From: Ronan Pigott Date: Mon, 19 Aug 2024 20:18:10 +0000 (-0700) Subject: resolved: demote the global unicast scope X-Git-Tag: v257-rc1~679 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=eded61e410df;p=thirdparty%2Fsystemd.git resolved: demote the global unicast scope This will greatly reduce the number of cases where the global unicast scope overlaps with link scopes configured as default-route, making it feasible to use the global DNS setting in conjunction with per-link dns servers configured by the network. This change is preferred over demoting links to default-route=no where the user prefers to use the network provided DNS servers, and I expect it is non-disruptive in that it should not degrade the efficacy of any existing configuration. --- diff --git a/man/systemd-resolved.service.xml b/man/systemd-resolved.service.xml index 13c0da987fe..34f05bd8b0a 100644 --- a/man/systemd-resolved.service.xml +++ b/man/systemd-resolved.service.xml @@ -217,7 +217,10 @@ If a query does not match any configured routing domain (either per-link or global), it is sent to all DNS servers that are configured on links with the DefaultRoute= - option set, as well as the globally configured DNS server. + option set. + + If no links are configured with DefaultRoute=, it is sent to the + globally configured DNS server. If there is no link configured as DefaultRoute= and no global DNS server configured, one of the compiled-in fallback DNS servers is used. diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 21b9844e047..3bb7c0aa219 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -778,7 +778,8 @@ DnsScopeMatch dns_scope_good_domain( if (!dns_scope_is_default_route(s)) return DNS_SCOPE_NO; - return DNS_SCOPE_MAYBE; + /* Prefer suitable per-link scopes where possible */ + return s->link ? DNS_SCOPE_MAYBE : DNS_SCOPE_LAST_RESORT; } case DNS_PROTOCOL_MDNS: {