diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-11-03 20:08:51 +0100 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2021-02-15 10:47:41 +0900 |
| commit | d711322c131edae9bbd7c6df30d96ae2c5977d4b (patch) | |
| tree | fadf6ebcc7b42b13e75ba6132d1da2c1e65e9f9c | |
| parent | 547f9b0dc560bb223b941c742c8e3c7ed9ef1e14 (diff) | |
| download | systemd-d711322c131edae9bbd7c6df30d96ae2c5977d4b.tar.gz | |
resolvectl: add support for various new flags
| -rw-r--r-- | man/resolvectl.xml | 59 | ||||
| -rw-r--r-- | src/resolve/resolvectl.c | 64 |
2 files changed, 121 insertions, 2 deletions
diff --git a/man/resolvectl.xml b/man/resolvectl.xml index fb6cae7b9b..7662349cc5 100644 --- a/man/resolvectl.xml +++ b/man/resolvectl.xml @@ -263,6 +263,65 @@ </varlistentry> <varlistentry> + <term><option>--validate=</option><replaceable>BOOL</replaceable></term> + + <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true + (the default), DNSSEC validation is applied as usual — under the condition that it is enabled for the + network and for <filename>systemd-resolved.service</filename> as a whole. If false, DNSSEC validation + is disabled for the specific query, regardless of whether it is enabled for the network or in the + service. Note that setting this option to true does not force DNSSEC validation on systems/networks + where DNSSEC is turned off. This option is only suitable to turn off such validation where otherwise + enabled, not enable validation where otherwise disabled.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--synthesize=</option><replaceable>BOOL</replaceable></term> + + <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true + (the default), select domains are resolved on the local system, among them + <literal>localhost</literal> and <literal>_gateway</literal> or entries from + <filename>/etc/hosts</filename>. If false these domains are not resolved locally, and either fail (in + case of <literal>localhost</literal> or <literal>_gateway</literal> and suchlike) or go to the + network via regular DNS/mDNS/LLMNR lookups (in case of <filename>/etc/hosts</filename> + entries).</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--cache=</option><replaceable>BOOL</replaceable></term> + + <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true + (the default), lookups use the local DNS resource record cache. If false, lookups are routed to the + network instead, regardless if already available in the local cache.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--zone=</option><replaceable>BOOL</replaceable></term> + + <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true + (the default), lookups are answered from locally registered LLMNR or mDNS resource records, if + defined. If false, locally registered LLMNR/mDNS records are not considered for the lookup + request.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--trust-anchor=</option><replaceable>BOOL</replaceable></term> + + <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true + (the default), lookups for DS and DNSKEY are answered from the local DNSSEC trust anchors if + possible. If false, the local trust store is not considered for the lookup request.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--network=</option><replaceable>BOOL</replaceable></term> + + <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true + (the default), lookups are answered via DNS, LLMNR or mDNS network requests if they cannot be + synthesized locally, or be answered from the local cache, zone or trust anchors (see above). If false, + the request is not answered from the network and will thus fail if none of the indicated sources can + answer them.</para></listitem> + </varlistentry> + + <varlistentry> <term><option>--search=</option><replaceable>BOOL</replaceable></term> <listitem><para>Takes a boolean parameter. If true (the default), any specified single-label hostnames will be diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c index 7185424502..e7ee735428 100644 --- a/src/resolve/resolvectl.c +++ b/src/resolve/resolvectl.c @@ -2620,8 +2620,14 @@ static int native_help(void) { " --service-address=BOOL Resolve address for services (default: yes)\n" " --service-txt=BOOL Resolve TXT records for services (default: yes)\n" " --cname=BOOL Follow CNAME redirects (default: yes)\n" - " --search=BOOL Use search domains for single-label names\n" - " (default: yes)\n" + " --validate=BOOL Allow DNSSEC validation (default: yes)\n" + " --synthesize=BOOL Allow synthetic response (default: yes)\n" + " --cache=BOOL Allow response from cache (default: yes)\n" + " --zone=BOOL Allow response from locally registered mDNS/LLMNR\n" + " records (default: yes)\n" + " --trust-anchor=BOOL Allow response from local trust anchor (default: yes)\n" + " --network=BOOL Allow response from network (default: yes)\n" + " --search=BOOL Use search domains for single-label names (default: yes)\n" " --raw[=payload|packet] Dump the answer as binary data\n" " --legend=BOOL Print headers and additional info (default: yes)\n" "\nSee the %s for details.\n", @@ -2961,6 +2967,12 @@ static int native_parse_argv(int argc, char *argv[]) { ARG_VERSION = 0x100, ARG_LEGEND, ARG_CNAME, + ARG_VALIDATE, + ARG_SYNTHESIZE, + ARG_CACHE, + ARG_ZONE, + ARG_TRUST_ANCHOR, + ARG_NETWORK, ARG_SERVICE_ADDRESS, ARG_SERVICE_TXT, ARG_RAW, @@ -2977,6 +2989,12 @@ static int native_parse_argv(int argc, char *argv[]) { { "interface", required_argument, NULL, 'i' }, { "protocol", required_argument, NULL, 'p' }, { "cname", required_argument, NULL, ARG_CNAME }, + { "validate", required_argument, NULL, ARG_VALIDATE }, + { "synthesize", required_argument, NULL, ARG_SYNTHESIZE }, + { "cache", required_argument, NULL, ARG_CACHE }, + { "zone", required_argument, NULL, ARG_ZONE }, + { "trust-anchor", required_argument, NULL, ARG_TRUST_ANCHOR }, + { "network", required_argument, NULL, ARG_NETWORK }, { "service-address", required_argument, NULL, ARG_SERVICE_ADDRESS }, { "service-txt", required_argument, NULL, ARG_SERVICE_TXT }, { "raw", optional_argument, NULL, ARG_RAW }, @@ -3100,6 +3118,48 @@ static int native_parse_argv(int argc, char *argv[]) { SET_FLAG(arg_flags, SD_RESOLVED_NO_CNAME, r == 0); break; + case ARG_VALIDATE: + r = parse_boolean(optarg); + if (r < 0) + return log_error_errno(r, "Failed to parse --validate= argument."); + SET_FLAG(arg_flags, SD_RESOLVED_NO_VALIDATE, r == 0); + break; + + case ARG_SYNTHESIZE: + r = parse_boolean(optarg); + if (r < 0) + return log_error_errno(r, "Failed to parse --synthesize= argument."); + SET_FLAG(arg_flags, SD_RESOLVED_NO_SYNTHESIZE, r == 0); + break; + + case ARG_CACHE: + r = parse_boolean(optarg); + if (r < 0) + return log_error_errno(r, "Failed to parse --cache= argument."); + SET_FLAG(arg_flags, SD_RESOLVED_NO_CACHE, r == 0); + break; + + case ARG_ZONE: + r = parse_boolean(optarg); + if (r < 0) + return log_error_errno(r, "Failed to parse --zone= argument."); + SET_FLAG(arg_flags, SD_RESOLVED_NO_ZONE, r == 0); + break; + + case ARG_TRUST_ANCHOR: + r = parse_boolean(optarg); + if (r < 0) + return log_error_errno(r, "Failed to parse --trust-anchor= argument."); + SET_FLAG(arg_flags, SD_RESOLVED_NO_TRUST_ANCHOR, r == 0); + break; + + case ARG_NETWORK: + r = parse_boolean(optarg); + if (r < 0) + return log_error_errno(r, "Failed to parse --network= argument."); + SET_FLAG(arg_flags, SD_RESOLVED_NO_NETWORK, r == 0); + break; + case ARG_SERVICE_ADDRESS: r = parse_boolean(optarg); if (r < 0) |