resolve: re-create link unicast scopes on reload

On reload, resolved does not apply new DNSSEC= (or DNSOverTLS=) settings
on links, because the link unicast scopes are not re-created. However,
the servers and link states are updated correctly, so resolvectl and link
state files do show the new setting, leading users to believe the change
took effect immediately, the same way `resolvectl dnssec` does.

Fix this by freeing all of the link unicast scopes during reload, so
that they are re-created with the new settings in link_allocate_scopes().

(cherry picked from commit 6d2247208973fd40a4c8f7cc11f11c09470d074c)

diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index 5ca40726b5d24cc8e5619e5ed97875ef0ee5cd47..86e019e0d5bd8cf7ef8da514325d530d20fa0614 100644 (file)
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -594,6 +594,7 @@ static void manager_set_defaults(Manager *m) {
 
 static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
         Manager *m = ASSERT_PTR(userdata);
+        Link *l;
         int r;
 
         (void) notify_reloading();
@@ -629,6 +630,12 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa
         if (r < 0)
                 return r;
 
+        /* A link's unicast scope may also be influenced by the manager's configuration. I.e., DNSSEC= and DNSOverTLS=
+         * from the manager will be used if not explicitly configured on the link. Free the scopes here so that
+         * link_allocate_scopes() in on_network_event() re-creates them. */
+        HASHMAP_FOREACH(l, m->links)
+                l->unicast_scope = dns_scope_free(l->unicast_scope);
+
         /* The configuration has changed, so reload the per-interface configuration too in order to take
          * into account any changes (e.g.: enable/disable DNSSEC). */
         r = on_network_event(/* sd_event_source= */ NULL, -EBADF, /* revents= */ 0, m);