picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

resolve: rename PrivateDNS to DNSOverTLS 

PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS
This commit is contained in:
Iwan Timmer 2018-06-13 20:26:24 +02:00 committed by Lennart Poettering
parent d122ed1ba8
commit c9299be2f5
31 changed files with 137 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -52,8 +52,8 @@ CHANGES WITH 239 in spe:
screen resolution for HiDPI systems, and now provides loader screen resolution for HiDPI systems, and now provides loader
configuration settings to change the resolution explicitly. configuration settings to change the resolution explicitly.
* systemd-resolved now supports DNS-over-TLS ("PrivateDNS"). It's still * systemd-resolved now supports DNS-over-TLS. It's still
turned off by default, use PrivateDNS=opportunistic to turn it on in turned off by default, use DNSOverTLS=opportunistic to turn it on in
resolved.conf. We intend to make this the default as soon as couple resolved.conf. We intend to make this the default as soon as couple
of additional techniques for optimizing the initial latency caused by of additional techniques for optimizing the initial latency caused by
establishing a TLS/TCP connection are implemented. establishing a TLS/TCP connection are implemented.

8
man/resolvectl.xml
View File

@ -257,7 +257,7 @@
<term><option>llmnr [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term> <term><option>llmnr [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
<term><option>mdns [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term> <term><option>mdns [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
<term><option>dnssec [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term> <term><option>dnssec [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
<term><option>privatedns [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term> <term><option>dnsovertls [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</option></term>
<term><option>nta [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</option></term> <term><option>nta [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</option></term>
<listitem><para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS <listitem><para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS
@ -269,8 +269,8 @@
through external means. The <option>dns</option> command expects IPv4 or IPv6 address specifications of DNS through external means. The <option>dns</option> command expects IPv4 or IPv6 address specifications of DNS
servers to use. The <option>domain</option> command expects valid DNS domains, possibly prefixed with servers to use. The <option>domain</option> command expects valid DNS domains, possibly prefixed with
<literal>~</literal>, and configures a per-interface search or route-only domain. The <option>llmnr</option>, <literal>~</literal>, and configures a per-interface search or route-only domain. The <option>llmnr</option>,
<option>mdns</option>, <option>dnssec</option> and <option>privatedns</option> commands may be used to configure <option>mdns</option>, <option>dnssec</option> and <option>dnsovertls</option> commands may be used to configure
the per-interface LLMNR, MulticastDNS, DNSSEC and PrivateDNS settings. Finally, <option>nta</option> command the per-interface LLMNR, MulticastDNS, DNSSEC and DNSOverTLS settings. Finally, <option>nta</option> command
may be used to configure additional per-interface DNSSEC NTA domains. For details about these settings, their may be used to configure additional per-interface DNSSEC NTA domains. For details about these settings, their
possible values and their effect, see the corresponding options in possible values and their effect, see the corresponding options in
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
@ -283,7 +283,7 @@
<listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all <listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all
per-interface DNS setting are reset to their defaults, undoing all effects of <option>dns</option>, per-interface DNS setting are reset to their defaults, undoing all effects of <option>dns</option>,
<option>domain</option>, <option>llmnr</option>, <option>mdns</option>, <option>dnssec</option>, <option>domain</option>, <option>llmnr</option>, <option>mdns</option>, <option>dnssec</option>,
<option>privatedns</option>, <option>nta</option>. Note that when a network interface disappears all <option>dnsovertls</option>, <option>nta</option>. Note that when a network interface disappears all
configuration is lost automatically, an explicit reverting is not necessary in that case.</para></listitem> configuration is lost automatically, an explicit reverting is not necessary in that case.</para></listitem>
</varlistentry> </varlistentry>

8
man/resolved.conf.xml
View File

@ -207,7 +207,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PrivateDNS=</varname></term> <term><varname>DNSOverTLS=</varname></term>
<listitem> <listitem>
<para>Takes false or <para>Takes false or
<literal>opportunistic</literal>. When set to <literal>opportunistic</literal> <literal>opportunistic</literal>. When set to <literal>opportunistic</literal>
@ -226,10 +226,10 @@
<para>Note as the resolver is not capable of authenticating <para>Note as the resolver is not capable of authenticating
the server, it is vulnerable for "man-in-the-middle" attacks.</para> the server, it is vulnerable for "man-in-the-middle" attacks.</para>
<para>In addition to this global PrivateDNS setting <para>In addition to this global DNSOverTLS setting
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
also maintains per-link PrivateDNS settings. For system DNS also maintains per-link DNSOverTLS settings. For system DNS
servers (see above), only the global PrivateDNS setting is in servers (see above), only the global DNSOverTLS setting is in
effect. For per-link DNS servers the per-link effect. For per-link DNS servers the per-link
setting is in effect, unless it is unset in which case the setting is in effect, unless it is unset in which case the
global setting is used instead.</para> global setting is used instead.</para>

4
man/systemd.network.xml
View File

@ -385,7 +385,7 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><varname>PrivateDNS=</varname></term> <term><varname>DNSOverTLS=</varname></term>
<listitem> <listitem>
<para>Takes false or <para>Takes false or
<literal>opportunistic</literal>. When set to <literal>opportunistic</literal>, enables <literal>opportunistic</literal>. When set to <literal>opportunistic</literal>, enables
@ -394,7 +394,7 @@
support on the link. This option defines a support on the link. This option defines a
per-interface setting for per-interface setting for
<citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>'s <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>'s
global <varname>PrivateDNS=</varname> option. Defaults to global <varname>DNSOverTLS=</varname> option. Defaults to
false. This setting is read by false. This setting is read by
<citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
</listitem> </listitem>

18
meson.build
View File

@ -1137,17 +1137,17 @@ conf.set('DEFAULT_DNSSEC_MODE',
'DNSSEC_' + default_dnssec.underscorify().to_upper()) 'DNSSEC_' + default_dnssec.underscorify().to_upper())
substs.set('DEFAULT_DNSSEC_MODE', default_dnssec) substs.set('DEFAULT_DNSSEC_MODE', default_dnssec)
default_private_dns = get_option('default-private-dns') default_dns_over_tls = get_option('default-dns-over-tls')
if fuzzer_build if fuzzer_build
default_private_dns = 'no' default_dns_over_tls = 'no'
endif endif
if default_private_dns != 'no' and conf.get('HAVE_GNUTLS') == 0 if default_dns_over_tls != 'no' and conf.get('HAVE_GNUTLS') == 0
message('default-private-dns cannot be set to strict or opportunistic when gnutls is disabled. Setting default-private-dns to no.') message('default-dns-over-tls cannot be set to strict or opportunistic when gnutls is disabled. Setting default-dns-over-tls to no.')
default_private_dns = 'no' default_dns_over_tls = 'no'
endif endif
conf.set('DEFAULT_PRIVATE_DNS_MODE', conf.set('DEFAULT_DNS_OVER_TLS_MODE',
'PRIVATE_DNS_' + default_private_dns.underscorify().to_upper()) 'DNS_OVER_TLS_' + default_dns_over_tls.underscorify().to_upper())
substs.set('DEFAULT_PRIVATE_DNS_MODE', default_private_dns) substs.set('DEFAULT_DNS_OVER_TLS_MODE', default_dns_over_tls)
want_importd = get_option('importd') want_importd = get_option('importd')
if want_importd != 'false' if want_importd != 'false'
@ -2870,7 +2870,7 @@ status = [
'symbolic gateway hostnames: @0@'.format(', '.join(gateway_hostnames)), 'symbolic gateway hostnames: @0@'.format(', '.join(gateway_hostnames)),
'default DNSSEC mode: @0@'.format(default_dnssec), 'default DNSSEC mode: @0@'.format(default_dnssec),
'default private DNS mode: @0@'.format(default_private_dns), 'default DNS-over-TLS mode: @0@'.format(default_dns_over_tls),
'default cgroup hierarchy: @0@'.format(default_hierarchy), 'default cgroup hierarchy: @0@'.format(default_hierarchy),
'default KillUserProcesses setting: @0@'.format(kill_user_processes)] 'default KillUserProcesses setting: @0@'.format(kill_user_processes)]

4
meson_options.txt
View File

@ -193,8 +193,8 @@ option('default-dnssec', type : 'combo',
description : 'default DNSSEC mode', description : 'default DNSSEC mode',
choices : ['yes', 'allow-downgrade', 'no'], choices : ['yes', 'allow-downgrade', 'no'],
value : 'allow-downgrade') value : 'allow-downgrade')
option('default-private-dns', type : 'combo', option('default-dns-over-tls', type : 'combo',
description : 'default private DNS mode', description : 'default DNS-over-TLS mode',
choices : ['opportunistic', 'no'], choices : ['opportunistic', 'no'],
value : 'no') value : 'no')
option('dns-servers', type : 'string', option('dns-servers', type : 'string',

12
shell-completion/bash/resolvectl
View File

@ -48,14 +48,14 @@ _resolvectl() {
[LINK]='revert dns domain nta' [LINK]='revert dns domain nta'
[RESOLVE]='llmnr mdns' [RESOLVE]='llmnr mdns'
[DNSSEC]='dnssec' [DNSSEC]='dnssec'
[PRIVATEDNS]='privatedns' [DNSOVERTLS]='dnsovertls'
[STANDALONE]='statistics reset-statistics flush-caches reset-server-features' [STANDALONE]='statistics reset-statistics flush-caches reset-server-features'
) )
local -A ARGS=( local -A ARGS=(
[FAMILY]='tcp udp sctp' [FAMILY]='tcp udp sctp'
[RESOLVE]='yes no resolve' [RESOLVE]='yes no resolve'
[DNSSEC]='yes no allow-downgrade' [DNSSEC]='yes no allow-downgrade'
[PRIVATEDNS]='no opportunistic' [DNSOVERTLS]='no opportunistic'
) )
local interfaces=$( __get_interfaces ) local interfaces=$( __get_interfaces )
@ -111,7 +111,7 @@ _resolvectl() {
comps="" comps=""
fi fi
elif __contains_word "$verb" ${VERBS[LINK]} ${VERBS[RESOLVE]} ${VERBS[DNSSEC]} ${VERBS[PRIVATEDNS]}; then elif __contains_word "$verb" ${VERBS[LINK]} ${VERBS[RESOLVE]} ${VERBS[DNSSEC]} ${VERBS[DNSOVERTLS]}; then
for ((i++; i < COMP_CWORD; i++)); do for ((i++; i < COMP_CWORD; i++)); do
if __contains_word "${COMP_WORDS[i]}" $interfaces && if __contains_word "${COMP_WORDS[i]}" $interfaces &&
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
@ -155,10 +155,10 @@ _resolvectl() {
comps='' comps=''
fi fi
elif __contains_word "$verb" ${VERBS[PRIVATEDNS]}; then elif __contains_word "$verb" ${VERBS[DNSOVERTLS]}; then
name= name=
for ((i++; i < COMP_CWORD; i++)); do for ((i++; i < COMP_CWORD; i++)); do
if __contains_word "${COMP_WORDS[i]}" ${ARGS[PRIVATEDNS]} && if __contains_word "${COMP_WORDS[i]}" ${ARGS[DNSOVERTLS]} &&
! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
name=${COMP_WORDS[i]} name=${COMP_WORDS[i]}
break; break;
@ -166,7 +166,7 @@ _resolvectl() {
done done
if [[ -z $name ]]; then if [[ -z $name ]]; then
comps=${ARGS[PRIVATEDNS]} comps=${ARGS[DNSOVERTLS]}
else else
comps='' comps=''
fi fi

2
shell-completion/bash/systemd-resolve
View File

@ -65,7 +65,7 @@ _systemd-resolve() {
--set-dnssec) --set-dnssec)
comps="yes no allow-downgrade" comps="yes no allow-downgrade"
;; ;;
--set-privatedns) --set-dnsovertls)
comps="no opportunistic" comps="no opportunistic"
;; ;;
esac esac

4
src/libsystemd/sd-network/sd-network.c
View File

@ -178,8 +178,8 @@ _public_ int sd_network_link_get_mdns(int ifindex, char **mdns) {
return network_link_get_string(ifindex, "MDNS", mdns); return network_link_get_string(ifindex, "MDNS", mdns);
} }
_public_ int sd_network_link_get_private_dns(int ifindex, char **private_dns) { _public_ int sd_network_link_get_dns_over_tls(int ifindex, char **dns_over_tls) {
return network_link_get_string(ifindex, "PRIVATE_DNS", private_dns); return network_link_get_string(ifindex, "DNS_OVER_TLS", dns_over_tls);
} }
_public_ int sd_network_link_get_dnssec(int ifindex, char **dnssec) { _public_ int sd_network_link_get_dnssec(int ifindex, char **dnssec) {

6
src/network/networkd-link.c
View File

@ -3762,9 +3762,9 @@ int link_save(Link *link) {
fprintf(f, "MDNS=%s\n", fprintf(f, "MDNS=%s\n",
resolve_support_to_string(link->network->mdns)); resolve_support_to_string(link->network->mdns));
if (link->network->private_dns_mode != _PRIVATE_DNS_MODE_INVALID) if (link->network->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
fprintf(f, "PRIVATE_DNS=%s\n", fprintf(f, "DNS_OVER_TLS=%s\n",
private_dns_mode_to_string(link->network->private_dns_mode)); dns_over_tls_mode_to_string(link->network->dns_over_tls_mode));
if (link->network->dnssec_mode != _DNSSEC_MODE_INVALID) if (link->network->dnssec_mode != _DNSSEC_MODE_INVALID)
fprintf(f, "DNSSEC=%s\n", fprintf(f, "DNSSEC=%s\n",

2
src/network/networkd-network-gperf.gperf
View File

@ -60,7 +60,7 @@ Network.Domains, config_parse_domains,
Network.DNS, config_parse_dns, 0, 0 Network.DNS, config_parse_dns, 0, 0
Network.LLMNR, config_parse_resolve_support, 0, offsetof(Network, llmnr) Network.LLMNR, config_parse_resolve_support, 0, offsetof(Network, llmnr)
Network.MulticastDNS, config_parse_resolve_support, 0, offsetof(Network, mdns) Network.MulticastDNS, config_parse_resolve_support, 0, offsetof(Network, mdns)
Network.PrivateDNS, config_parse_private_dns_mode, 0, offsetof(Network, private_dns_mode) Network.DNSOverTLS, config_parse_dns_over_tls_mode, 0, offsetof(Network, dns_over_tls_mode)
Network.DNSSEC, config_parse_dnssec_mode, 0, offsetof(Network, dnssec_mode) Network.DNSSEC, config_parse_dnssec_mode, 0, offsetof(Network, dnssec_mode)
Network.DNSSECNegativeTrustAnchors, config_parse_dnssec_negative_trust_anchors, 0, 0 Network.DNSSECNegativeTrustAnchors, config_parse_dnssec_negative_trust_anchors, 0, 0
Network.NTP, config_parse_ntp, 0, offsetof(Network, ntp) Network.NTP, config_parse_ntp, 0, offsetof(Network, ntp)

2
src/network/networkd-network.c
View File

@ -236,7 +236,7 @@ static int network_load_one(Manager *manager, const char *filename) {
network->llmnr = RESOLVE_SUPPORT_YES; network->llmnr = RESOLVE_SUPPORT_YES;
network->mdns = RESOLVE_SUPPORT_NO; network->mdns = RESOLVE_SUPPORT_NO;
network->dnssec_mode = _DNSSEC_MODE_INVALID; network->dnssec_mode = _DNSSEC_MODE_INVALID;
network->private_dns_mode = _PRIVATE_DNS_MODE_INVALID; network->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
network->link_local = ADDRESS_FAMILY_IPV6; network->link_local = ADDRESS_FAMILY_IPV6;

2
src/network/networkd-network.h
View File

@ -261,7 +261,7 @@ struct Network {
ResolveSupport llmnr; ResolveSupport llmnr;
ResolveSupport mdns; ResolveSupport mdns;
DnssecMode dnssec_mode; DnssecMode dnssec_mode;
PrivateDnsMode private_dns_mode; DnsOverTlsMode dns_over_tls_mode;
Set *dnssec_negative_trust_anchors; Set *dnssec_negative_trust_anchors;
LIST_FIELDS(Network, networks); LIST_FIELDS(Network, networks);

44
src/resolve/resolvectl.c
View File

@ -56,7 +56,7 @@ char **arg_set_dns = NULL;
char **arg_set_domain = NULL; char **arg_set_domain = NULL;
static const char *arg_set_llmnr = NULL; static const char *arg_set_llmnr = NULL;
static const char *arg_set_mdns = NULL; static const char *arg_set_mdns = NULL;
static const char *arg_set_private_dns = NULL; static const char *arg_set_dns_over_tls = NULL;
static const char *arg_set_dnssec = NULL; static const char *arg_set_dnssec = NULL;
static char **arg_set_nta = NULL; static char **arg_set_nta = NULL;
@ -1339,7 +1339,7 @@ static int status_ifindex(sd_bus *bus, int ifindex, const char *name, StatusMode
uint64_t scopes_mask; uint64_t scopes_mask;
const char *llmnr; const char *llmnr;
const char *mdns; const char *mdns;
const char *private_dns; const char *dns_over_tls;
const char *dnssec; const char *dnssec;
char *current_dns; char *current_dns;
char **dns; char **dns;
@ -1355,7 +1355,7 @@ static int status_ifindex(sd_bus *bus, int ifindex, const char *name, StatusMode
{ "Domains", "a(sb)", map_link_domains, offsetof(struct link_info, domains) }, { "Domains", "a(sb)", map_link_domains, offsetof(struct link_info, domains) },
{ "LLMNR", "s", NULL, offsetof(struct link_info, llmnr) }, { "LLMNR", "s", NULL, offsetof(struct link_info, llmnr) },
{ "MulticastDNS", "s", NULL, offsetof(struct link_info, mdns) }, { "MulticastDNS", "s", NULL, offsetof(struct link_info, mdns) },
{ "PrivateDNS", "s", NULL, offsetof(struct link_info, private_dns) }, { "DNSOverTLS", "s", NULL, offsetof(struct link_info, dns_over_tls) },
{ "DNSSEC", "s", NULL, offsetof(struct link_info, dnssec) }, { "DNSSEC", "s", NULL, offsetof(struct link_info, dnssec) },
{ "DNSSECNegativeTrustAnchors", "as", NULL, offsetof(struct link_info, ntas) }, { "DNSSECNegativeTrustAnchors", "as", NULL, offsetof(struct link_info, ntas) },
{ "DNSSECSupported", "b", NULL, offsetof(struct link_info, dnssec_supported) }, { "DNSSECSupported", "b", NULL, offsetof(struct link_info, dnssec_supported) },
@ -1437,7 +1437,7 @@ static int status_ifindex(sd_bus *bus, int ifindex, const char *name, StatusMode
if (mode == STATUS_PRIVATE) { if (mode == STATUS_PRIVATE) {
printf("%sLink %i (%s)%s: %s\n", printf("%sLink %i (%s)%s: %s\n",
ansi_highlight(), ifindex, name, ansi_normal(), ansi_highlight(), ifindex, name, ansi_normal(),
strna(link_info.private_dns)); strna(link_info.dns_over_tls));
r = 0; r = 0;
goto finish; goto finish;
@ -1470,12 +1470,12 @@ static int status_ifindex(sd_bus *bus, int ifindex, const char *name, StatusMode
printf(" LLMNR setting: %s\n" printf(" LLMNR setting: %s\n"
"MulticastDNS setting: %s\n" "MulticastDNS setting: %s\n"
" PrivateDNS setting: %s\n" " DNSOverTLS setting: %s\n"
" DNSSEC setting: %s\n" " DNSSEC setting: %s\n"
" DNSSEC supported: %s\n", " DNSSEC supported: %s\n",
strna(link_info.llmnr), strna(link_info.llmnr),
strna(link_info.mdns), strna(link_info.mdns),
strna(link_info.private_dns), strna(link_info.dns_over_tls),
strna(link_info.dnssec), strna(link_info.dnssec),
yes_no(link_info.dnssec_supported)); yes_no(link_info.dnssec_supported));
@ -1617,7 +1617,7 @@ static int status_global(sd_bus *bus, StatusMode mode, bool *empty_line) {
char **ntas; char **ntas;
const char *llmnr; const char *llmnr;
const char *mdns; const char *mdns;
const char *private_dns; const char *dns_over_tls;
const char *dnssec; const char *dnssec;
bool dnssec_supported; bool dnssec_supported;
} global_info = {}; } global_info = {};
@ -1630,7 +1630,7 @@ static int status_global(sd_bus *bus, StatusMode mode, bool *empty_line) {
{ "DNSSECNegativeTrustAnchors", "as", NULL, offsetof(struct global_info, ntas) }, { "DNSSECNegativeTrustAnchors", "as", NULL, offsetof(struct global_info, ntas) },
{ "LLMNR", "s", NULL, offsetof(struct global_info, llmnr) }, { "LLMNR", "s", NULL, offsetof(struct global_info, llmnr) },
{ "MulticastDNS", "s", NULL, offsetof(struct global_info, mdns) }, { "MulticastDNS", "s", NULL, offsetof(struct global_info, mdns) },
{ "PrivateDNS", "s", NULL, offsetof(struct global_info, private_dns) }, { "DNSOverTLS", "s", NULL, offsetof(struct global_info, dns_over_tls) },
{ "DNSSEC", "s", NULL, offsetof(struct global_info, dnssec) }, { "DNSSEC", "s", NULL, offsetof(struct global_info, dnssec) },
{ "DNSSECSupported", "b", NULL, offsetof(struct global_info, dnssec_supported) }, { "DNSSECSupported", "b", NULL, offsetof(struct global_info, dnssec_supported) },
{} {}
@ -1692,7 +1692,7 @@ static int status_global(sd_bus *bus, StatusMode mode, bool *empty_line) {
if (mode == STATUS_PRIVATE) { if (mode == STATUS_PRIVATE) {
printf("%sGlobal%s: %s\n", ansi_highlight(), ansi_normal(), printf("%sGlobal%s: %s\n", ansi_highlight(), ansi_normal(),
strna(global_info.private_dns)); strna(global_info.dns_over_tls));
r = 0; r = 0;
goto finish; goto finish;
@ -1710,12 +1710,12 @@ static int status_global(sd_bus *bus, StatusMode mode, bool *empty_line) {
printf(" LLMNR setting: %s\n" printf(" LLMNR setting: %s\n"
"MulticastDNS setting: %s\n" "MulticastDNS setting: %s\n"
" PrivateDNS setting: %s\n" " DNSOverTLS setting: %s\n"
" DNSSEC setting: %s\n" " DNSSEC setting: %s\n"
" DNSSEC supported: %s\n", " DNSSEC supported: %s\n",
strna(global_info.llmnr), strna(global_info.llmnr),
strna(global_info.mdns), strna(global_info.mdns),
strna(global_info.private_dns), strna(global_info.dns_over_tls),
strna(global_info.dnssec), strna(global_info.dnssec),
yes_no(global_info.dnssec_supported)); yes_no(global_info.dnssec_supported));
@ -2108,7 +2108,7 @@ static int verb_mdns(int argc, char **argv, void *userdata) {
return 0; return 0;
} }
static int verb_private_dns(int argc, char **argv, void *userdata) { static int verb_dns_over_tls(int argc, char **argv, void *userdata) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
sd_bus *bus = userdata; sd_bus *bus = userdata;
int ifindex, r; int ifindex, r;
@ -2134,7 +2134,7 @@ static int verb_private_dns(int argc, char **argv, void *userdata) {
"org.freedesktop.resolve1", "org.freedesktop.resolve1",
"/org/freedesktop/resolve1", "/org/freedesktop/resolve1",
"org.freedesktop.resolve1.Manager", "org.freedesktop.resolve1.Manager",
"SetLinkPrivateDNS", "SetLinkDNSOverTLS",
&error, &error,
NULL, NULL,
"is", ifindex, argv[2]); "is", ifindex, argv[2]);
@ -2146,7 +2146,7 @@ static int verb_private_dns(int argc, char **argv, void *userdata) {
sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_LINK)) sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_LINK))
return 0; return 0;
return log_error_errno(r, "Failed to set PrivateDNS configuration: %s", bus_error_message(&error, r)); return log_error_errno(r, "Failed to set DNSOverTLS configuration: %s", bus_error_message(&error, r));
} }
return 0; return 0;
@ -2354,7 +2354,7 @@ static void compat_help(void) {
" --set-domain=DOMAIN Set per-interface search domain\n" " --set-domain=DOMAIN Set per-interface search domain\n"
" --set-llmnr=MODE Set per-interface LLMNR mode\n" " --set-llmnr=MODE Set per-interface LLMNR mode\n"
" --set-mdns=MODE Set per-interface MulticastDNS mode\n" " --set-mdns=MODE Set per-interface MulticastDNS mode\n"
" --set-privatedns=MODE Set per-interface PrivateDNS mode\n" " --set-dnsovertls=MODE Set per-interface DNS-over-TLS mode\n"
" --set-dnssec=MODE Set per-interface DNSSEC mode\n" " --set-dnssec=MODE Set per-interface DNSSEC mode\n"
" --set-nta=DOMAIN Set per-interface DNSSEC NTA\n" " --set-nta=DOMAIN Set per-interface DNSSEC NTA\n"
" --revert Revert per-interface configuration\n" " --revert Revert per-interface configuration\n"
@ -2398,7 +2398,7 @@ static void native_help(void) {
" domain [LINK [DOMAIN...]] Get/set per-interface search domain\n" " domain [LINK [DOMAIN...]] Get/set per-interface search domain\n"
" llmnr [LINK [MODE]] Get/set per-interface LLMNR mode\n" " llmnr [LINK [MODE]] Get/set per-interface LLMNR mode\n"
" mdns [LINK [MODE]] Get/set per-interface MulticastDNS mode\n" " mdns [LINK [MODE]] Get/set per-interface MulticastDNS mode\n"
" privatedns [LINK [MODE]] Get/set per-interface PrivateDNS mode\n" " dnsovertls [LINK [MODE]] Get/set per-interface DNS-over-TLS mode\n"
" dnssec [LINK [MODE]] Get/set per-interface DNSSEC mode\n" " dnssec [LINK [MODE]] Get/set per-interface DNSSEC mode\n"
" nta [LINK [DOMAIN...]] Get/set per-interface DNSSEC NTA\n" " nta [LINK [DOMAIN...]] Get/set per-interface DNSSEC NTA\n"
" revert LINK Revert per-interface configuration\n" " revert LINK Revert per-interface configuration\n"
@ -2464,7 +2464,7 @@ static int compat_parse_argv(int argc, char *argv[]) {
{ "set-domain", required_argument, NULL, ARG_SET_DOMAIN }, { "set-domain", required_argument, NULL, ARG_SET_DOMAIN },
{ "set-llmnr", required_argument, NULL, ARG_SET_LLMNR }, { "set-llmnr", required_argument, NULL, ARG_SET_LLMNR },
{ "set-mdns", required_argument, NULL, ARG_SET_MDNS }, { "set-mdns", required_argument, NULL, ARG_SET_MDNS },
{ "set-privatedns", required_argument, NULL, ARG_SET_PRIVATE }, { "set-dnsovertls", required_argument, NULL, ARG_SET_PRIVATE },
{ "set-dnssec", required_argument, NULL, ARG_SET_DNSSEC }, { "set-dnssec", required_argument, NULL, ARG_SET_DNSSEC },
{ "set-nta", required_argument, NULL, ARG_SET_NTA }, { "set-nta", required_argument, NULL, ARG_SET_NTA },
{ "revert", no_argument, NULL, ARG_REVERT_LINK }, { "revert", no_argument, NULL, ARG_REVERT_LINK },
@ -2684,7 +2684,7 @@ static int compat_parse_argv(int argc, char *argv[]) {
break; break;
case ARG_SET_PRIVATE: case ARG_SET_PRIVATE:
arg_set_private_dns = optarg; arg_set_dns_over_tls = optarg;
arg_mode = MODE_SET_LINK; arg_mode = MODE_SET_LINK;
break; break;
@ -2731,7 +2731,7 @@ static int compat_parse_argv(int argc, char *argv[]) {
if (IN_SET(arg_mode, MODE_SET_LINK, MODE_REVERT_LINK)) { if (IN_SET(arg_mode, MODE_SET_LINK, MODE_REVERT_LINK)) {
if (arg_ifindex <= 0) { if (arg_ifindex <= 0) {
log_error("--set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-privatedns=, --set-dnssec=, --set-nta= and --revert require --interface=."); log_error("--set-dns=, --set-domain=, --set-llmnr=, --set-mdns=, --set-dnsovertls=, --set-dnssec=, --set-nta= and --revert require --interface=.");
return -EINVAL; return -EINVAL;
} }
@ -2957,7 +2957,7 @@ static int native_main(int argc, char *argv[], sd_bus *bus) {
{ "domain", VERB_ANY, VERB_ANY, 0, verb_domain }, { "domain", VERB_ANY, VERB_ANY, 0, verb_domain },
{ "llmnr", VERB_ANY, 3, 0, verb_llmnr }, { "llmnr", VERB_ANY, 3, 0, verb_llmnr },
{ "mdns", VERB_ANY, 3, 0, verb_mdns }, { "mdns", VERB_ANY, 3, 0, verb_mdns },
{ "privatedns", VERB_ANY, 3, 0, verb_private_dns }, { "dnsovertls", VERB_ANY, 3, 0, verb_dns_over_tls },
{ "dnssec", VERB_ANY, 3, 0, verb_dnssec }, { "dnssec", VERB_ANY, 3, 0, verb_dnssec },
{ "nta", VERB_ANY, VERB_ANY, 0, verb_nta }, { "nta", VERB_ANY, VERB_ANY, 0, verb_nta },
{ "revert", 2, 2, 0, verb_revert_link }, { "revert", 2, 2, 0, verb_revert_link },
@ -3050,8 +3050,8 @@ static int compat_main(int argc, char *argv[], sd_bus *bus) {
return r; return r;
} }
if (arg_set_private_dns) { if (arg_set_dns_over_tls) {
r = translate("privatedns", arg_ifname, 1, (char **) &arg_set_private_dns, bus); r = translate("dnsovertls", arg_ifname, 1, (char **) &arg_set_dns_over_tls, bus);
if (r < 0) if (r < 0)
return r; return r;
} }

10
src/resolve/resolved-bus.c
View File

@ -1471,7 +1471,7 @@ static int bus_property_get_ntas(
static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode); static BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode);
static BUS_DEFINE_PROPERTY_GET(bus_property_get_dnssec_supported, "b", Manager, manager_dnssec_supported); static BUS_DEFINE_PROPERTY_GET(bus_property_get_dnssec_supported, "b", Manager, manager_dnssec_supported);
static BUS_DEFINE_PROPERTY_GET2(bus_property_get_dnssec_mode, "s", Manager, manager_get_dnssec_mode, dnssec_mode_to_string); static BUS_DEFINE_PROPERTY_GET2(bus_property_get_dnssec_mode, "s", Manager, manager_get_dnssec_mode, dnssec_mode_to_string);
static BUS_DEFINE_PROPERTY_GET2(bus_property_get_private_dns_mode, "s", Manager, manager_get_private_dns_mode, private_dns_mode_to_string); static BUS_DEFINE_PROPERTY_GET2(bus_property_get_dns_over_tls_mode, "s", Manager, manager_get_dns_over_tls_mode, dns_over_tls_mode_to_string);
static int bus_method_reset_statistics(sd_bus_message *message, void *userdata, sd_bus_error *error) { static int bus_method_reset_statistics(sd_bus_message *message, void *userdata, sd_bus_error *error) {
Manager *m = userdata; Manager *m = userdata;
@ -1542,8 +1542,8 @@ static int bus_method_set_link_mdns(sd_bus_message *message, void *userdata, sd_
return call_link_method(userdata, message, bus_link_method_set_mdns, error); return call_link_method(userdata, message, bus_link_method_set_mdns, error);
} }
static int bus_method_set_link_private_dns(sd_bus_message *message, void *userdata, sd_bus_error *error) { static int bus_method_set_link_dns_over_tls(sd_bus_message *message, void *userdata, sd_bus_error *error) {
return call_link_method(userdata, message, bus_link_method_set_private_dns, error); return call_link_method(userdata, message, bus_link_method_set_dns_over_tls, error);
} }
static int bus_method_set_link_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error) { static int bus_method_set_link_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error) {
@ -1836,7 +1836,7 @@ static const sd_bus_vtable resolve_vtable[] = {
SD_BUS_PROPERTY("LLMNRHostname", "s", NULL, offsetof(Manager, llmnr_hostname), 0), SD_BUS_PROPERTY("LLMNRHostname", "s", NULL, offsetof(Manager, llmnr_hostname), 0),
SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Manager, llmnr_support), 0), SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Manager, llmnr_support), 0),
SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Manager, mdns_support), 0), SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Manager, mdns_support), 0),
SD_BUS_PROPERTY("PrivateDNS", "s", bus_property_get_private_dns_mode, 0, 0), SD_BUS_PROPERTY("DNSOverTLS", "s", bus_property_get_dns_over_tls_mode, 0, 0),
SD_BUS_PROPERTY("DNS", "a(iiay)", bus_property_get_dns_servers, 0, 0), SD_BUS_PROPERTY("DNS", "a(iiay)", bus_property_get_dns_servers, 0, 0),
SD_BUS_PROPERTY("FallbackDNS", "a(iiay)", bus_property_get_fallback_dns_servers, offsetof(Manager, fallback_dns_servers), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("FallbackDNS", "a(iiay)", bus_property_get_fallback_dns_servers, offsetof(Manager, fallback_dns_servers), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("CurrentDNSServer", "(iiay)", bus_property_get_current_dns_server, offsetof(Manager, current_dns_server), 0), SD_BUS_PROPERTY("CurrentDNSServer", "(iiay)", bus_property_get_current_dns_server, offsetof(Manager, current_dns_server), 0),
@ -1861,7 +1861,7 @@ static const sd_bus_vtable resolve_vtable[] = {
SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0), SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0),
SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, 0), SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, 0),
SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, 0), SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, 0),
SD_BUS_METHOD("SetLinkPrivateDNS", "is", NULL, bus_method_set_link_private_dns, 0), SD_BUS_METHOD("SetLinkDNSOverTLS", "is", NULL, bus_method_set_link_dns_over_tls, 0),
SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, 0), SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, 0),
SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, 0), SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, 0),
SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, 0), SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, 0),

6
src/resolve/resolved-conf.c
View File

@ -398,9 +398,9 @@ int manager_parse_config_file(Manager *m) {
#endif #endif
#if ! HAVE_GNUTLS #if ! HAVE_GNUTLS
if (m->private_dns_mode != PRIVATE_DNS_NO) { if (m->dns_over_tls_mode != DNS_OVER_TLS_NO) {
log_warning("Private DNS option cannot be set to opportunistic when systemd-resolved is built without gnutls support. Turning off private DNS support."); log_warning("DNS-over-TLS option cannot be set to opportunistic when systemd-resolved is built without gnutls support. Turning off DNS-over-TLS support.");
m->private_dns_mode = PRIVATE_DNS_NO; m->dns_over_tls_mode = DNS_OVER_TLS_NO;
} }
#endif #endif
return 0; return 0;

6
src/resolve/resolved-dns-scope.c
View File

@ -54,15 +54,15 @@ int dns_scope_new(Manager *m, DnsScope **ret, Link *l, DnsProtocol protocol, int
if (l) { if (l) {
s->dnssec_mode = link_get_dnssec_mode(l); s->dnssec_mode = link_get_dnssec_mode(l);
s->private_dns_mode = link_get_private_dns_mode(l); s->dns_over_tls_mode = link_get_dns_over_tls_mode(l);
} else { } else {
s->dnssec_mode = manager_get_dnssec_mode(m); s->dnssec_mode = manager_get_dnssec_mode(m);
s->private_dns_mode = manager_get_private_dns_mode(m); s->dns_over_tls_mode = manager_get_dns_over_tls_mode(m);
} }
} else { } else {
s->dnssec_mode = DNSSEC_NO; s->dnssec_mode = DNSSEC_NO;
s->private_dns_mode = PRIVATE_DNS_NO; s->dns_over_tls_mode = DNS_OVER_TLS_NO;
} }
LIST_PREPEND(scopes, m->dns_scopes, s); LIST_PREPEND(scopes, m->dns_scopes, s);

2
src/resolve/resolved-dns-scope.h
View File

@ -35,7 +35,7 @@ struct DnsScope {
DnsProtocol protocol; DnsProtocol protocol;
int family; int family;
DnssecMode dnssec_mode; DnssecMode dnssec_mode;
PrivateDnsMode private_dns_mode; DnsOverTlsMode dns_over_tls_mode;
Link *link; Link *link;

10
src/resolve/resolved-dns-server.c
View File

@ -400,11 +400,11 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) {
/* Determine the best feature level we care about. If DNSSEC mode is off there's no point in using anything /* Determine the best feature level we care about. If DNSSEC mode is off there's no point in using anything
* better than EDNS0, hence don't even try. */ * better than EDNS0, hence don't even try. */
if (dns_server_get_dnssec_mode(s) != DNSSEC_NO) if (dns_server_get_dnssec_mode(s) != DNSSEC_NO)
best = dns_server_get_private_dns_mode(s) == PRIVATE_DNS_NO ? best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ?
DNS_SERVER_FEATURE_LEVEL_LARGE : DNS_SERVER_FEATURE_LEVEL_LARGE :
DNS_SERVER_FEATURE_LEVEL_TLS_DO; DNS_SERVER_FEATURE_LEVEL_TLS_DO;
else else
best = dns_server_get_private_dns_mode(s) == PRIVATE_DNS_NO ? best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ?
DNS_SERVER_FEATURE_LEVEL_EDNS0 : DNS_SERVER_FEATURE_LEVEL_EDNS0 :
DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN; DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN;
@ -811,13 +811,13 @@ DnssecMode dns_server_get_dnssec_mode(DnsServer *s) {
return manager_get_dnssec_mode(s->manager); return manager_get_dnssec_mode(s->manager);
} }
PrivateDnsMode dns_server_get_private_dns_mode(DnsServer *s) { DnsOverTlsMode dns_server_get_dns_over_tls_mode(DnsServer *s) {
assert(s); assert(s);
if (s->link) if (s->link)
return link_get_private_dns_mode(s->link); return link_get_dns_over_tls_mode(s->link);
return manager_get_private_dns_mode(s->manager); return manager_get_dns_over_tls_mode(s->manager);
} }
void dns_server_flush_cache(DnsServer *s) { void dns_server_flush_cache(DnsServer *s) {

2
src/resolve/resolved-dns-server.h
View File

@ -144,7 +144,7 @@ void manager_next_dns_server(Manager *m);
bool dns_server_address_valid(int family, const union in_addr_union *sa); bool dns_server_address_valid(int family, const union in_addr_union *sa);
DnssecMode dns_server_get_dnssec_mode(DnsServer *s); DnssecMode dns_server_get_dnssec_mode(DnsServer *s);
PrivateDnsMode dns_server_get_private_dns_mode(DnsServer *s); DnsOverTlsMode dns_server_get_dns_over_tls_mode(DnsServer *s);
DEFINE_TRIVIAL_CLEANUP_FUNC(DnsServer*, dns_server_unref); DEFINE_TRIVIAL_CLEANUP_FUNC(DnsServer*, dns_server_unref);

2
src/resolve/resolved-gperf.gperf
View File

@ -23,6 +23,6 @@ Resolve.Domains, config_parse_search_domains, 0,
Resolve.LLMNR, config_parse_resolve_support, 0, offsetof(Manager, llmnr_support) Resolve.LLMNR, config_parse_resolve_support, 0, offsetof(Manager, llmnr_support)
Resolve.MulticastDNS, config_parse_resolve_support, 0, offsetof(Manager, mdns_support) Resolve.MulticastDNS, config_parse_resolve_support, 0, offsetof(Manager, mdns_support)
Resolve.DNSSEC, config_parse_dnssec_mode, 0, offsetof(Manager, dnssec_mode) Resolve.DNSSEC, config_parse_dnssec_mode, 0, offsetof(Manager, dnssec_mode)
Resolve.PrivateDNS, config_parse_private_dns_mode, 0, offsetof(Manager, private_dns_mode) Resolve.DNSOverTLS, config_parse_dns_over_tls_mode, 0, offsetof(Manager, dns_over_tls_mode)
Resolve.Cache, config_parse_bool, 0, offsetof(Manager, enable_cache) Resolve.Cache, config_parse_bool, 0, offsetof(Manager, enable_cache)
Resolve.DNSStubListener, config_parse_dns_stub_listener_mode, 0, offsetof(Manager, dns_stub_listener_mode) Resolve.DNSStubListener, config_parse_dns_stub_listener_mode, 0, offsetof(Manager, dns_stub_listener_mode)

26
src/resolve/resolved-link-bus.c
View File

@ -18,7 +18,7 @@
static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported, "b", Link, link_dnssec_supported); static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported, "b", Link, link_dnssec_supported);
static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode, "s", Link, link_get_dnssec_mode, dnssec_mode_to_string); static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode, "s", Link, link_get_dnssec_mode, dnssec_mode_to_string);
static int property_get_private_dns_mode( static int property_get_dns_over_tls_mode(
sd_bus *bus, sd_bus *bus,
const char *path, const char *path,
const char *interface, const char *interface,
@ -32,7 +32,7 @@ static int property_get_private_dns_mode(
assert(reply); assert(reply);
assert(l); assert(l);
return sd_bus_message_append(reply, "s", private_dns_mode_to_string(link_get_private_dns_mode(l))); return sd_bus_message_append(reply, "s", dns_over_tls_mode_to_string(link_get_dns_over_tls_mode(l)));
} }
static int property_get_dns( static int property_get_dns(
@ -419,10 +419,10 @@ int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_err
return sd_bus_reply_method_return(message, NULL); return sd_bus_reply_method_return(message, NULL);
} }
int bus_link_method_set_private_dns(sd_bus_message *message, void *userdata, sd_bus_error *error) { int bus_link_method_set_dns_over_tls(sd_bus_message *message, void *userdata, sd_bus_error *error) {
Link *l = userdata; Link *l = userdata;
const char *private_dns; const char *dns_over_tls;
PrivateDnsMode mode; DnsOverTlsMode mode;
int r; int r;
assert(message); assert(message);
@ -432,19 +432,19 @@ int bus_link_method_set_private_dns(sd_bus_message *message, void *userdata, sd_
if (r < 0) if (r < 0)
return r; return r;
r = sd_bus_message_read(message, "s", &private_dns); r = sd_bus_message_read(message, "s", &dns_over_tls);
if (r < 0) if (r < 0)
return r; return r;
if (isempty(private_dns)) if (isempty(dns_over_tls))
mode = _PRIVATE_DNS_MODE_INVALID; mode = _DNS_OVER_TLS_MODE_INVALID;
else { else {
mode = private_dns_mode_from_string(private_dns); mode = dns_over_tls_mode_from_string(dns_over_tls);
if (mode < 0) if (mode < 0)
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid PrivateDNS setting: %s", private_dns); return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid DNSOverTLS setting: %s", dns_over_tls);
} }
link_set_private_dns_mode(l, mode); link_set_dns_over_tls_mode(l, mode);
(void) link_save_user(l); (void) link_save_user(l);
@ -557,7 +557,7 @@ const sd_bus_vtable link_vtable[] = {
SD_BUS_PROPERTY("Domains", "a(sb)", property_get_domains, 0, 0), SD_BUS_PROPERTY("Domains", "a(sb)", property_get_domains, 0, 0),
SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Link, llmnr_support), 0), SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support, offsetof(Link, llmnr_support), 0),
SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Link, mdns_support), 0), SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support, offsetof(Link, mdns_support), 0),
SD_BUS_PROPERTY("PrivateDNS", "s", property_get_private_dns_mode, 0, 0), SD_BUS_PROPERTY("DNSOverTLS", "s", property_get_dns_over_tls_mode, 0, 0),
SD_BUS_PROPERTY("DNSSEC", "s", property_get_dnssec_mode, 0, 0), SD_BUS_PROPERTY("DNSSEC", "s", property_get_dnssec_mode, 0, 0),
SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", property_get_ntas, 0, 0), SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", property_get_ntas, 0, 0),
SD_BUS_PROPERTY("DNSSECSupported", "b", property_get_dnssec_supported, 0, 0), SD_BUS_PROPERTY("DNSSECSupported", "b", property_get_dnssec_supported, 0, 0),
@ -566,7 +566,7 @@ const sd_bus_vtable link_vtable[] = {
SD_BUS_METHOD("SetDomains", "a(sb)", NULL, bus_link_method_set_domains, 0), SD_BUS_METHOD("SetDomains", "a(sb)", NULL, bus_link_method_set_domains, 0),
SD_BUS_METHOD("SetLLMNR", "s", NULL, bus_link_method_set_llmnr, 0), SD_BUS_METHOD("SetLLMNR", "s", NULL, bus_link_method_set_llmnr, 0),
SD_BUS_METHOD("SetMulticastDNS", "s", NULL, bus_link_method_set_mdns, 0), SD_BUS_METHOD("SetMulticastDNS", "s", NULL, bus_link_method_set_mdns, 0),
SD_BUS_METHOD("SetPrivateDNS", "s", NULL, bus_link_method_set_private_dns, 0), SD_BUS_METHOD("SetDNSOverTLS", "s", NULL, bus_link_method_set_dns_over_tls, 0),
SD_BUS_METHOD("SetDNSSEC", "s", NULL, bus_link_method_set_dnssec, 0), SD_BUS_METHOD("SetDNSSEC", "s", NULL, bus_link_method_set_dnssec, 0),
SD_BUS_METHOD("SetDNSSECNegativeTrustAnchors", "as", NULL, bus_link_method_set_dnssec_negative_trust_anchors, 0), SD_BUS_METHOD("SetDNSSECNegativeTrustAnchors", "as", NULL, bus_link_method_set_dnssec_negative_trust_anchors, 0),
SD_BUS_METHOD("Revert", NULL, NULL, bus_link_method_revert, 0), SD_BUS_METHOD("Revert", NULL, NULL, bus_link_method_revert, 0),

2
src/resolve/resolved-link-bus.h
View File

@ -21,7 +21,7 @@ int bus_link_method_set_dns_servers(sd_bus_message *message, void *userdata, sd_
int bus_link_method_set_domains(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_link_method_set_domains(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_link_method_set_llmnr(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_link_method_set_llmnr(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_link_method_set_private_dns(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_link_method_set_dns_over_tls(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, void *userdata, sd_bus_error *error);
int bus_link_method_revert(sd_bus_message *message, void *userdata, sd_bus_error *error); int bus_link_method_revert(sd_bus_message *message, void *userdata, sd_bus_error *error);

34
src/resolve/resolved-link.c
View File

@ -41,7 +41,7 @@ int link_new(Manager *m, Link **ret, int ifindex) {
l->llmnr_support = RESOLVE_SUPPORT_YES; l->llmnr_support = RESOLVE_SUPPORT_YES;
l->mdns_support = RESOLVE_SUPPORT_NO; l->mdns_support = RESOLVE_SUPPORT_NO;
l->dnssec_mode = _DNSSEC_MODE_INVALID; l->dnssec_mode = _DNSSEC_MODE_INVALID;
l->private_dns_mode = _PRIVATE_DNS_MODE_INVALID; l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
l->operstate = IF_OPER_UNKNOWN; l->operstate = IF_OPER_UNKNOWN;
if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0) if (asprintf(&l->state_file, "/run/systemd/resolve/netif/%i", ifindex) < 0)
@ -66,7 +66,7 @@ void link_flush_settings(Link *l) {
l->llmnr_support = RESOLVE_SUPPORT_YES; l->llmnr_support = RESOLVE_SUPPORT_YES;
l->mdns_support = RESOLVE_SUPPORT_NO; l->mdns_support = RESOLVE_SUPPORT_NO;
l->dnssec_mode = _DNSSEC_MODE_INVALID; l->dnssec_mode = _DNSSEC_MODE_INVALID;
l->private_dns_mode = _PRIVATE_DNS_MODE_INVALID; l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
dns_server_unlink_all(l->dns_servers); dns_server_unlink_all(l->dns_servers);
dns_search_domain_unlink_all(l->search_domains); dns_search_domain_unlink_all(l->search_domains);
@ -354,26 +354,26 @@ clear:
return r; return r;
} }
void link_set_private_dns_mode(Link *l, PrivateDnsMode mode) { void link_set_dns_over_tls_mode(Link *l, DnsOverTlsMode mode) {
assert(l); assert(l);
#if ! HAVE_GNUTLS #if ! HAVE_GNUTLS
if (mode != PRIVATE_DNS_NO) if (mode != DNS_OVER_TLS_NO)
log_warning("Private DNS option for the link cannot be set to opportunistic when systemd-resolved is built without gnutls support. Turning off Private DNS support."); log_warning("DNS-over-TLS option for the link cannot be set to opportunistic when systemd-resolved is built without gnutls support. Turning off DNS-over-TLS support.");
return; return;
#endif #endif
l->private_dns_mode = mode; l->dns_over_tls_mode = mode;
} }
static int link_update_private_dns_mode(Link *l) { static int link_update_dns_over_tls_mode(Link *l) {
_cleanup_free_ char *b = NULL; _cleanup_free_ char *b = NULL;
int r; int r;
assert(l); assert(l);
r = sd_network_link_get_private_dns(l->ifindex, &b); r = sd_network_link_get_dns_over_tls(l->ifindex, &b);
if (r == -ENODATA) { if (r == -ENODATA) {
r = 0; r = 0;
goto clear; goto clear;
@ -381,8 +381,8 @@ static int link_update_private_dns_mode(Link *l) {
if (r < 0) if (r < 0)
goto clear; goto clear;
l->private_dns_mode = private_dns_mode_from_string(b); l->dns_over_tls_mode = dns_over_tls_mode_from_string(b);
if (l->private_dns_mode < 0) { if (l->dns_over_tls_mode < 0) {
r = -EINVAL; r = -EINVAL;
goto clear; goto clear;
} }
@ -390,7 +390,7 @@ static int link_update_private_dns_mode(Link *l) {
return 0; return 0;
clear: clear:
l->private_dns_mode = _PRIVATE_DNS_MODE_INVALID; l->dns_over_tls_mode = _DNS_OVER_TLS_MODE_INVALID;
return r; return r;
} }
@ -601,9 +601,9 @@ static void link_read_settings(Link *l) {
if (r < 0) if (r < 0)
log_warning_errno(r, "Failed to read mDNS support for interface %s, ignoring: %m", l->name); log_warning_errno(r, "Failed to read mDNS support for interface %s, ignoring: %m", l->name);
r = link_update_private_dns_mode(l); r = link_update_dns_over_tls_mode(l);
if (r < 0) if (r < 0)
log_warning_errno(r, "Failed to read Private DNS mode for interface %s, ignoring: %m", l->name); log_warning_errno(r, "Failed to read DNS-over-TLS mode for interface %s, ignoring: %m", l->name);
r = link_update_dnssec_mode(l); r = link_update_dnssec_mode(l);
if (r < 0) if (r < 0)
@ -738,13 +738,13 @@ void link_next_dns_server(Link *l) {
link_set_dns_server(l, l->dns_servers); link_set_dns_server(l, l->dns_servers);
} }
PrivateDnsMode link_get_private_dns_mode(Link *l) { DnsOverTlsMode link_get_dns_over_tls_mode(Link *l) {
assert(l); assert(l);
if (l->private_dns_mode != _PRIVATE_DNS_MODE_INVALID) if (l->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
return l->private_dns_mode; return l->dns_over_tls_mode;
return manager_get_private_dns_mode(l->manager); return manager_get_dns_over_tls_mode(l->manager);
} }
DnssecMode link_get_dnssec_mode(Link *l) { DnssecMode link_get_dnssec_mode(Link *l) {

6
src/resolve/resolved-link.h
View File

@ -59,7 +59,7 @@ struct Link {
ResolveSupport llmnr_support; ResolveSupport llmnr_support;
ResolveSupport mdns_support; ResolveSupport mdns_support;
PrivateDnsMode private_dns_mode; DnsOverTlsMode dns_over_tls_mode;
DnssecMode dnssec_mode; DnssecMode dnssec_mode;
Set *dnssec_negative_trust_anchors; Set *dnssec_negative_trust_anchors;
@ -91,7 +91,7 @@ void link_add_rrs(Link *l, bool force_remove);
void link_flush_settings(Link *l); void link_flush_settings(Link *l);
void link_set_dnssec_mode(Link *l, DnssecMode mode); void link_set_dnssec_mode(Link *l, DnssecMode mode);
void link_set_private_dns_mode(Link *l, PrivateDnsMode mode); void link_set_dns_over_tls_mode(Link *l, DnsOverTlsMode mode);
void link_allocate_scopes(Link *l); void link_allocate_scopes(Link *l);
DnsServer* link_set_dns_server(Link *l, DnsServer *s); DnsServer* link_set_dns_server(Link *l, DnsServer *s);
@ -101,7 +101,7 @@ void link_next_dns_server(Link *l);
DnssecMode link_get_dnssec_mode(Link *l); DnssecMode link_get_dnssec_mode(Link *l);
bool link_dnssec_supported(Link *l); bool link_dnssec_supported(Link *l);
PrivateDnsMode link_get_private_dns_mode(Link *l); DnsOverTlsMode link_get_dns_over_tls_mode(Link *l);
int link_save_user(Link *l); int link_save_user(Link *l);
int link_load_user(Link *l); int link_load_user(Link *l);

10
src/resolve/resolved-manager.c
View File

@ -580,7 +580,7 @@ int manager_new(Manager **ret) {
m->llmnr_support = RESOLVE_SUPPORT_YES; m->llmnr_support = RESOLVE_SUPPORT_YES;
m->mdns_support = RESOLVE_SUPPORT_YES; m->mdns_support = RESOLVE_SUPPORT_YES;
m->dnssec_mode = DEFAULT_DNSSEC_MODE; m->dnssec_mode = DEFAULT_DNSSEC_MODE;
m->private_dns_mode = DEFAULT_PRIVATE_DNS_MODE; m->dns_over_tls_mode = DEFAULT_DNS_OVER_TLS_MODE;
m->enable_cache = true; m->enable_cache = true;
m->dns_stub_listener_mode = DNS_STUB_LISTENER_UDP; m->dns_stub_listener_mode = DNS_STUB_LISTENER_UDP;
m->read_resolv_conf = true; m->read_resolv_conf = true;
@ -1385,13 +1385,13 @@ bool manager_dnssec_supported(Manager *m) {
return true; return true;
} }
PrivateDnsMode manager_get_private_dns_mode(Manager *m) { DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m) {
assert(m); assert(m);
if (m->private_dns_mode != _PRIVATE_DNS_MODE_INVALID) if (m->dns_over_tls_mode != _DNS_OVER_TLS_MODE_INVALID)
return m->private_dns_mode; return m->dns_over_tls_mode;
return PRIVATE_DNS_NO; return DNS_OVER_TLS_NO;
} }
void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) { void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key) {

4
src/resolve/resolved-manager.h
View File

@ -35,7 +35,7 @@ struct Manager {
ResolveSupport llmnr_support; ResolveSupport llmnr_support;
ResolveSupport mdns_support; ResolveSupport mdns_support;
DnssecMode dnssec_mode; DnssecMode dnssec_mode;
PrivateDnsMode private_dns_mode; DnsOverTlsMode dns_over_tls_mode;
bool enable_cache; bool enable_cache;
DnsStubListenerMode dns_stub_listener_mode; DnsStubListenerMode dns_stub_listener_mode;
@ -173,7 +173,7 @@ int manager_compile_search_domains(Manager *m, OrderedSet **domains, int filter_
DnssecMode manager_get_dnssec_mode(Manager *m); DnssecMode manager_get_dnssec_mode(Manager *m);
bool manager_dnssec_supported(Manager *m); bool manager_dnssec_supported(Manager *m);
PrivateDnsMode manager_get_private_dns_mode(Manager *m); DnsOverTlsMode manager_get_dns_over_tls_mode(Manager *m);
void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key); void manager_dnssec_verdict(Manager *m, DnssecVerdict verdict, const DnsResourceKey *key);

2
src/resolve/resolved.conf.in
View File

@ -18,6 +18,6 @@
#LLMNR=yes #LLMNR=yes
#MulticastDNS=yes #MulticastDNS=yes
#DNSSEC=@DEFAULT_DNSSEC_MODE@ #DNSSEC=@DEFAULT_DNSSEC_MODE@
#PrivateDNS=@DEFAULT_PRIVATE_DNS_MODE@ #DNSOverTLS=@DEFAULT_DNS_OVER_TLS_MODE@
#Cache=yes #Cache=yes
#DNSStubListener=udp #DNSStubListener=udp

10
src/shared/resolve-util.c
View File

@ -11,7 +11,7 @@
DEFINE_CONFIG_PARSE_ENUM(config_parse_resolve_support, resolve_support, ResolveSupport, "Failed to parse resolve support setting"); DEFINE_CONFIG_PARSE_ENUM(config_parse_resolve_support, resolve_support, ResolveSupport, "Failed to parse resolve support setting");
DEFINE_CONFIG_PARSE_ENUM(config_parse_dnssec_mode, dnssec_mode, DnssecMode, "Failed to parse DNSSEC mode setting"); DEFINE_CONFIG_PARSE_ENUM(config_parse_dnssec_mode, dnssec_mode, DnssecMode, "Failed to parse DNSSEC mode setting");
DEFINE_CONFIG_PARSE_ENUM(config_parse_private_dns_mode, private_dns_mode, PrivateDnsMode, "Failed to parse private DNS mode setting"); DEFINE_CONFIG_PARSE_ENUM(config_parse_dns_over_tls_mode, dns_over_tls_mode, DnsOverTlsMode, "Failed to parse DNS-over-TLS mode setting");
static const char* const resolve_support_table[_RESOLVE_SUPPORT_MAX] = { static const char* const resolve_support_table[_RESOLVE_SUPPORT_MAX] = {
[RESOLVE_SUPPORT_NO] = "no", [RESOLVE_SUPPORT_NO] = "no",
@ -27,8 +27,8 @@ static const char* const dnssec_mode_table[_DNSSEC_MODE_MAX] = {
}; };
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dnssec_mode, DnssecMode, DNSSEC_YES); DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dnssec_mode, DnssecMode, DNSSEC_YES);
static const char* const private_dns_mode_table[_PRIVATE_DNS_MODE_MAX] = { static const char* const dns_over_tls_mode_table[_DNS_OVER_TLS_MODE_MAX] = {
[PRIVATE_DNS_NO] = "no", [DNS_OVER_TLS_NO] = "no",
[PRIVATE_DNS_OPPORTUNISTIC] = "opportunistic", [DNS_OVER_TLS_OPPORTUNISTIC] = "opportunistic",
}; };
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(private_dns_mode, PrivateDnsMode, _PRIVATE_DNS_MODE_INVALID); DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_over_tls_mode, DnsOverTlsMode, _DNS_OVER_TLS_MODE_INVALID);

18
src/shared/resolve-util.h
View File

@ -12,7 +12,7 @@
typedef enum ResolveSupport ResolveSupport; typedef enum ResolveSupport ResolveSupport;
typedef enum DnssecMode DnssecMode; typedef enum DnssecMode DnssecMode;
typedef enum PrivateDnsMode PrivateDnsMode; typedef enum DnsOverTlsMode DnsOverTlsMode;
enum ResolveSupport { enum ResolveSupport {
RESOLVE_SUPPORT_NO, RESOLVE_SUPPORT_NO,
@ -40,21 +40,21 @@ enum DnssecMode {
_DNSSEC_MODE_INVALID = -1 _DNSSEC_MODE_INVALID = -1
}; };
enum PrivateDnsMode { enum DnsOverTlsMode {
/* No connection is made for DNS-over-TLS */ /* No connection is made for DNS-over-TLS */
PRIVATE_DNS_NO, DNS_OVER_TLS_NO,
/* Try to connect using DNS-over-TLS, but if connection fails, /* Try to connect using DNS-over-TLS, but if connection fails,
* fallback to using an unencrypted connection */ * fallback to using an unencrypted connection */
PRIVATE_DNS_OPPORTUNISTIC, DNS_OVER_TLS_OPPORTUNISTIC,
_PRIVATE_DNS_MODE_MAX, _DNS_OVER_TLS_MODE_MAX,
_PRIVATE_DNS_MODE_INVALID = -1 _DNS_OVER_TLS_MODE_INVALID = -1
}; };
CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support); CONFIG_PARSER_PROTOTYPE(config_parse_resolve_support);
CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode); CONFIG_PARSER_PROTOTYPE(config_parse_dnssec_mode);
CONFIG_PARSER_PROTOTYPE(config_parse_private_dns_mode); CONFIG_PARSER_PROTOTYPE(config_parse_dns_over_tls_mode);
const char* resolve_support_to_string(ResolveSupport p) _const_; const char* resolve_support_to_string(ResolveSupport p) _const_;
ResolveSupport resolve_support_from_string(const char *s) _pure_; ResolveSupport resolve_support_from_string(const char *s) _pure_;
@ -62,5 +62,5 @@ ResolveSupport resolve_support_from_string(const char *s) _pure_;
const char* dnssec_mode_to_string(DnssecMode p) _const_; const char* dnssec_mode_to_string(DnssecMode p) _const_;
DnssecMode dnssec_mode_from_string(const char *s) _pure_; DnssecMode dnssec_mode_from_string(const char *s) _pure_;
const char* private_dns_mode_to_string(PrivateDnsMode p) _const_; const char* dns_over_tls_mode_to_string(DnsOverTlsMode p) _const_;
PrivateDnsMode private_dns_mode_from_string(const char *s) _pure_; DnsOverTlsMode dns_over_tls_mode_from_string(const char *s) _pure_;

4
src/systemd/sd-network.h
View File

@ -129,13 +129,13 @@ int sd_network_link_get_llmnr(int ifindex, char **llmnr);
*/ */
int sd_network_link_get_mdns(int ifindex, char **mdns); int sd_network_link_get_mdns(int ifindex, char **mdns);
/* Indicates whether or not Private DNS should be enabled for the /* Indicates whether or not DNS-over-TLS should be enabled for the
* link. * link.
* Possible levels of support: strict, no, opportunistic * Possible levels of support: strict, no, opportunistic
* Possible return codes: * Possible return codes:
* -ENODATA: networkd is not aware of the link * -ENODATA: networkd is not aware of the link
*/ */
int sd_network_link_get_private_dns(int ifindex, char **private_dns); int sd_network_link_get_dns_over_tls(int ifindex, char **dns_over_tls);
/* Indicates whether or not DNSSEC should be enabled for the link /* Indicates whether or not DNSSEC should be enabled for the link
* Possible levels of support: yes, no, allow-downgrade * Possible levels of support: yes, no, allow-downgrade