diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-12-20 14:16:44 +0100 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2021-12-21 02:28:52 +0900 |
| commit | 8ef114c692846b0a801807a087ee65a1c7c6c7c3 (patch) | |
| tree | ddd24eda454e89989161c2a5be62a092570ceec1 /man/nss-resolve.xml | |
| parent | 616779c345757fb7213cff12fb541db4c3b397b8 (diff) | |
| download | systemd-8ef114c692846b0a801807a087ee65a1c7c6c7c3.tar.gz | |
nss-resolve: expose various source-disablement settings as variables
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2006761:
> systemd-resolved always (reverse)-resolves the host's IP addresses and FQDN.
> This can be harmful when an application (for instance, a DNS zone manager) is
> installed on the same server instance. That application would expect
> NXDOMAIN to be returned if the current server's IP does not belong in an
> already managed reverse zone.
This allows clients of nss-resolve to use the same config options that are
available through the dbus api and as command-line options to resolvectl.
The man page text is is mostly copied directly from
c6f20515ab600098b5c2871bae2e9ecab3b41555.
Diffstat (limited to 'man/nss-resolve.xml')
| -rw-r--r-- | man/nss-resolve.xml | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml index 7d427b1a1a..061d0d74bb 100644 --- a/man/nss-resolve.xml +++ b/man/nss-resolve.xml @@ -76,6 +76,55 @@ unreliable.</para></listitem> </varlistentry> </variablelist> + + <variablelist class='environment-variables'> + <varlistentry> + <term><varname>$SYSTEMD_NSS_RESOLVE_SYNTHESIZE</varname></term> + + <listitem><para>Takes a boolean argument. When false, synthetic records, e.g. for the local host + name, will not be returned. See section SYNTHETIC RECORDS in + <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> + for more information. This may be useful to query the "public" resource records, independent of the + configuration of the local machine.</para></listitem> + </varlistentry> + </variablelist> + + <variablelist class='environment-variables'> + <varlistentry> + <term><varname>$SYSTEMD_NSS_RESOLVE_CACHE</varname></term> + + <listitem><para>Takes a boolean argument. When false, the cache of previously queried records will + not be used by <filename>systemd-resolved</filename>.</para></listitem> + </varlistentry> + </variablelist> + + <variablelist class='environment-variables'> + <varlistentry> + <term><varname>$SYSTEMD_NSS_RESOLVE_ZONE</varname></term> + + <listitem><para>Takes a boolean argument. When false, answers using locally registered public + LLMNR/mDNS resource records will not be returned.</para></listitem> + </varlistentry> + </variablelist> + + <variablelist class='environment-variables'> + <varlistentry> + <term><varname>$SYSTEMD_NSS_RESOLVE_TRUST_ANCHOR</varname></term> + + <listitem><para>Takes a boolean argument. When false, answers using locally configured trust anchors + will not be used.</para></listitem> + </varlistentry> + </variablelist> + + <variablelist class='environment-variables'> + <varlistentry> + <term><varname>$SYSTEMD_NSS_RESOLVE_NETWORK</varname></term> + + <listitem><para>Takes a boolean argument. When false, answers will be returned without using the + network, i.e. either from local sources or the cache in <filename>systemd-resolved</filename>. + </para></listitem> + </varlistentry> + </variablelist> </refsect1> <refsect1> |