diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-06-03 17:01:34 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-06-18 21:28:52 +0200 |
| commit | 2bd5e1b272cf6f639e024794cb236de1a2f9835e (patch) | |
| tree | 7fd431a8dc0bab45305778d9a315f105b8e31e5c /man/resolved.conf.xml | |
| parent | 3b5bd7d6b89266ab8355f4baa1541c28149a085f (diff) | |
| download | systemd-2bd5e1b272cf6f639e024794cb236de1a2f9835e.tar.gz | |
man: document the new option
Also correct "stub resolver" → "systemd-resolved" in one other option.
Diffstat (limited to 'man/resolved.conf.xml')
| -rw-r--r-- | man/resolved.conf.xml | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml index 33265f755c..0e9b90c1cd 100644 --- a/man/resolved.conf.xml +++ b/man/resolved.conf.xml @@ -266,11 +266,28 @@ <varlistentry> <term><varname>ReadEtcHosts=</varname></term> - <listitem><para>Takes a boolean argument. If <literal>yes</literal> (the default), the DNS stub resolver will read - <filename>/etc/hosts</filename>, and try to resolve hosts or address by using the entries in the file before - sending query to DNS servers.</para></listitem> + <listitem><para>Takes a boolean argument. If <literal>yes</literal> (the default), + <command>systemd-resolved</command> will read <filename>/etc/hosts</filename>, and try to resolve + hosts or address by using the entries in the file before sending query to DNS servers. + </para></listitem> </varlistentry> + <varlistentry> + <term><varname>ResolveUnicastSingleLabel=</varname></term> + <listitem><para>Takes a boolean argument. When false (the default), + <command>systemd-resolved</command> will not resolve A and AAAA queries for single-label names over + classic DNS. Note that such names may still be resolved if search domains are specified (see + <varname>Domains=</varname> above), or using other mechanisms, in particular via LLMNR or from + <filename>/etc/hosts</filename>. When true, queries for single-label names will be forwarded to + global DNS servers even if no search domains are defined. + </para> + + <para>This option is provided for compatibility with configurations where <emphasis>public DNS + servers are not used</emphasis>. Forwarding single-label names to servers not under your control is + not standard-conformant, see <ulink + url="https://www.iab.org/documents/correspondence-reports-documents/2013-2/iab-statement-dotless-domains-considered-harmful/">IAB + Statement</ulink>, and may create a privacy and security risk.</para></listitem> + </varlistentry> </variablelist> </refsect1> |