From: Nick Rosbrook Date: Fri, 22 Aug 2025 14:46:50 +0000 (-0400) Subject: resolve: re-create link unicast scopes on reload X-Git-Tag: v258-rc4~38 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6d2247208973fd40a4c8f7cc11f11c09470d074c;p=thirdparty%2Fsystemd.git resolve: re-create link unicast scopes on reload On reload, resolved does not apply new DNSSEC= (or DNSOverTLS=) settings on links, because the link unicast scopes are not re-created. However, the servers and link states are updated correctly, so resolvectl and link state files do show the new setting, leading users to believe the change took effect immediately, the same way `resolvectl dnssec` does. Fix this by freeing all of the link unicast scopes during reload, so that they are re-created with the new settings in link_allocate_scopes(). --- diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c index 66bd7982f5d..d58026f48d7 100644 --- a/src/resolve/resolved-manager.c +++ b/src/resolve/resolved-manager.c @@ -645,6 +645,7 @@ static void manager_set_defaults(Manager *m) { static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) { Manager *m = ASSERT_PTR(userdata); + Link *l; int r; (void) notify_reloading(); @@ -679,6 +680,12 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa if (r < 0) return sd_event_exit(sd_event_source_get_event(s), r); + /* A link's unicast scope may also be influenced by the manager's configuration. I.e., DNSSEC= and DNSOverTLS= + * from the manager will be used if not explicitly configured on the link. Free the scopes here so that + * link_allocate_scopes() in on_network_event() re-creates them. */ + HASHMAP_FOREACH(l, m->links) + l->unicast_scope = dns_scope_free(l->unicast_scope); + /* The configuration has changed, so reload the per-interface configuration too in order to take * into account any changes (e.g.: enable/disable DNSSEC). */ r = on_network_event(/* source= */ NULL, -EBADF, /* revents= */ 0, m);