From eded61e410dfa6c16ae68cb624c58122fb18fd0e Mon Sep 17 00:00:00 2001 From: Ronan Pigott Date: Mon, 19 Aug 2024 13:18:10 -0700 Subject: [PATCH] resolved: demote the global unicast scope This will greatly reduce the number of cases where the global unicast scope overlaps with link scopes configured as default-route, making it feasible to use the global DNS setting in conjunction with per-link dns servers configured by the network. This change is preferred over demoting links to default-route=no where the user prefers to use the network provided DNS servers, and I expect it is non-disruptive in that it should not degrade the efficacy of any existing configuration. --- man/systemd-resolved.service.xml | 5 ++++- src/resolve/resolved-dns-scope.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/man/systemd-resolved.service.xml b/man/systemd-resolved.service.xml index 13c0da987fe..34f05bd8b0a 100644 --- a/man/systemd-resolved.service.xml +++ b/man/systemd-resolved.service.xml @@ -217,7 +217,10 @@ If a query does not match any configured routing domain (either per-link or global), it is sent to all DNS servers that are configured on links with the DefaultRoute= - option set, as well as the globally configured DNS server. + option set. + + If no links are configured with DefaultRoute=, it is sent to the + globally configured DNS server. If there is no link configured as DefaultRoute= and no global DNS server configured, one of the compiled-in fallback DNS servers is used. diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 21b9844e047..3bb7c0aa219 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -778,7 +778,8 @@ DnsScopeMatch dns_scope_good_domain( if (!dns_scope_is_default_route(s)) return DNS_SCOPE_NO; - return DNS_SCOPE_MAYBE; + /* Prefer suitable per-link scopes where possible */ + return s->link ? DNS_SCOPE_MAYBE : DNS_SCOPE_LAST_RESORT; } case DNS_PROTOCOL_MDNS: { -- 2.47.3