diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml
index dbd07e8151..8bbabff7b8 100644
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -227,10 +227,10 @@
Cache=
- Takes a boolean argument. If "yes" (the default), resolving a domain name which already got
- queried earlier will return the previous result as long as it is still valid, and thus does not result in a new
- network request. Be aware that turning off caching comes at a performance penalty, which is particularly
- high when DNSSEC is used.
+ Takes a boolean argument. If yes (the default), resolving a domain name
+ which already got queried earlier will return the previous result as long as it is still valid, and thus does
+ not result in a new network request. Be aware that turning off caching comes at a performance penalty, which
+ is particularly high when DNSSEC is used.
Note that caching is turned off implicitly if the configured DNS server is on a host-local IP address
(such as 127.0.0.1 or ::1), in order to avoid duplicate local caching.
@@ -248,6 +248,13 @@
in use.
+
+ ReadEtcHosts=
+ Takes a boolean argument. If yes (the default), the DNS stub resolver will read
+ /etc/hosts, and try to resolve hosts or address by using the entries in the file before
+ sending query to DNS servers.
+
+
diff --git a/src/resolve/resolved-etc-hosts.c b/src/resolve/resolved-etc-hosts.c
index 10e2b7f737..5d394a8639 100644
--- a/src/resolve/resolved-etc-hosts.c
+++ b/src/resolve/resolved-etc-hosts.c
@@ -236,7 +236,7 @@ static int parse_line(Manager *m, unsigned nr, const char *line) {
return r;
}
-int manager_etc_hosts_read(Manager *m) {
+static int manager_etc_hosts_read(Manager *m) {
_cleanup_fclose_ FILE *f = NULL;
char line[LINE_MAX];
struct stat st;
@@ -324,6 +324,9 @@ int manager_etc_hosts_lookup(Manager *m, DnsQuestion* q, DnsAnswer **answer) {
assert(q);
assert(answer);
+ if (!m->read_etc_hosts)
+ return 0;
+
r = manager_etc_hosts_read(m);
if (r < 0)
return r;
diff --git a/src/resolve/resolved-etc-hosts.h b/src/resolve/resolved-etc-hosts.h
index b8e04c393b..0498ee3821 100644
--- a/src/resolve/resolved-etc-hosts.h
+++ b/src/resolve/resolved-etc-hosts.h
@@ -6,5 +6,4 @@
#include "resolved-dns-answer.h"
void manager_etc_hosts_flush(Manager *m);
-int manager_etc_hosts_read(Manager *m);
int manager_etc_hosts_lookup(Manager *m, DnsQuestion* q, DnsAnswer **answer);
diff --git a/src/resolve/resolved-gperf.gperf b/src/resolve/resolved-gperf.gperf
index 648ca4d8a2..9b9290b727 100644
--- a/src/resolve/resolved-gperf.gperf
+++ b/src/resolve/resolved-gperf.gperf
@@ -26,3 +26,4 @@ Resolve.DNSSEC, config_parse_dnssec_mode, 0,
Resolve.DNSOverTLS, config_parse_dns_over_tls_mode, 0, offsetof(Manager, dns_over_tls_mode)
Resolve.Cache, config_parse_bool, 0, offsetof(Manager, enable_cache)
Resolve.DNSStubListener, config_parse_dns_stub_listener_mode, 0, offsetof(Manager, dns_stub_listener_mode)
+Resolve.ReadEtcHosts, config_parse_bool, 0, offsetof(Manager, read_etc_hosts)
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index 44a53952d2..03ca5188cb 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -581,6 +581,7 @@ int manager_new(Manager **ret) {
m->read_resolv_conf = true;
m->need_builtin_fallbacks = true;
m->etc_hosts_last = m->etc_hosts_mtime = USEC_INFINITY;
+ m->read_etc_hosts = true;
r = dns_trust_anchor_load(&m->trust_anchor);
if (r < 0)
diff --git a/src/resolve/resolved-manager.h b/src/resolve/resolved-manager.h
index be7ad2d10d..5251ca795d 100644
--- a/src/resolve/resolved-manager.h
+++ b/src/resolve/resolved-manager.h
@@ -117,6 +117,7 @@ struct Manager {
Set* etc_hosts_by_address;
Hashmap* etc_hosts_by_name;
usec_t etc_hosts_last, etc_hosts_mtime;
+ bool read_etc_hosts;
/* Local DNS stub on 127.0.0.53:53 */
int dns_stub_udp_fd;
diff --git a/src/resolve/resolved.conf.in b/src/resolve/resolved.conf.in
index 2528340f74..e559291f66 100644
--- a/src/resolve/resolved.conf.in
+++ b/src/resolve/resolved.conf.in
@@ -21,3 +21,4 @@
#DNSOverTLS=@DEFAULT_DNS_OVER_TLS_MODE@
#Cache=yes
#DNSStubListener=udp
+#ReadEtcHosts=yes