From fc74fb8cb38fe3e68d1dec341fbd3cee850ff814 Mon Sep 17 00:00:00 2001 From: Nick Rosbrook Date: Fri, 22 Aug 2025 10:46:50 -0400 Subject: [PATCH] resolve: re-create link unicast scopes on reload On reload, resolved does not apply new DNSSEC= (or DNSOverTLS=) settings on links, because the link unicast scopes are not re-created. However, the servers and link states are updated correctly, so resolvectl and link state files do show the new setting, leading users to believe the change took effect immediately, the same way `resolvectl dnssec` does. Fix this by freeing all of the link unicast scopes during reload, so that they are re-created with the new settings in link_allocate_scopes(). (cherry picked from commit 6d2247208973fd40a4c8f7cc11f11c09470d074c) --- src/resolve/resolved-manager.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c index 5ca40726b5d..86e019e0d5b 100644 --- a/src/resolve/resolved-manager.c +++ b/src/resolve/resolved-manager.c @@ -594,6 +594,7 @@ static void manager_set_defaults(Manager *m) { static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) { Manager *m = ASSERT_PTR(userdata); + Link *l; int r; (void) notify_reloading(); @@ -629,6 +630,12 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa if (r < 0) return r; + /* A link's unicast scope may also be influenced by the manager's configuration. I.e., DNSSEC= and DNSOverTLS= + * from the manager will be used if not explicitly configured on the link. Free the scopes here so that + * link_allocate_scopes() in on_network_event() re-creates them. */ + HASHMAP_FOREACH(l, m->links) + l->unicast_scope = dns_scope_free(l->unicast_scope); + /* The configuration has changed, so reload the per-interface configuration too in order to take * into account any changes (e.g.: enable/disable DNSSEC). */ r = on_network_event(/* sd_event_source= */ NULL, -EBADF, /* revents= */ 0, m); -- 2.47.3