resolve: re-create link unicast scopes on reload

On reload, resolved does not apply new DNSSEC= (or DNSOverTLS=) settings
on links, because the link unicast scopes are not re-created. However,
the servers and link states are updated correctly, so resolvectl and link
state files do show the new setting, leading users to believe the change
took effect immediately, the same way `resolvectl dnssec` does.

Fix this by freeing all of the link unicast scopes during reload, so
that they are re-created with the new settings in link_allocate_scopes().

diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index 66bd7982f5dbca8f4ba79eb2b60ed06afd2fe872..d58026f48d77aa6b7a6b206f7a2bb4bb293664c3 100644 (file)
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -645,6 +645,7 @@ static void manager_set_defaults(Manager *m) {
 
 static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
         Manager *m = ASSERT_PTR(userdata);
+        Link *l;
         int r;
 
         (void) notify_reloading();
@@ -679,6 +680,12 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa
         if (r < 0)
                 return sd_event_exit(sd_event_source_get_event(s), r);
 
+        /* A link's unicast scope may also be influenced by the manager's configuration. I.e., DNSSEC= and DNSOverTLS=
+         * from the manager will be used if not explicitly configured on the link. Free the scopes here so that
+         * link_allocate_scopes() in on_network_event() re-creates them. */
+        HASHMAP_FOREACH(l, m->links)
+                l->unicast_scope = dns_scope_free(l->unicast_scope);
+
         /* The configuration has changed, so reload the per-interface configuration too in order to take
          * into account any changes (e.g.: enable/disable DNSSEC). */
         r = on_network_event(/* source= */ NULL, -EBADF, /* revents= */ 0, m);