resolved: make MulticastDNS support configurable in resolved.conf
The option is already there, but wasn't exported in the configuration file so far. Fix that.
This commit is contained in:
parent
aaa297d4e5
commit
b83d91c029
|
@ -124,23 +124,39 @@
|
||||||
global setting is on.</para></listitem>
|
global setting is on.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>MulticastDNS=</varname></term>
|
||||||
|
<listitem><para>Takes a boolean argument or
|
||||||
|
<literal>resolve</literal>. Controls Multicast DNS support
|
||||||
|
(<ulink url="https://tools.ietf.org/html/rfc6762">RFC
|
||||||
|
6762</ulink>) on the local host. If true, enables full
|
||||||
|
Multicast DNS responder and resolver support. If false,
|
||||||
|
disables both. If set to <literal>resolve</literal>, only
|
||||||
|
resolution support is enabled, but responding is
|
||||||
|
disabled. Note that
|
||||||
|
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||||
|
also maintains per-interface Multicast DNS settings. Multicast
|
||||||
|
DNS will be enabled on an interface only if the per-interface
|
||||||
|
and the global setting is on.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>DNSSEC=</varname></term>
|
<term><varname>DNSSEC=</varname></term>
|
||||||
<listitem><para>Takes a boolean argument or
|
<listitem><para>Takes a boolean argument or
|
||||||
<literal>downgrade-ok</literal>. If true all DNS lookups are
|
<literal>downgrade-ok</literal>. If true all DNS lookups are
|
||||||
DNSSEC-validated locally. If a response for a lookup request
|
DNSSEC-validated locally (excluding LLMNR and Multicast
|
||||||
is detected invalid this is returned as lookup failure to
|
DNS). If a response for a lookup request is detected invalid
|
||||||
applications. Note that this mode requires a DNS server that
|
this is returned as lookup failure to applications. Note that
|
||||||
supports DNSSEC. If the DNS server does not properly support
|
this mode requires a DNS server that supports DNSSEC. If the
|
||||||
DNSSEC all validations will fail. If set to
|
DNS server does not properly support DNSSEC all validations
|
||||||
<literal>downgrade-ok</literal> DNSSEC validation is
|
will fail. If set to <literal>downgrade-ok</literal> DNSSEC
|
||||||
attempted, but if the server does not support DNSSEC properly,
|
validation is attempted, but if the server does not support
|
||||||
DNSSEC mode is automatically disabled. Note that this mode
|
DNSSEC properly, DNSSEC mode is automatically disabled. Note
|
||||||
makes DNSSEC validation vulnerable to "downgrade" attacks,
|
that this mode makes DNSSEC validation vulnerable to
|
||||||
where an attacker might be able to trigger a downgrade to
|
"downgrade" attacks, where an attacker might be able to
|
||||||
non-DNSSEC mode by synthesizing a DNS response that suggests
|
trigger a downgrade to non-DNSSEC mode by synthesizing a DNS
|
||||||
DNSSEC was not supported. If set to false, DNS lookups are not
|
response that suggests DNSSEC was not supported. If set to
|
||||||
DNSSEC validated.</para>
|
false, DNS lookups are not DNSSEC validated.</para>
|
||||||
|
|
||||||
<para>Note that DNSSEC validation requires retrieval of
|
<para>Note that DNSSEC validation requires retrieval of
|
||||||
additional DNS data, and thus results in a small DNS look-up
|
additional DNS data, and thus results in a small DNS look-up
|
||||||
|
|
|
@ -18,4 +18,5 @@ Resolve.DNS, config_parse_dns_servers, DNS_SERVER_SYSTEM, 0
|
||||||
Resolve.FallbackDNS, config_parse_dns_servers, DNS_SERVER_FALLBACK, 0
|
Resolve.FallbackDNS, config_parse_dns_servers, DNS_SERVER_FALLBACK, 0
|
||||||
Resolve.Domains, config_parse_search_domains, 0, 0
|
Resolve.Domains, config_parse_search_domains, 0, 0
|
||||||
Resolve.LLMNR, config_parse_resolve_support,0, offsetof(Manager, llmnr_support)
|
Resolve.LLMNR, config_parse_resolve_support,0, offsetof(Manager, llmnr_support)
|
||||||
|
Resolve.MulticastDNS, config_parse_resolve_support,0, offsetof(Manager, mdns_support)
|
||||||
Resolve.DNSSEC, config_parse_dnssec, 0, 0
|
Resolve.DNSSEC, config_parse_dnssec, 0, 0
|
||||||
|
|
|
@ -16,4 +16,5 @@
|
||||||
#FallbackDNS=@DNS_SERVERS@
|
#FallbackDNS=@DNS_SERVERS@
|
||||||
#Domains=
|
#Domains=
|
||||||
#LLMNR=yes
|
#LLMNR=yes
|
||||||
|
#MulticastDNS=no
|
||||||
#DNSSEC=no
|
#DNSSEC=no
|
||||||
|
|
Loading…
Reference in a new issue