File: systemd.dns-delegate.xml

package info (click to toggle)
systemd 260~rc1-2
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 114,856 kB
  • sloc: ansic: 741,078; xml: 122,218; sh: 36,483; python: 36,381; cpp: 947; makefile: 277; awk: 126; lisp: 13; sed: 1
file content (112 lines) | stat: -rw-r--r-- 5,036 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->

<refentry id="systemd.dns-delegate"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          conditional='ENABLE_RESOLVE'>

  <refentryinfo>
    <title>systemd.dns-delegate</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd.dns-delegate</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd.dns-delegate</refname>
    <refpurpose>DNS Server Delegation Configuration</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><simplelist>
      <member><filename>/etc/systemd/dns-delegate.d/*.dns-delegate</filename></member>
      <member><filename>/run/systemd/dns-delegate.d/*.dns-delegate</filename></member>
      <member><filename>/usr/local/lib/systemd/dns-delegate.d/*.dns-delegate</filename></member>
      <member><filename>/usr/lib/systemd/dns-delegate.d/*.dns-delegate</filename></member>
    </simplelist></para>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><filename>*.dns-delegate</filename> files may be used to delegate DNS lookups in specific domains to
    specific DNS servers. These files are read by
    <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
    Each such file defines a combination of one or more DNS servers and one or more DNS domains. Each such
    definition synthesizes a DNS lookup scope that ensure lookups below the specified domains are sent to the
    specified DNS servers, possibly in addition to any per-interface scopes and the global scope that
    <command>systemd-resolved</command> maintains anyway.</para>
  </refsect1>

  <refsect1>
    <title>[Delegate] Section Options</title>

      <variablelist class='network-directives'>
        <varlistentry>
          <term><varname>DNS=</varname></term>
          <listitem>
            <para>Takes one or more DNS server specifications, in the same syntax as the option of the same name in <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
            <xi:include href="version-info.xml" xpointer="v258"/>
          </listitem>
        </varlistentry>
        <varlistentry>
          <term><varname>Domains=</varname></term>
          <listitem>
            <para>Takes one or more domain name specifications, in the same syntax as the option of the same name in <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
            <xi:include href="version-info.xml" xpointer="v258"/>
          </listitem>
        </varlistentry>
        <varlistentry>
          <term><varname>DefaultRoute=</varname></term>
          <listitem>
            <para>Takes a boolean value, defaults to off. Controls whether this DNS server is a candidate for
            looking up records for which no better route exists.</para>
            <xi:include href="version-info.xml" xpointer="v258"/>
          </listitem>
        </varlistentry>
        <varlistentry>
          <term><varname>FirewallMark=</varname></term>
          <listitem>
            <para>Takes a 32 bit unsigned integer value. Controls the firewall mark of packets generated by the
            socket used to make DNS requests for this DNS delegate. This can be used in the firewall logic to
            filter packets from this socket.
            This sets the <constant>SO_MARK</constant> socket option. See <citerefentry
            project='die-net'><refentrytitle>iptables</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
            details.</para>
            <xi:include href="version-info.xml" xpointer="v260"/>
          </listitem>
        </varlistentry>
      </variablelist>

  </refsect1>

  <refsect1>
    <title>Examples</title>
    <example>
      <programlisting># /etc/systemd/dns-delegate.d/foobar.dns-delegate
[Delegate]
DNS=203.0.113.47
Domains=foobar.com
FirewallMark=42</programlisting>

      <para>This ensures lookups of <literal>foobar.com</literal> and any domains below it are directed to
      DNS server 203.0.113.47 and any packets related to this lookup have a firewall mark set to 42.</para>
    </example>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para><simplelist type="inline">
      <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
      <member><citerefentry><refentrytitle>resolvectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
    </simplelist></para>
  </refsect1>

</refentry>