resolvectl: add support for various new flags

1 files changed, 59 insertions, 0 deletions

diff --git a/man/resolvectl.xml b/man/resolvectl.xml
index fb6cae7b9b..7662349cc5 100644
--- a/man/resolvectl.xml
+++ b/man/resolvectl.xml
@@ -263,6 +263,65 @@
       </varlistentry>
 
       <varlistentry>
+        <term><option>--validate=</option><replaceable>BOOL</replaceable></term>
+
+        <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
+        (the default), DNSSEC validation is applied as usual — under the condition that it is enabled for the
+        network and for <filename>systemd-resolved.service</filename> as a whole. If false, DNSSEC validation
+        is disabled for the specific query, regardless of whether it is enabled for the network or in the
+        service. Note that setting this option to true does not force DNSSEC validation on systems/networks
+        where DNSSEC is turned off. This option is only suitable to turn off such validation where otherwise
+        enabled, not enable validation where otherwise disabled.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--synthesize=</option><replaceable>BOOL</replaceable></term>
+
+        <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
+        (the default), select domains are resolved on the local system, among them
+        <literal>localhost</literal> and <literal>_gateway</literal> or entries from
+        <filename>/etc/hosts</filename>. If false these domains are not resolved locally, and either fail (in
+        case of <literal>localhost</literal> or <literal>_gateway</literal> and suchlike) or go to the
+        network via regular DNS/mDNS/LLMNR lookups (in case of <filename>/etc/hosts</filename>
+        entries).</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--cache=</option><replaceable>BOOL</replaceable></term>
+
+        <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
+        (the default), lookups use the local DNS resource record cache. If false, lookups are routed to the
+        network instead, regardless if already available in the local cache.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--zone=</option><replaceable>BOOL</replaceable></term>
+
+        <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
+        (the default), lookups are answered from locally registered LLMNR or mDNS resource records, if
+        defined. If false, locally registered LLMNR/mDNS records are not considered for the lookup
+        request.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--trust-anchor=</option><replaceable>BOOL</replaceable></term>
+
+        <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
+        (the default), lookups for DS and DNSKEY are answered from the local DNSSEC trust anchors if
+        possible. If false, the local trust store is not considered for the lookup request.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--network=</option><replaceable>BOOL</replaceable></term>
+
+        <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
+        (the default), lookups are answered via DNS, LLMNR or mDNS network requests if they cannot be
+        synthesized locally, or be answered from the local cache, zone or trust anchors (see above). If false,
+        the request is not answered from the network and will thus fail if none of the indicated sources can
+        answer them.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><option>--search=</option><replaceable>BOOL</replaceable></term>
 
         <listitem><para>Takes a boolean parameter. If true (the default), any specified single-label hostnames will be