2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
12b42c76672a66c2d4ea7212c14f8f1b5a62b78dTom Gundersen "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen This file is part of systemd.
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen Copyright 2014 Tom Gundersen
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen systemd is free software; you can redistribute it and/or modify it
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen under the terms of the GNU Lesser General Public License as published by
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen the Free Software Foundation; either version 2.1 of the License, or
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen (at your option) any later version.
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen systemd is distributed in the hope that it will be useful, but
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen WITHOUT ANY WARRANTY; without even the implied warranty of
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen Lesser General Public License for more details.
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen You should have received a copy of the GNU Lesser General Public License
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen along with systemd; If not, see <http://www.gnu.org/licenses/>.
091a364c802e34a58f3260c9cb5db9b75c62215cTom Gundersen<refentry id="systemd-resolved.service" conditional='ENABLE_RESOLVED'>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <title>systemd-resolved.service</title>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <productname>systemd</productname>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refentrytitle>systemd-resolved.service</refentrytitle>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refname>systemd-resolved.service</refname>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refname>systemd-resolved</refname>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refpurpose>Network Name Resolution manager</refpurpose>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <refsynopsisdiv>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para><filename>systemd-resolved.service</filename></para>
12b42c76672a66c2d4ea7212c14f8f1b5a62b78dTom Gundersen <para><filename>/usr/lib/systemd/systemd-resolved</filename></para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek </refsynopsisdiv>
624993ac85a58c27f8ae0adeaca7081bdb65cd3fLennart Poettering <para><command>systemd-resolved</command> is a system service that provides network name resolution to local
624993ac85a58c27f8ae0adeaca7081bdb65cd3fLennart Poettering applications. It implements a caching and validating DNS/DNSSEC stub resolver, as well as an LLMNR resolver and
624993ac85a58c27f8ae0adeaca7081bdb65cd3fLennart Poettering responder. In addition it maintains the <filename>/run/systemd/resolve/resolv.conf</filename> file for
624993ac85a58c27f8ae0adeaca7081bdb65cd3fLennart Poettering compatibility with traditional Linux programs. This file may be symlinked from
624993ac85a58c27f8ae0adeaca7081bdb65cd3fLennart Poettering <filename>/etc/resolv.conf</filename>.</para>
624993ac85a58c27f8ae0adeaca7081bdb65cd3fLennart Poettering <para>The glibc NSS module
624993ac85a58c27f8ae0adeaca7081bdb65cd3fLennart Poettering <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry> is required to
624993ac85a58c27f8ae0adeaca7081bdb65cd3fLennart Poettering permit glibc's NSS resolver functions to resolve host names via <command>systemd-resolved</command>.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <para>The DNS servers contacted are determined from the global
437293cf805b0042fdcc0df165e9e5b3773fa1d7Lennart Poettering settings in <filename>/etc/systemd/resolved.conf</filename>, the
437293cf805b0042fdcc0df165e9e5b3773fa1d7Lennart Poettering per-link static settings in <filename>/etc/systemd/network/*.network</filename> files,
437293cf805b0042fdcc0df165e9e5b3773fa1d7Lennart Poettering and the per-link dynamic settings received over DHCP. See
437293cf805b0042fdcc0df165e9e5b3773fa1d7Lennart Poettering <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt for details. To improve compatibility,
437293cf805b0042fdcc0df165e9e5b3773fa1d7Lennart Poettering <filename>/etc/resolv.conf</filename> is read in order to discover
a8eaaee72a2f06e0fb64fb71de3b71ecba31dafbJan Engelhardt configured system DNS servers, but only if it is not a symlink
437293cf805b0042fdcc0df165e9e5b3773fa1d7Lennart Poettering to <filename>/run/systemd/resolve/resolv.conf</filename> (see above).</para>
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <para><command>systemd-resolved</command> synthesizes DNS RRs for the following cases:</para>
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <itemizedlist>
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <listitem><para>The local, configured hostname is resolved to
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering all locally configured IP addresses ordered by their scope, or
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering — if none are configured — the IPv4 address 127.0.0.2 (which
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering is on the local loopback) and the IPv6 address ::1 (which is the
358a9d51147f721c3e1701ea7df3522ca049254cLennart Poettering <listitem><para>The hostname <literal>localhost</literal> (as well as any hostname ending in
358a9d51147f721c3e1701ea7df3522ca049254cLennart Poettering <literal>.localhost</literal>, <literal>.localdomain</literal> or equal to <literal>localdomain</literal>) is
358a9d51147f721c3e1701ea7df3522ca049254cLennart Poettering resolved to the IP addresses 127.0.0.1 and ::1.</para></listitem>
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <listitem><para>The hostname <literal>gateway</literal> is
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering resolved to all current default routing gateway addresses,
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering ordered by their metric. This assigns a stable hostname to the
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering current gateway, useful for referencing it independently of the
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering current network configuration state.</para></listitem>
394bac4fef966778637b4ba1b29f9281ebf4f4d7Lennart Poettering <listitem><para>The mappings defined in <filename>/etc/hosts</filename> are resolved to their configured
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering </itemizedlist>
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <para>Lookup requests are routed to the available DNS servers
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering and LLMNR interfaces according to the following rules:</para>
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <itemizedlist>
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <listitem><para>Lookups for the special hostname
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <literal>localhost</literal> are never routed to the
624993ac85a58c27f8ae0adeaca7081bdb65cd3fLennart Poettering network. (A few other, special domains are handled the same way.)</para></listitem>
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <listitem><para>Single-label names are routed to all local
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering interfaces capable of IP multicasting, using the LLMNR
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering protocol. Lookups for IPv4 addresses are only sent via LLMNR on
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering IPv4, and lookups for IPv6 addresses are only sent via LLMNR on
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering IPv6. Lookups for the locally configured host name and the
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <literal>gateway</literal> host name are never routed to
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <listitem><para>Multi-label names are routed to all local
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering interfaces that have a DNS sever configured, plus the globally
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering configured DNS server if there is one. Address lookups from the
7f3fdb7f19a109fa3d1be92926bfe4cea1817da5Jakub Wilk link-local address range are never routed to
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering </itemizedlist>
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <para>If lookups are routed to multiple interfaces, the first
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering successful response is returned (thus effectively merging the
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering lookup zones on all matching interfaces). If the lookup failed on
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt all interfaces, the last failing response is returned.</para>
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <para>Routing of lookups may be influenced by configuring
b938cb902c3b5bca807a94b277672c64d6767886Jan Engelhardt per-interface domain names. See
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering for details. Lookups for a hostname ending in one of the
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering per-interface domains are exclusively routed to the matching
2dc6b11d29ae09f59de314bad24ad196b0d14277Lennart Poettering interfaces.</para>
624993ac85a58c27f8ae0adeaca7081bdb65cd3fLennart Poettering <para>Note that <filename>/run/systemd/resolve/resolv.conf</filename> should not be used directly by applications,
624993ac85a58c27f8ae0adeaca7081bdb65cd3fLennart Poettering but only through a symlink from <filename>/etc/resolv.conf</filename>.</para>
a0956ed01f8794b677efe17a87aed3cad8c265d5Lennart Poettering <para>See the <ulink url="http://www.freedesktop.org/wiki/Software/systemd/resolved"> resolved D-Bus API
a0956ed01f8794b677efe17a87aed3cad8c265d5Lennart Poettering Documentation</ulink> for information about the APIs <filename>systemd-resolved</filename> provides.</para>
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
b5a8703fdb8e16f760bfb730df64f07173bb881dLennart Poettering <citerefentry><refentrytitle>dnssec-trust-anchors.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
437293cf805b0042fdcc0df165e9e5b3773fa1d7Lennart Poettering <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
624993ac85a58c27f8ae0adeaca7081bdb65cd3fLennart Poettering <citerefentry><refentrytitle>systemd-resolve</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
1c18f60af19e9c64c9108cd2260b3cbd6a22c054Zbigniew Jędrzejewski-Szmek <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
394bac4fef966778637b4ba1b29f9281ebf4f4d7Lennart Poettering <citerefentry project='man-pages'><refentrytitle>hosts</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
798d3a524ea57aaf40cb53858aaa45ec702f012dZbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>