summaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
Diffstat (limited to 'man')
-rw-r--r--man/logind.conf.xml14
-rw-r--r--man/resolved.conf.xml58
-rw-r--r--man/systemd.network.xml47
3 files changed, 68 insertions, 51 deletions
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
index 48130aa003..597759e33a 100644
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@@ -294,15 +294,11 @@
<varlistentry>
<term><varname>RemoveIPC=</varname></term>
- <listitem><para>Controls whether System V and POSIX IPC
- objects belonging to the user shall be removed when the user
- fully logs out. Takes a boolean argument. If enabled, the user
- may not consume IPC resources after the last of the user's
- sessions terminated. This covers System V semaphores, shared
- memory and message queues, as well as POSIX shared memory and
- message queues. Note that IPC objects of the root user are
- excluded from the effect of this setting. Defaults to
- <literal>yes</literal>.</para></listitem>
+ <listitem><para>Controls whether System V and POSIX IPC objects belonging to the user shall be removed when the
+ user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
+ last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
+ well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
+ are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para></listitem>
</varlistentry>
</variablelist>
diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml
index 09a192c933..3aa9c3acb1 100644
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -72,40 +72,40 @@
<varlistentry>
<term><varname>DNS=</varname></term>
- <listitem><para>A space-separated list of IPv4 and IPv6
- addresses to be used as system DNS servers. DNS requests are
- sent to one of the listed DNS servers in parallel to any
- per-interface DNS servers acquired from
- <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
- For compatibility reasons, if this setting is not specified,
- the DNS servers listed in
- <filename>/etc/resolv.conf</filename> are used instead, if
- that file exists and any servers are configured in it. This
- setting defaults to the empty list.</para></listitem>
+ <listitem><para>A space-separated list of IPv4 and IPv6 addresses to use as system DNS servers. DNS requests
+ are sent to one of the listed DNS servers in parallel to suitable per-link DNS servers acquired from
+ <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> or
+ set at runtime by external applications. For compatibility reasons, if this setting is not specified, the DNS
+ servers listed in <filename>/etc/resolv.conf</filename> are used instead, if that file exists and any servers
+ are configured in it. This setting defaults to the empty list.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>FallbackDNS=</varname></term>
- <listitem><para>A space-separated list of IPv4 and IPv6
- addresses to be used as the fallback DNS servers. Any
- per-interface DNS servers obtained from
+ <listitem><para>A space-separated list of IPv4 and IPv6 addresses to use as the fallback DNS servers. Any
+ per-link DNS servers obtained from
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- take precedence over this setting, as do any servers set via
- <varname>DNS=</varname> above or
- <filename>/etc/resolv.conf</filename>. This setting is hence
- only used if no other DNS server information is known. If this
- option is not given, a compiled-in list of DNS servers is used
- instead.</para></listitem>
+ take precedence over this setting, as do any servers set via <varname>DNS=</varname> above or
+ <filename>/etc/resolv.conf</filename>. This setting is hence only used if no other DNS server information is
+ known. If this option is not given, a compiled-in list of DNS servers is used instead.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>Domains=</varname></term>
- <listitem><para>A space-separated list of search domains. For
- compatibility reasons, if this setting is not specified, the
- search domains listed in <filename>/etc/resolv.conf</filename>
- are used instead, if that file exists and any domains are
- configured in it. This setting defaults to the empty
- list.</para></listitem>
+ <listitem><para>A space-separated list of domains. These domains are used as search suffixes when resolving
+ single-label host names (domain names which contain no dot), in order to qualify them into fully-qualified
+ domain names (FQDNs). Search domains are strictly processed in the order they are specified, until the name
+ with the suffix appended is found. For compatibility reasons, if this setting is not specified, the search
+ domains listed in <filename>/etc/resolv.conf</filename> are used instead, if that file exists and any domains
+ are configured in it. This setting defaults to the empty list.</para>
+
+ <para>Specified domain names may optionally be prefixed with <literal>~</literal>. In this case they do not
+ define a search path, but preferably direct DNS queries for the indicated domains to the DNS servers configured
+ with the system <varname>DNS=</varname> setting (see above), in case additional, suitable per-link DNS servers
+ are known. If no per-link DNS servers are known using the <literal>~</literal> syntax has no effect. Use the
+ construct <literal>~.</literal> (which is composed of <literal>~</literal> to indicate a routing domain and
+ <literal>.</literal> to indicate the DNS root domain that is the implied suffix of all DNS domains) to use the
+ system DNS server defined with <varname>DNS=</varname> preferably for all domains.</para></listitem>
</varlistentry>
<varlistentry>
@@ -119,8 +119,8 @@
<literal>resolve</literal>, only resolution support is enabled,
but responding is disabled. Note that
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- also maintains per-interface LLMNR settings. LLMNR will be
- enabled on an interface only if the per-interface and the
+ also maintains per-link LLMNR settings. LLMNR will be
+ enabled on a link only if the per-link and the
global setting is on.</para></listitem>
</varlistentry>
@@ -181,9 +181,9 @@
<para>In addition to this global DNSSEC setting
<citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- also maintains per-interface DNSSEC settings. For system DNS
+ also maintains per-link DNSSEC settings. For system DNS
servers (see above), only the global DNSSEC setting is in
- effect. For per-interface DNS servers the per-interface
+ effect. For per-link DNS servers the per-link
setting is in effect, unless it is unset in which case the
global setting is used instead.</para>
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 5a6383cfc2..f88751b672 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -396,21 +396,37 @@
described in
<citerefentry project='man-pages'><refentrytitle>inet_pton</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
This option may be specified more than once. This setting is read by
- <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></para>
+ <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Domains=</varname></term>
<listitem>
- <para>The domains used for DNS resolution over this link. This setting is read by
- <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></para>
+ <para>The domains used for DNS host name resolution on this link. Takes a list of DNS domain names which
+ are used as search suffixes for extending single-label host names (host names containing no dots) to become
+ fully qualified domain names (FQDNs). If a single-label host name is resolved on this interface, each of
+ the specified search domains are appended to it in turn, converting it into a fully qualified domain name,
+ until one of them may be successfully resolved.</para>
+
+ <para>The specified domains are also used for routing of DNS queries: look-ups for host names ending in the
+ domains specified here are preferably routed to the DNS servers configured for this interface. If a domain
+ name is prefixed with <literal>~</literal>, the domain name becomes a pure "routing" domain, is used for
+ DNS query routing purposes only and is not used in the described domain search logic. By specifying a
+ routing domain of <literal>~.</literal> (the tilda indicating definition of a routing domain, the dot
+ referring to the DNS root domain which is the implied suffix of all valid DNS names) it is possible to
+ route all DNS traffic preferably to the DNS server specified for this interface. The route domain logic is
+ particularly useful on multi-homed hosts with DNS servers serving particular private DNS zones on each
+ interface.</para>
+
+ <para>This setting is read by
+ <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>NTP=</varname></term>
<listitem>
<para>An NTP server address. This option may be specified more than once. This setting is read by
- <citerefentry><refentrytitle>systemd-timesyncd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></para>
+ <citerefentry><refentrytitle>systemd-timesyncd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
</listitem>
</varlistentry>
<varlistentry>
@@ -701,15 +717,20 @@
<varlistentry>
<term><varname>UseDomains=</varname></term>
<listitem>
- <para>When true (not the default), the domain name
- received from the DHCP server will be used for DNS
- resolution over this link. When a name cannot be resolved
- as specified, the domain name will be used a suffix and
- name resolution of that will be attempted.</para>
-
- <para>This corresponds to the <option>domain</option>
- option in <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- and should not be enabled on untrusted networks.</para>
+ <para>Takes a boolean argument, or a the special value <literal>route</literal>. When true, the domain name
+ received from the DHCP server will be used as DNS search domain over this link, similar to the effect of
+ the <option>Domains=</option> setting. If set to <literal>route</literal>, the domain name received from
+ the DHCP server will be used for routing DNS queries only, but not for searching, similar to the effect of
+ the <option>Domains=</option> setting when the argument is prefixed with <literal>~</literal>. Defaults to
+ false.</para>
+
+ <para>It is recommended to enable this option only on trusted networks, as setting this affects resolution
+ of all host names, in particular to single-label names. It is generally safer to use the supplied domain
+ only as routing domain, rather than as search domain, in order to not have it affect local resolution of
+ single-label names.</para>
+
+ <para>When set to true, this setting corresponds to the <option>domain</option> option in <citerefentry
+ project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
</listitem>
</varlistentry>
<varlistentry>
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-09-20 02:59:11 +0000