summaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
authorMartin Pitt <martin.pitt@ubuntu.com>2016-09-30 09:30:08 +0200
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2016-09-30 09:30:08 +0200
commitb9fe94cad99968a58e169592d999306fd059eb14 (patch)
treed791e9c45716a8842338f0ec4ac3562b79dfc751 /man
parenta86b76753d7868c2d05f046f601bc7dc89fc2203 (diff)
resolved: don't query domain-limited DNS servers for other domains (#3621)
DNS servers which have route-only domains should only be used for the specified domains. Routing queries about other domains there is a privacy violation, prone to fail (as that DNS server was not meant to be used for other domains), and puts unnecessary load onto that server. Introduce a new helper function dns_server_limited_domains() that checks if the DNS server should only be used for some selected domains, i. e. has some route-only domains without "~.". Use that when determining whether to query it in the scope, and when writing resolv.conf. Extend the test_route_only_dns() case to ensure that the DNS server limited to ~company does not appear in resolv.conf. Add test_route_only_dns_all_domains() to ensure that a server that also has ~. does appear in resolv.conf as global name server. These reproduce #3420. Add a new test_resolved_domain_restricted_dns() test case that verifies that domain-limited DNS servers are only being used for those domains. This reproduces #3421. Clarify what a "routing domain" is in the manpage. Fixes #3420 Fixes #3421
Diffstat (limited to 'man')
-rw-r--r--man/systemd.network.xml4
1 files changed, 2 insertions, 2 deletions
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 9c1b10fc5c..08dd157e31 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -475,8 +475,8 @@
<para>The specified domains are also used for routing of DNS queries: look-ups for host names ending in the
domains specified here are preferably routed to the DNS servers configured for this interface. If a domain
- name is prefixed with <literal>~</literal>, the domain name becomes a pure "routing" domain, is used for
- DNS query routing purposes only and is not used in the described domain search logic. By specifying a
+ name is prefixed with <literal>~</literal>, the domain name becomes a pure "routing" domain, the DNS server
+ is used for the given domain names only and is not used in the described domain search logic. By specifying a
routing domain of <literal>~.</literal> (the tilde indicating definition of a routing domain, the dot
referring to the DNS root domain which is the implied suffix of all valid DNS names) it is possible to
route all DNS traffic preferably to the DNS server specified for this interface. The route domain logic is