]> git.ipfire.org Git - thirdparty/systemd.git/commit
dns-delegates: add support for setting a firewall mark
authorr-vdp <ramses@well-founded.dev>
Thu, 12 Feb 2026 21:52:54 +0000 (23:52 +0200)
committerLennart Poettering <lennart@poettering.net>
Mon, 16 Feb 2026 10:09:48 +0000 (11:09 +0100)
commite271497d97acf54bd35fd7f859859b2dac97418e
treebbff7bdc95166799a72d7040bd864427753a88de
parenta5ceab95ab8998ddec390f20dbcd8f61e8af4a28
dns-delegates: add support for setting a firewall mark

This makes it possible to have DNS requests for certain domains routed
differently than normal requests, which is for instance useful when
using policy routing to route traffic over a VPN but DNS requests for
the VPN endpoint itself, should be routed differently.

It doesn't make much sense to configure a firewall mark at the level of
a network interface, but at the level of a DNS delegate it can be very
useful.
man/systemd.dns-delegate.xml
src/resolve/resolved-dns-delegate-gperf.gperf
src/resolve/resolved-dns-delegate.h
src/resolve/resolved-dns-scope.c
test/units/TEST-75-RESOLVED.sh