man: document new systemd-resolved.service(8) routing features in more detail
This commit is contained in:
Lennart Poettering
parent
396c716c62
commit
2e88625f03
|
|
@ -143,16 +143,45 @@
|
|||
lookup zones on all matching interfaces). If the lookup failed on
|
||||
all interfaces, the last failing response is returned.</para>
|
||||
|
||||
<para>Routing of lookups may be influenced by configuring
|
||||
per-interface domain names. See
|
||||
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for details. Lookups for a hostname ending in one of the
|
||||
per-interface domains are exclusively routed to the matching
|
||||
interfaces.</para>
|
||||
<para>Routing of lookups may be influenced by configuring per-interface domain names and other settings. See
|
||||
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> and
|
||||
<citerefentry><refentrytitle>resolvectl</refentrytitle><manvolnum>1</manvolnum></citerefentry> for details. The
|
||||
following query routing logic applies for unicast DNS traffic:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>If a name to look up matches (that is: is equal to or has as suffix) any of the configured search
|
||||
or route-only domains of any link (or the globally configured DNS settings), the "best matching"
|
||||
search/route-only domain is determined: the matching one with the most labels. The query is then sent to all DNS
|
||||
servers of any links or the globally configured DNS servers associated with this "best matching"
|
||||
search/route-only domain. (Note that more than one link might have this same "best matching" search/route-only
|
||||
domain configured, in which case the query is sent to all of them in parallel).</para></listitem>
|
||||
|
||||
<listitem><para>If a query does not match any configured search/route-only domain (neither per-link nor global),
|
||||
it is sent to all DNS servers that are configured on links with the "DNS default route" option set, as well as
|
||||
the globally configured DNS server.</para></listitem>
|
||||
|
||||
<listitem><para>If there is no link configured as "DNS default route" and no global DNS server configured, the
|
||||
compiled-in fallback DNS server is used.</para></listitem>
|
||||
|
||||
<listitem><para>Otherwise the query is failed as no suitable DNS servers could be determined.</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>The "DNS default route" option is a boolean setting configureable with <command>resolvectl</command> or in
|
||||
<filename>.network</filename> files. If not set, it is implicitly determined based on the configured DNS domains
|
||||
for a link: if there's any route-only domain (not matching <literal>~.</literal>) it defaults to false, otherwise
|
||||
to true.</para>
|
||||
|
||||
<para>Effectively this means: in order to preferably route all DNS queries not explicitly matched by
|
||||
search/route-only domain configuration to a specific link, configure a <literal>~.</literal> route-only domain on
|
||||
it. This will ensure that other links will not be considered for the queries (unless they too carry such a
|
||||
route-only domain). In order to route all such DNS queries to a specific link only in case no other link is
|
||||
preferable, then set the "DNS default route" option for the link to true, and do not configure a
|
||||
<literal>~.</literal> route-only domain on it. Finally, in order to ensure that a specific link never receives any
|
||||
DNS traffic not matching any of its configured search/route-only domains, set the "DNS default route" option for it
|
||||
to false.</para>
|
||||
|
||||
<para>See the <ulink url="https://www.freedesktop.org/wiki/Software/systemd/resolved"> resolved D-Bus API
|
||||
Documentation</ulink> for information about the APIs <filename>systemd-resolved</filename> provides.</para>
|
||||
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
|
|
|
|||
Loading…
Reference in a new issue