From b69f810c8a2ece4e44c1b1898e237bb671b36a21 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 19 Apr 2018 03:25:25 +0900 Subject: man: create man page for resolvectl --- man/resolvectl.xml | 449 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 449 insertions(+) create mode 100644 man/resolvectl.xml (limited to 'man/resolvectl.xml') diff --git a/man/resolvectl.xml b/man/resolvectl.xml new file mode 100644 index 0000000000..96b3e8dad3 --- /dev/null +++ b/man/resolvectl.xml @@ -0,0 +1,449 @@ + + + + + + + + + resolvectl + systemd + + + + Developer + Lennart + Poettering + lennart@poettering.net + + + + + + resolvectl + 1 + + + + resolvectl + resolvconf + Resolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services; introspect and reconfigure the DNS resolver + + + + + resolvectl + OPTIONS + COMMAND + NAME + + + + + Description + + resolvectl may be used to resolve domain names, IPv4 and IPv6 addresses, DNS resource + records and services with the + systemd-resolved.service8 + resolver service. By default, the specified list of parameters will be resolved as hostnames, retrieving their IPv4 + and IPv6 addresses. If the parameters specified are formatted as IPv4 or IPv6 operation the reverse operation is + done, and a hostname is retrieved for the specified addresses. + + The program's output contains information about the protocol used for the look-up and on which network + interface the data was discovered. It also contains information on whether the information could be + authenticated. All data for which local DNSSEC validation succeeds is considered authenticated. Moreover all data + originating from local, trusted sources is also reported authenticated, including resolution of the local host + name, the localhost host name or all data from /etc/hosts. + + + + Options + + + + + + By default, when resolving a hostname, both IPv4 and IPv6 + addresses are acquired. By specifying only IPv4 addresses are requested, by specifying + only IPv6 addresses are requested. + + + + + INTERFACE + INTERFACE + + Specifies the network interface to execute the query on. This may either be specified as numeric + interface index or as network interface string (e.g. en0). Note that this option has no + effect if system-wide DNS configuration (as configured in /etc/resolv.conf or + /etc/systemd/resolve.conf) in place of per-link configuration is used. + + + + PROTOCOL + PROTOCOL + + Specifies the network protocol for the query. May be one of dns + (i.e. classic unicast DNS), llmnr (Link-Local Multicast Name Resolution), + llmnr-ipv4, llmnr-ipv6 (LLMNR via the indicated underlying IP + protocols), mdns (Multicast DNS), + mdns-ipv4, mdns-ipv6 (MDNS via the indicated underlying IP protocols). + By default the lookup is done via all protocols suitable for the lookup. If used, limits the set of + protocols that may be used. Use this option multiple times to enable resolving via multiple protocols at the + same time. The setting llmnr is identical to specifying this switch once with + llmnr-ipv4 and once via llmnr-ipv6. Note that this option does not force + the service to resolve the operation with the specified protocol, as that might require a suitable network + interface and configuration. + The special value help may be used to list known values. + + + + + TYPE + TYPE + CLASS + CLASS + + Specifies the DNS resource record type (e.g. A, AAAA, MX, …) and class (e.g. IN, ANY, …) to + look up. If these options are used a DNS resource record set matching the specified class and type is + requested. The class defaults to IN if only a type is specified. + The special value help may be used to list known values. + + + + + BOOL + + Takes a boolean parameter. If true (the default), when doing a service lookup with + the hostnames contained in the SRV resource records are resolved as well. + + + + BOOL + + Takes a boolean parameter. If true (the default), when doing a DNS-SD service lookup with + the TXT service metadata record is resolved as well. + + + + BOOL + + Takes a boolean parameter. If true (the default), DNS CNAME or DNAME redirections are + followed. Otherwise, if a CNAME or DNAME record is encountered while resolving, an error is + returned. + + + + BOOL + + Takes a boolean parameter. If true (the default), any specified single-label hostnames will be + searched in the domains configured in the search domain list, if it is non-empty. Otherwise, the search domain + logic is disabled. + + + + =payload|packet + + Dump the answer as binary data. If there is no argument or if the argument is + payload, the payload of the packet is exported. If the argument is + packet, the whole packet is dumped in wire format, prefixed by + length specified as a little-endian 64-bit number. This format allows multiple packets + to be dumped and unambiguously parsed. + + + + BOOL + + Takes a boolean parameter. If true (the default), column headers and meta information about the + query response are shown. Otherwise, this output is suppressed. + + + + + + + + + + Commands + + + + + + Resolve domain names, IPv4 and IPv6 addresses. + + + + + + Resolve DNS-SD and + SRV services, depending on the specified list of parameters. + If three parameters are passed the first is assumed to be the DNS-SD service name, the second the SRV service type, + and the third the domain to search in. In this case a full DNS-SD style SRV and TXT lookup is executed. If only two + parameters are specified, the first is assumed to be the SRV service type, and the second the domain to look in. In + this case no TXT RR is requested. Finally, if only one parameter is specified, it is assumed to be a domain name, + that is already prefixed with an SRV type, and an SRV lookup is done (no TXT). + + + + + + Query PGP keys stored as OPENPGPKEY + resource records. Specified e-mail addresses are converted to the corresponding DNS domain name, and any + OPENPGPKEY keys are printed. + + + + + + Query TLS public keys stored as TLSA + resource records. A query will be performed for each of the specified names prefixed with the port and family + (_port._family.domain). + The port number may be specified after a colon (:), otherwise 443 will be used + by default. The family may be specified as the first argument, otherwise tcp will be used. + + + + + + Shows the global and per-link DNS settings in currently in effect. If no command is specified, + this is the implied default. + + + + + + Shows general resolver statistics, including information whether DNSSEC is + enabled and available, as well as resolution and validation statistics. + + + + + + Resets the statistics counters shown in to zero. + This operation requires root privileges. + + + + + + Flushes all DNS resource record caches the service maintains locally. This is mostly equivalent + to sending the SIGUSR2 to the systemd-resolved + service. + + + + + + Flushes all feature level information the resolver learnt about specific servers, and ensures + that the server feature probing logic is started from the beginning with the next look-up request. This is + mostly equivalent to sending the SIGRTMIN+1 to the systemd-resolved + service. + + + + + + + + + + + Get/set per-interface DNS configuration. These commands may be used to configure various DNS + settings for network interfaces that aren't managed by + systemd-networkd.service8. (These + commands will fail when used on interfaces that are managed by systemd-networkd, please + configure their DNS settings directly inside the .network files instead.) These commands + may be used to inform systemd-resolved about per-interface DNS configuration determined + through external means. The command expects IPv4 or IPv6 address specifications of DNS + servers to use. The command expects valid DNS domains, possibly prefixed with + ~, and configures a per-interface search or route-only domain. The , + and commands may be used to configure the per-interface LLMNR, + MulticastDNS and DNSSEC settings. Finally, command may be used to configure additional + per-interface DNSSEC NTA domains. For details about these settings, their possible values and their effect, + see the corresponding options in + systemd.network5. + + + + + + + Revert the per-interface DNS configuration. If the DNS configuration is reverted all + per-interface DNS setting are reset to their defaults, undoing all effects of , + , , , , + . Note that when a network interface disappears all configuration is lost automatically, + an explicit reverting is not necessary in that case. + + + + + + + Compatibility with <citerefentry><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry> + + resolvectl is a multi-call binary. When invoked as resolvconf + (generally achieved by means of a symbolic link of this name to the resolvectl binary) it + is run in a limited resolvconf8 + compatibility mode. It accepts mostly the same arguments and pushes all data into + systemd-resolved.service8, + similar to how and commands operate. Note that + systemd-resolved.service is the only supported backend, which is different from other + implementations of this command. Note that not all operations supported by other implementations are supported + natively. Specifically: + + + + + Registers per-interface DNS configuration data with + systemd-resolved. Expects a network interface name as only command line argument. Reads + resolv.conf5 compatible DNS + configuration data from its standard input. Relevant fields are nameserver and + domain/search. This command is mostly identical to invoking + resolvectl with a combination of and + commands. + + + + + Unregisters per-interface DNS configuration data with systemd-resolved. This + command is mostly identical to invoking resolvectl revert. + + + + + + When specified and will not complain about missing + network interfaces and will silently execute no operation in that case. + + + + + + This switch for "exclusive" operation is supported only partially. It is mapped to an + additional configured search domain of ~. — i.e. ensures that DNS traffic is preferably + routed to the DNS servers on this interface, unless there are other, more specific domains configured on other + interfaces. + + + + + + + These switches are not supported and are silently ignored. + + + + + + + + + + + + + + + + These switches are not supported and the command will fail if used. + + + + + See resolvconf8 for details on this command line options. + + + + Examples + + + Retrieve the addresses of the <literal>www.0pointer.net</literal> domain + + $ resolvectl www.0pointer.net +www.0pointer.net: 2a01:238:43ed:c300:10c3:bcf3:3266:da74 + 85.214.157.71 + +-- Information acquired via protocol DNS in 611.6ms. +-- Data is authenticated: no + + + + + Retrieve the domain of the <literal>85.214.157.71</literal> IP address + + $ resolvectl 85.214.157.71 +85.214.157.71: gardel.0pointer.net + +-- Information acquired via protocol DNS in 1.2997s. +-- Data is authenticated: no + + + + + Retrieve the MX record of the <literal>yahoo.com</literal> domain + + $ resolvectl -t MX yahoo.com --legend=no +yahoo.com. IN MX 1 mta7.am0.yahoodns.net +yahoo.com. IN MX 1 mta6.am0.yahoodns.net +yahoo.com. IN MX 1 mta5.am0.yahoodns.net + + + + + Resolve an SRV service + + $ resolvectl service _xmpp-server._tcp gmail.com +_xmpp-server._tcp/gmail.com: alt1.xmpp-server.l.google.com:5269 [priority=20, weight=0] + 173.194.210.125 + alt4.xmpp-server.l.google.com:5269 [priority=20, weight=0] + 173.194.65.125 + … + + + + + Retrieve a PGP key + + $ resolvectl openpgp zbyszek@fedoraproject.org +d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproject.org. IN OPENPGPKEY + mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5soJjlMyf + MFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2Cjk3xUwAynCsSs + … + + + + + Retrieve a TLS key (<literal>tcp</literal> and + <literal>:443</literal> could be skipped) + + $ resolvectl tlsa tcp fedoraproject.org:443 +_443._tcp.fedoraproject.org IN TLSA 0 0 1 19400be5b7a31fb733917700789d2f0a2471c0c9d506c0e504c06c16d7cb17c0 + -- Cert. usage: CA constraint + -- Selector: Full Certificate + -- Matching type: SHA-256 + + + + + + See Also + + systemd1, + systemd-resolved.service8, + systemd.dnssd5, + systemd-networkd.service8, + resolvconf8 + + + -- cgit v1.2.1