Implement DNS notifications from resolved via varlink

* The new varlink interface exposes a method to subscribe to DNS resolutions on the system. The socket permissions are open for owner and group only. * Notifications are sent to subscriber(s), if any, after successful resolution of A and AAAA records. This feature could be used by applications for auditing/logging services downstream of the resolver. It could also be used to asynchronously update the firewall. For example, a system that has a tightly configured firewall could open up connections selectively to known good hosts based on a known allow-list of hostnames. Of course, updating the firewall asynchronously will require other design considerations (such as queueing packets in the user space while a verdict is made). See also: https://lists.freedesktop.org/archives/systemd-devel/2022-August/048202.html https://lists.freedesktop.org/archives/systemd-devel/2022-February/047441.html
author: Suraj Krishnan <72937403+surajkrishnan14@users.noreply.github.com> 2022-04-26 17:09:02 -0500
committer: Luca Boccassi <luca.boccassi@gmail.com> 2022-09-09 09:22:57 +0100
commit: cb456374e096f0ebe9b70d7ddd98e16a4be24ee6 (patch)
tree: 514bb0753834490ab81e8a21669abe28ba66205a /man/org.freedesktop.resolve1.xml
parent: 761787fc88aff81f3e97da07ac829f431479fe0b (diff)
download: systemd-cb456374e096f0ebe9b70d7ddd98e16a4be24ee6.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/man/org.freedesktop.resolve1.xml b/man/org.freedesktop.resolve1.xml
index 54f0a18418..d3aedbc13e 100644
--- a/man/org.freedesktop.resolve1.xml
+++ b/man/org.freedesktop.resolve1.xml
@@ -149,6 +149,7 @@ node /org/freedesktop/resolve1 {
       readonly s DNSStubListener = '...';
       @org.freedesktop.DBus.Property.EmitsChangedSignal("false")
       readonly s ResolvConfMode = '...';
+      readonly b Monitor = ...;
   };
   interface org.freedesktop.DBus.Peer { ... };
   interface org.freedesktop.DBus.Introspectable { ... };
@@ -250,6 +251,8 @@ node /org/freedesktop/resolve1 {
 
     <variablelist class="dbus-property" generated="True" extra-ref="ResolvConfMode"/>
 
+    <variablelist class="dbus-property" generated="True" extra-ref="Monitor"/>
+
     <!--End of Autogenerated section-->
 
     <refsect2>
@@ -634,6 +637,8 @@ node /org/freedesktop/resolve1 {
       enabled. Possible values are <literal>yes</literal> (enabled), <literal>no</literal> (disabled),
       <literal>udp</literal> (only the UDP listener is enabled), and <literal>tcp</literal> (only the TCP
       listener is enabled).</para>
+
+      <para>The <varname>Monitor</varname> boolean property reports whether DNS monitoring is enabled.</para>
     </refsect2>
   </refsect1>
author	Suraj Krishnan <72937403+surajkrishnan14@users.noreply.github.com>	2022-04-26 17:09:02 -0500
committer	Luca Boccassi <luca.boccassi@gmail.com>	2022-09-09 09:22:57 +0100
commit	cb456374e096f0ebe9b70d7ddd98e16a4be24ee6 (patch)
tree	514bb0753834490ab81e8a21669abe28ba66205a /man/org.freedesktop.resolve1.xml
parent	761787fc88aff81f3e97da07ac829f431479fe0b (diff)
download	systemd-cb456374e096f0ebe9b70d7ddd98e16a4be24ee6.tar.gz