From: Lennart Poettering Date: Tue, 20 May 2025 22:32:07 +0000 (+0200) Subject: resolved: add new "DNS Delegate" concepts (#34368) X-Git-Tag: v258-rc1~563 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=81a1f8eeba45731d92dd2975bd35a29d52e11242;p=thirdparty%2Fsystemd.git resolved: add new "DNS Delegate" concepts (#34368) Various long standing issues (at least: #5573 #14159 #20485 #21260 #24532 #32022 #18056) have been asking for a way to delegate DNS resolution of specific domains to very specific DNS servers. This PR goes a major step towards that goal by adding a new concept "DNS Delegate" which allows to configure just that. Basically, this adds a third kind of DNS scope to resolved's logic: besides the per-link and global DNS scopes there are now also "delegate" scopes, which can be created by dropping in a new file /etc/systemd/dns-delegate/*.conf. They carry DNS= and Domains= lines just like the global setting or what the per-link configuration can carry. And they are consulted the same way as link DNS scopes are considered, following the same routing rules. This allows to configure these DNS delegates statically via drop-in files as mentioned, and only adds the most basic functionality. Later on we might want to extend this: 1. Allow dynamic creation of DNS delegates via IPC with lifecycle bound to IPC client (usecase: installing a DNS delegate that routes traffic to some DNS-over-TLS server once basic setup is complete). 2. Allow configuration of protocol details per delegate the same way this is currently allowed per-link. 3. Instead of strictly using DNS as delegation protocol, support an alternative varlink based protocol (without retransmission problems and so on) that systemd-machined and similar can implement. This PR is not complete yet. Lacks docs and tests. Seems to work fine in my local tests however. Fixes: #5573 Fixes: #18056 Fixes: #20485 --- 81a1f8eeba45731d92dd2975bd35a29d52e11242