedns", VERB_ANY, 3, 0, verb_private_dns },
+ { "dnsovertls", VERB_ANY, 3, 0, verb_dns_over_tls },
{ "dnssec", VERB_ANY, 3, 0, verb_dnssec },
{ "nta", VERB_ANY, VERB_ANY, 0, verb_nta },
{ "revert", 2, 2, 0, verb_revert_link },
return r;
}
- if (arg_set_private_dns) {
- r = translate("privatedns", arg_ifname, 1, (char **) &arg_set_private_dns, bus);
+ if (arg_set_dns_over_tls) {
+ r = translate("dnsovertls", arg_ifname, 1, (char **) &arg_set_dns_over_tls, bus);
if (r < 0)
return r;
}
static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode);
static BUS_DEFINE_PROPERTY_GET(bus_property_get_dnssec_supported, "b", Manager, manager_dnssec_supported);
static BUS_DEFINE_PROPERTY_GET2(bus_property_get_dnssec_mode, "s", Manager, manager_get_dnssec_mode, dnssec_mode_to_string);
-static BUS_DEFINE_PROPERTY_GET2(bus_property_get_private_dns_mode, "s", Manager, manager_get_private_dns_mode, private_dns_mode_to_string);
+static BUS_DEFINE_PROPERTY_GET2(bus_property_get_dns_over_tls_mode, "s", Manager, manager_get_dns_over_tls_mode, dns_over_tls_mode_to_string);
static int bus_method_reset_statistics(sd_bus_message *message, void *userdata, sd_bus_error *error) {
Manager *m = userdata;
return call_link_method(userdata, message, bus_link_method_set_mdns, error);
}
-static int bus_method_set_link_private_dns(sd_bus_message *message, void *userdata, sd_bus_error *error) {
- return call_link_method(userdata, message, bus_link_method_set_private_dns, error);
+static int bus_method_set_link_dns_over_tls(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+ return call_link_method(userdata, message, bus_link_method_set_dns_over_tls, error);
}
static int bus_method_set_link_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error) {
SD_BUS_PROPERTY("LLMNRHostname", "s", NULL, offsetof(Manager, llmnr_hostname), 0),
SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Manager, llmnr_support), 0),
SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Manager, mdns_support), 0),
- SD_BUS_PROPERTY("PrivateDNS", "s", bus_property_get_private_dns_mode, 0, 0),
+ SD_BUS_PROPERTY("DNSOverTLS", "s", bus_property_get_dns_over_tls_mode, 0, 0),
SD_BUS_PROPERTY("DNS", "a(iiay)", bus_property_get_dns_servers, 0, 0),
SD_BUS_PROPERTY("FallbackDNS", "a(iiay)", bus_property_get_fallback_dns_servers, offsetof(Manager, fallback_dns_servers), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("CurrentDNSServer", "(iiay)", bus_property_get_current_dns_server, offsetof(Manager, current_dns_server), 0),
SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0),
SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, 0),
SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, 0),
- SD_BUS_METHOD("SetLinkPrivateDNS", "is", NULL, bus_method_set_link_private_dns, 0),
+ SD_BUS_METHOD("SetLinkDNSOverTLS", "is", NULL, bus_method_set_link_dns_over_tls, 0),
SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, 0),
SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, 0),
SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, 0),
#endif
#if ! HAVE_GNUTLS
- if (m->private_dns_mode != PRIVATE_DNS_NO) {
- log_warning("Private DNS option cannot be set to opportunistic when systemd-resolved is built without gnutls support. Turning off private DNS support.");
- m->private_dns_mode = PRIVATE_DNS_NO;
+ if (m->dns_over_tls_mode != DNS_OVER_TLS_NO) {
+ log_warning("DNS-over-TLS option cannot be set to opportunistic when systemd-resolved is built without gnutls support. Turning off DNS-over-TLS support.");
+ m->dns_over_tls_mode = DNS_OVER_TLS_NO;
}
#endif
return 0;
if (l) {
s->dnssec_mode = link_get_dnssec_mode(l);
- s->private_dns_mode = link_get_private_dns_mode(l);
+ s->dns_over_tls_mode = link_get_dns_over_tls_mode(l);
} else {
s->dnssec_mode = manager_get_dnssec_mode(m);
- s->private_dns_mode = manager_get_private_dns_mode(m);
+ s->dns_over_tls_mode = manager_get_dns_over_tls_mode(m);
}
} else {
s->dnssec_mode = DNSSEC_NO;
- s->private_dns_mode = PRIVATE_DNS_NO;
+ s->dns_over_tls_mode = DNS_OVER_TLS_NO;
}
LIST_PREPEND(scopes, m->dns_scopes, s);
DnsProtocol protocol;
int family;
DnssecMode dnssec_mode;
- PrivateDnsMode private_dns_mode;
+ DnsOverTlsMode dns_over_tls_mode;
Link *link;
/* Determine the best feature level we care about. If DNSSEC mode is off there's no point in using anything
* better than EDNS0, hence don't even try. */
if (dns_server_get_dnssec_mode(s) != DNSSEC_NO)
- best = dns_server_get_private_dns_mode(s) == PRIVATE_DNS_NO ?
+ best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ?
DNS_SERVER_FEATURE_LEVEL_LARGE :
DNS_SERVER_FEATURE_LEVEL_TLS_DO;
else
- best = dns_server_get_private_dns_mode(s) == PRIVATE_DNS_NO ?
+ best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ?
DNS_SERVER_FEATURE_LEVEL_EDNS0 :
DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN;
return manager_get_dnssec_mode(s->manager);
}
-PrivateDnsMode dns_server_get_private_dns_mode(DnsServer *s) {
+DnsOverTlsMode dns_server_get_dns_over_tls_mode(DnsServer *s) {
assert(s);
if (s->link)
- return link_get_private_dns_mode(s->link);
+ return link_get_dns_over_tls_mode(s->link);
- return manager_get_private_dns_mode(s->manager);
+ return manager_get_dns_over_tls_mode(s->manager);
}
void dns_server_flush_cache(DnsServer *s) {
bool dns_server_address_valid(int family, const union in_addr_union *sa);
DnssecMode dns_server_get_dnssec_mode(DnsServer *s);
-PrivateDnsMode dns_server_get_private_dns_mode(DnsServer *s);
+DnsOverTlsMode dns_server_get_dns_over_tls_mode(DnsServer *s);
DEFINE_TRIVIAL_CLEANUP_FUNC(DnsServer*, dns_server_unref);
Resolve.LLMNR, config_parse_resolve_support, 0, offsetof(Manager, llmnr_support)
Resolve.MulticastDNS, config_parse_resolve_support, 0, offsetof(Manager, mdns_support)
Resolve.DNSSEC, config_parse_dnssec_mode, 0, offsetof(Manager, dnssec_mode)
-Resolve.PrivateDNS, config_parse_private_dns_mode, 0, offsetof(Manager, private_dns_mode)
+Resolve.DNSOverTLS, config_parse_dns_over_tls_mode, 0, offsetof(Manager, dns_over_tls_mode)
Resolve.Cache, config_parse_bool, 0, offsetof(Manager, enable_cache)
Resolve.DNSStubListener, config_parse_dns_stub_listener_mode, 0, offsetof(Manager, dns_stub_listener_mode)
static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported, "b", Link, link_dnssec_supported);
static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode, "s", Link, link_get_dnssec_mode, dnssec_mode_to_string);
-static int property_get_private_dns_mode(
+static int property_get_dns_over_tls_mode(
sd_bus *bus,
const char *path,
const char *interface,
assert(reply);
assert(l);
- return sd_bus_message_append(reply, "s", private_dns_mode_to_string(link_get_private_dns_mode(l)));
+ return sd_bus_message_append(reply, "s", dns_over_tls_mode_to_string(link_get_dns_over_tls_mode(l)));
}
static int property_get_dns(
return sd_bus_reply_method_return(message, NULL);
}
-int bus_link_method_set_private_dns(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+int bus_link_method_set_dns_over_tls(sd_bus_message *message, void *userdata, sd_bus_error *error) {
Link *l = userdata;
- const char *private_dns;
- PrivateDnsMode mode;
+ const char *dns_over_tls;
+ DnsOverTlsMode mode;
int r;
assert(message);
if (r < 0)
return r;
- r = sd_bus_message_read(message, "s", &private_dns);
+ r = sd_bus_message_read(message, "s", &dns_over_tls);
if (r < 0)
return r;
- if (isempty(private_dns))
- mode = _PRIVATE_DNS_MODE_INVALID;
+ if (isempty(dns_over_tls))
+ mode = _DNS_OVER_TLS_MODE_INVALID;
else {
- mode = private_dns_mode_from_string(private_dns);
+ mode = dns_over_tls_mode_from_string(dns_over_tls);
if (mode < 0)
- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid PrivateDNS setting: %s", private_dns);
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid DNSOverTLS setting: %s", dns_over_tls);
}
- link_set_private_dns_mode(l, mode);
+ link_set_dns_over_tls_mode(l, mode);
(void) link_save_user(l);
SD_BUS_PROPERTY("Domains", "a(sb)", property_get_domains, 0, 0),
SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Link, llmnr_support), 0),
SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Link, mdns_support), 0),
- SD_BUS_PROPERTY("PrivateDNS", "s", property_get_private_dns_mode, 0, 0),
+ SD_BUS_PROPERTY("DNSOverTLS", "s", property_get_dns_over_tls_mode, 0, 0),
SD_BUS_PROPERTY("DNSSEC", "s", property_get_dnssec_mode, 0, 0),
SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", property_get_ntas, 0, 0),
SD_BUS_PROPERTY("DNSSECSupported", "b", property_get_dnssec_supported, 0, 0),
SD_BUS_METHOD("SetDomains", "a(sb)", NULL, bus_link_method_set_domains, 0),
SD_BUS_METHOD("SetLLMNR", "s", NULL, bus_link_method_set_llmnr, 0),
SD_BUS_METHOD("SetMulticastDNS", "s", NULL, bus_link_method_set_mdns, 0),
- SD_BUS_METHOD("SetPrivateDNS", "s", NULL, bus_link_method_set_private_dns, 0),
+ SD_BUS_METHOD("SetDNSOverTLS", "s", NULL, bus_link_method_set_dns_over_tls, 0),
SD_BUS_METHOD("SetDNSSEC", "s", NULL, bus_link_method_set_dnssec, 0),
SD_BUS_METHOD("SetDNSSECNegativeTrustAnchors", "as", NULL, bus_link_method_set_dnssec_negative_trust_anchors, 0),
SD_BUS_METHOD("Revert", NULL, NULL, bus_link_method_revert, 0),
int bus_link_method_set_domains(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_link_method_set_llmnr(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_error *error);
-int bus_link_method_set_private_dns(sd_bus_message *message, void *userdata, sd_bus_error *error);
+int bus_link_method_set_dns_over_tls(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_link_method_revert(sd_bus_message *message, void *userdata, sd_bus_error *error);
l->llmnr_support = RESOLVE_SUPPORT_YES;
l->mdns_support = RESOLVE_SUPPORT_NO;
l->dnssec_mode = _DNSSEC_MODE_INVALID;
- l->private_dns_mode = _PRIVATE_DNS_MODE_INVALID;
+ l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
l->operstate = IF_OPER_UNKNOWN;
if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0)
l->llmnr_support = RESOLVE_SUPPORT_YES;
l->mdns_support = RESOLVE_SUPPORT_NO;
l->dnssec_mode = _DNSSEC_MODE_INVALID;
- l->private_dns_mode = _PRIVATE_DNS_MODE_INVALID;
+ l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
dns_server_unlink_all(l->dns_servers);
dns_search_domain_unlink_all(l->search_domains);
return r;
}
-void link_set_private_dns_mode(Link *l, PrivateDnsMode mode) {
+void link_set_dns_over_tls_mode(Link *l, DnsOverTlsMode mode) {
assert(l);
#if ! HAVE_GNUTLS
- if (mode != PRIVATE_DNS_NO)
- log_warning("Private DNS option for the link cannot be set to opportunistic when systemd-resolved is built without gnutls support. Turning off Private DNS support.");
+ if (mode != DNS_OVER_TLS_NO)
+ log_warning("DNS-over-TLS option for the link cannot be set to opportunistic when systemd-resolved is built without gnutls support. Turning off DNS-over-TLS support.");
return;
#endif
- l->private_dns_mode = mode;
+ l->dns_over_tls_mode = mode;
}
-static int link_update_private_dns_mode(Link *l) {
+static int link_update_dns_over_tls_mode(Link *l) {
_cleanup_free_ char *b = NULL;
int r;
assert(l);
- r = sd_network_link_get_private_dns(l->ifindex, &b);
+ r = sd_network_link_get_dns_over_tls(l->ifindex, &b);
if (r == -ENODATA) {
r = 0;
goto clear;
if (r < 0)
goto clear;
- l->private_dns_mode = private_dns_mode_from_string(b);
- if (l->private_dns_mode < 0) {
+ l->dns_over_tls_mode = dns_over_tls_mode_from_string(b);
+ if (l->dns_over_tls_mode < 0) {
r = -EINVAL;
goto clear;
}
return 0;
clear:
- l->private_dns_mode = _PRIVATE_DNS_MODE_INVALID;
+ l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
return r;
}
if (r < 0)
log_warning_errno(r, "Failed to read mDNS support for interface %s, ignoring: %m", l->name);
- r = link_update_private_dns_mode(l);
+ r = link_update_dns_over_tls_mode(l);
if (r < 0)
- log_warning_errno(r, "Failed to read Private DNS mode for interface %s, ignoring: %m", l->name);
+ log_warning_errno(r, "Failed to read DNS-over-TLS mode for interface %s, ignoring: %m", l->name);
r = link_update_dnssec_mode(l);
if (r < 0)
link_set_dns_server(l, l->dns_servers);
}
-PrivateDnsMode link_get_private_dns_mode(Link *l) {
+DnsOverTlsMode link_get_dns_over_tls_mode(Link *l) {
assert(l);
- if (l->private_dns_mode != _PRIVATE_DNS_MODE_INVALID)
- return l->private_dns_mode;
+ if (l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
+ return l->dns_over_tls_mode;
- return manager_get_private_dns_mode(l->manager);
+ return manager_get_dns_over_tls_mode(l->manager);
}
DnssecMode link_get_dnssec_mode(Link *l) {
ResolveSupport llmnr_support;
ResolveSupport mdns_support;
- PrivateDnsMode private_dns_mode;
+ DnsOverTlsMode dns_over_tls_mode;
DnssecMode dnssec_mode;
Set *dnssec_negative_trust_anchors;
void link_flush_settings(Link *l);
void link_set_dnssec_mode(Link *l, DnssecMode mode);
-void link_set_private_dns_mode(Link *l, PrivateDnsMode mode);
+void link_set_dns_over_tls_mode(Link *l, DnsOverTlsMode mode);
void link_allocate_scopes(Link *l);
DnsServer* link_set_dns_server(Link *l, DnsServer *s);
DnssecMode link_get_dnssec_mode(Link *l);
bool link_dnssec_supported(Link *l);
-PrivateDnsMode link_get_private_dns_mode(Link *l);
+DnsOverTlsMode link_get_dns_over_tls_mode(Link *l);
int link_save_user(Link *l);
int link_load_user(Link *l);
m->llmnr_support = RESOLVE_SUPPORT_YES;
m->mdns_support = RESOLVE_SUPPORT_YES;
m->dnssec_mode = DEFAULT_DNSSEC_MODE;
- m->private_dns_mode = DEFAULT_PRIVATE_DNS_MODE;
+ m->dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE;
m->enable_cache = true;
m->dns_stub_listener_mode = DNS_STUB_LISTENER_UDP;
m->read_resolv_conf = true;
return true;
}
-PrivateDnsMode manager_get_private_dns_mode(Manager *m) {
+DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m) {
assert(m);
- if (m->private_dns_mode != _PRIVATE_DNS_MODE_INVALID)
- return m->private_dns_mode;
+ if (m->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
+ return m->dns_over_tls_mode;
- return PRIVATE_DNS_NO;
+ return DNS_OVER_TLS_NO;
}
void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {
ResolveSupport llmnr_support;
ResolveSupport mdns_support;
DnssecMode dnssec_mode;
- PrivateDnsMode private_dns_mode;
+ DnsOverTlsMode dns_over_tls_mode;
bool enable_cache;
DnsStubListenerMode dns_stub_listener_mode;
DnssecMode manager_get_dnssec_mode(Manager *m);
bool manager_dnssec_supported(Manager *m);
-PrivateDnsMode manager_get_private_dns_mode(Manager *m);
+DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m);
void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key);
#LLMNR=yes
#MulticastDNS=yes
#DNSSEC=@DEFAULT_DNSSEC_MODE@
-#PrivateDNS=@DEFAULT_PRIVATE_DNS_MODE@
+#DNSOverTLS=@DEFAULT_DNS_OVER_TLS_MODE@
#Cache=yes
#DNSStubListener=udp
DEFINE_CONFIG_PARSE_ENUM(config_parse_resolve_support, resolve_support, ResolveSupport, "Failed to parse resolve support setting");
DEFINE_CONFIG_PARSE_ENUM(config_parse_dnssec_mode, dnssec_mode, DnssecMode, "Failed to parse DNSSEC mode setting");
-DEFINE_CONFIG_PARSE_ENUM(config_parse_private_dns_mode, private_dns_mode, PrivateDnsMode, "Failed to parse private DNS mode setting");
+DEFINE_CONFIG_PARSE_ENUM(config_parse_dns_over_tls_mode, dns_over_tls_mode, DnsOverTlsMode, "Failed to parse DNS-over-TLS mode setting");
static const char* const resolve_support_table[_RESOLVE_SUPPORT_MAX] = {
[RESOLVE_SUPPORT_NO] = "no",
};
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dnssec_mode, DnssecMode, DNSSEC_YES);
-static const char* const private_dns_mode_table[_PRIVATE_DNS_MODE_MAX] = {
- [PRIVATE_DNS_NO] = "no",
- [PRIVATE_DNS_OPPORTUNISTIC] = "opportunistic",
+static const char* const dns_over_tls_mode_table[_DNS_OVER_TLS_MODE_MAX] = {
+ [DNS_OVER_TLS_NO] = "no",
+ [DNS_OVER_TLS_OPPORTUNISTIC] = "opportunistic",
};
-DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(private_dns_mode, PrivateDnsMode, _PRIVATE_DNS_MODE_INVALID);
+DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_over_tls_mode, DnsOverTlsMode, _DNS_OVER_TLS_MODE_INVALID);
typedef enum ResolveSupport ResolveSupport;
typedef enum DnssecMode DnssecMode;
-typedef enum PrivateDnsMode PrivateDnsMode;
+typedef enum DnsOverTlsMode DnsOverTlsMode;
enum ResolveSupport {
RESOLVE_SUPPORT_NO,
_DNSSEC_MODE_INVALID = -1
};
-enum PrivateDnsMode {
+enum DnsOverTlsMode {
/* No connection is made for DNS-over-TLS */
- PRIVATE_DNS_NO,
+ DNS_OVER_TLS_NO,
/* Try to connect using DNS-over-TLS, but if connection fails,
* fallback to using an unencrypted connection */
- PRIVATE_DNS_OPPORTUNISTIC,
+ DNS_OVER_TLS_OPPORTUNISTIC,
- _PRIVATE_DNS_MODE_MAX,
- _PRIVATE_DNS_MODE_INVALID = -1
+ _DNS_OVER_TLS_MODE_MAX,
+ _DNS_OVER_TLS_MODE_INVALID = -1
};
CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support);
CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode);
-CONFIG_PARSER_PROTOTYPE(config_parse_private_dns_mode);
+CONFIG_PARSER_PROTOTYPE(config_parse_dns_over_tls_mode);
const char* resolve_support_to_string(ResolveSupport p) _const_;
ResolveSupport resolve_support_from_string(const char *s) _pure_;
const char* dnssec_mode_to_string(DnssecMode p) _const_;
DnssecMode dnssec_mode_from_string(const char *s) _pure_;
-const char* private_dns_mode_to_string(PrivateDnsMode p) _const_;
-PrivateDnsMode private_dns_mode_from_string(const char *s) _pure_;
+const char* dns_over_tls_mode_to_string(DnsOverTlsMode p) _const_;
+DnsOverTlsMode dns_over_tls_mode_from_string(const char *s) _pure_;
*/
int sd_network_link_get_mdns(int ifindex, char **mdns);
-/* Indicates whether or not Private DNS should be enabled for the
+/* Indicates whether or not DNS-over-TLS should be enabled for the
* link.
* Possible levels of support: strict, no, opportunistic
* Possible return codes:
* -ENODATA: networkd is not aware of the link
*/
-int sd_network_link_get_private_dns(int ifindex, char **private_dns);
+int sd_network_link_get_dns_over_tls(int ifindex, char **dns_over_tls);
/* Indicates whether or not DNSSEC should be enabled for the link
* Possible levels of support: yes, no, allow-downgrade