From 6d2247208973fd40a4c8f7cc11f11c09470d074c Mon Sep 17 00:00:00 2001 From: Nick Rosbrook Date: Fri, 22 Aug 2025 10:46:50 -0400 Subject: [PATCH] resolve: re-create link unicast scopes on reload On reload, resolved does not apply new DNSSEC= (or DNSOverTLS=) settings on links, because the link unicast scopes are not re-created. However, the servers and link states are updated correctly, so resolvectl and link state files do show the new setting, leading users to believe the change took effect immediately, the same way `resolvectl dnssec` does. Fix this by freeing all of the link unicast scopes during reload, so that they are re-created with the new settings in link_allocate_scopes(). --- src/resolve/resolved-manager.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c index 66bd7982f5d..d58026f48d7 100644 --- a/src/resolve/resolved-manager.c +++ b/src/resolve/resolved-manager.c @@ -645,6 +645,7 @@ static void manager_set_defaults(Manager *m) { static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) { Manager *m = ASSERT_PTR(userdata); + Link *l; int r; (void) notify_reloading(); @@ -679,6 +680,12 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa if (r < 0) return sd_event_exit(sd_event_source_get_event(s), r); + /* A link's unicast scope may also be influenced by the manager's configuration. I.e., DNSSEC= and DNSOverTLS= + * from the manager will be used if not explicitly configured on the link. Free the scopes here so that + * link_allocate_scopes() in on_network_event() re-creates them. */ + HASHMAP_FOREACH(l, m->links) + l->unicast_scope = dns_scope_free(l->unicast_scope); + /* The configuration has changed, so reload the per-interface configuration too in order to take * into account any changes (e.g.: enable/disable DNSSEC). */ r = on_network_event(/* source= */ NULL, -EBADF, /* revents= */ 0, m); -- 2.47.3