resolved: allow configuration of routing domains in Domains=

2016-01-25 23:40:02 +01:00 · 2016-01-25 23:40:02 +01:00 · adc800a6e0
parent ad44b56b0f
commit adc800a6e0
2 changed files with 46 additions and 32 deletions
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@ -72,40 +72,40 @@

      <varlistentry>
        <term><varname>DNS=</varname></term>
-        <listitem><para>A space-separated list of IPv4 and IPv6
-        addresses to be used as system DNS servers. DNS requests are
-        sent to one of the listed DNS servers in parallel to any
-        per-interface DNS servers acquired from
-        <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
-        For compatibility reasons, if this setting is not specified,
-        the DNS servers listed in
-        <filename>/etc/resolv.conf</filename> are used instead, if
-        that file exists and any servers are configured in it. This
-        setting defaults to the empty list.</para></listitem>
+        <listitem><para>A space-separated list of IPv4 and IPv6 addresses to use as system DNS servers. DNS requests
+        are sent to one of the listed DNS servers in parallel to suitable per-link DNS servers acquired from
+        <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> or
+        set at runtime by external applications.  For compatibility reasons, if this setting is not specified, the DNS
+        servers listed in <filename>/etc/resolv.conf</filename> are used instead, if that file exists and any servers
+        are configured in it. This setting defaults to the empty list.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>FallbackDNS=</varname></term>
-        <listitem><para>A space-separated list of IPv4 and IPv6
-        addresses to be used as the fallback DNS servers. Any
-        per-interface DNS servers obtained from
+        <listitem><para>A space-separated list of IPv4 and IPv6 addresses to use as the fallback DNS servers. Any
+        per-link DNS servers obtained from
        <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-        take precedence over this setting, as do any servers set via
-        <varname>DNS=</varname> above or
-        <filename>/etc/resolv.conf</filename>. This setting is hence
-        only used if no other DNS server information is known. If this
-        option is not given, a compiled-in list of DNS servers is used
-        instead.</para></listitem>
+        take precedence over this setting, as do any servers set via <varname>DNS=</varname> above or
+        <filename>/etc/resolv.conf</filename>. This setting is hence only used if no other DNS server information is
+        known. If this option is not given, a compiled-in list of DNS servers is used instead.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><varname>Domains=</varname></term>
-        <listitem><para>A space-separated list of search domains.  For
-        compatibility reasons, if this setting is not specified, the
-        search domains listed in <filename>/etc/resolv.conf</filename>
-        are used instead, if that file exists and any domains are
-        configured in it. This setting defaults to the empty
-        list.</para></listitem>
+        <listitem><para>A space-separated list of domains. These domains are used as search suffixes when resolving
+        single-label host names (domain names which contain no dot), in order to qualify them into fully-qualified
+        domain names (FQDNs). Search domains are strictly processed in the order they are specified, until the name
+        with the suffix appended is found. For compatibility reasons, if this setting is not specified, the search
+        domains listed in <filename>/etc/resolv.conf</filename> are used instead, if that file exists and any domains
+        are configured in it. This setting defaults to the empty list.</para>
+
+        <para>Specified domain names may optionally be prefixed with <literal>~</literal>. In this case they do not
+        define a search path, but preferably direct DNS queries for the indicated domains to the DNS servers configured
+        with the system <varname>DNS=</varname> setting (see above), in case additional, suitable per-link DNS servers
+        are known. If no per-link DNS servers are known using the <literal>~</literal> syntax has no effect. Use the
+        construct <literal>~.</literal> (which is composed of <literal>~</literal> to indicate a routing domain and
+        <literal>.</literal> to indicate the DNS root domain that is the implied suffix of all DNS domains) to use the
+        system DNS server defined with <varname>DNS=</varname> preferably for all domains.</para></listitem>
      </varlistentry>

      <varlistentry>
@ -119,8 +119,8 @@
        <literal>resolve</literal>, only resolution support is enabled,
        but responding is disabled. Note that
        <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-        also maintains per-interface LLMNR settings. LLMNR will be
-        enabled on an interface only if the per-interface and the
+        also maintains per-link LLMNR settings. LLMNR will be
+        enabled on a link only if the per-link and the
        global setting is on.</para></listitem>
      </varlistentry>

@ -181,9 +181,9 @@

        <para>In addition to this global DNSSEC setting
        <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-        also maintains per-interface DNSSEC settings. For system DNS
+        also maintains per-link DNSSEC settings. For system DNS
        servers (see above), only the global DNSSEC setting is in
-        effect. For per-interface DNS servers the per-interface
+        effect. For per-link DNS servers the per-link
        setting is in effect, unless it is unset in which case the
        global setting is used instead.</para>

--- a/src/resolve/resolved-conf.c
+++ b/src/resolve/resolved-conf.c
@ -80,20 +80,34 @@ int manager_parse_dns_server_string_and_warn(Manager *m, DnsServerType type, con

 int manager_add_search_domain_by_string(Manager *m, const char *domain) {
        DnsSearchDomain *d;
+        bool route_only;
        int r;

        assert(m);
        assert(domain);

+        route_only = *domain == '~';
+        if (route_only)
+                domain++;
+
+        if (dns_name_is_root(domain) || streq(domain, "*")) {
+                route_only = true;
+                domain = ".";
+        }
+
        r = dns_search_domain_find(m->search_domains, domain, &d);
        if (r < 0)
                return r;
-        if (r > 0) {
+        if (r > 0)
                dns_search_domain_move_back_and_unmark(d);
-                return 0;
+        else {
+                r = dns_search_domain_new(m, &d, DNS_SEARCH_DOMAIN_SYSTEM, NULL, domain);
+                if (r < 0)
+                        return r;
        }

-        return dns_search_domain_new(m, NULL, DNS_SEARCH_DOMAIN_SYSTEM, NULL, domain);
+        d->route_only = route_only;
+        return 0;
 }

 int manager_parse_search_domains_and_warn(Manager *m, const char *string) {