diff options
author | Martin Pitt <martin.pitt@ubuntu.com> | 2016-09-16 08:27:39 +0200 |
---|---|---|
committer | Martin Pitt <martin.pitt@ubuntu.com> | 2016-10-01 16:59:06 +0200 |
commit | d7247512a904f1dd74125859d8da66166c2a6933 (patch) | |
tree | 0f9243c37a5a4a8ab93ed587fea968ee1e7ca965 /man/nss-resolve.xml | |
parent | 4484e1792b64b01614f04b7bde97bf019f601bf9 (diff) |
nss-resolve: return NOTFOUND instead of UNAVAIL on resolution errors
It needs to be possible to tell apart "the nss-resolve module does not exist"
(which can happen when running foreign-architecture programs) from "the queried
DNS name failed DNSSEC validation" or other errors. So return NOTFOUND for these
cases too, and only keep UNAVAIL for the cases where we cannot handle the given
address family.
This makes it possible to configure a fallback to "dns" without breaking
DNSSEC, with "resolve [!UNAVAIL=return] dns". Add this to the manpage.
This does not change behaviour if resolved is not running, as that already
falls back to the "dns" glibc module.
Fixes #4157
Diffstat (limited to 'man/nss-resolve.xml')
-rw-r--r-- | man/nss-resolve.xml | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml index 33f1f28a8c..d66e8ba521 100644 --- a/man/nss-resolve.xml +++ b/man/nss-resolve.xml @@ -85,7 +85,7 @@ group: compat mymachines systemd shadow: compat -hosts: files mymachines <command>resolve</command> +hosts: files mymachines <command>resolve [!UNAVAIL=return]</command> dns networks: files protocols: db files @@ -95,6 +95,8 @@ rpc: db files netgroup: nis</programlisting> + <para>This keeps the <command>dns</command> module as a fallback for cases where the <command>nss-resolve</command> + module is not installed.</para> </refsect1> <refsect1> |