diff options
Diffstat (limited to 'man')
-rw-r--r-- | man/machinectl.xml | 5 | ||||
-rw-r--r-- | man/nss-myhostname.xml | 13 | ||||
-rw-r--r-- | man/nss-mymachines.xml | 3 | ||||
-rw-r--r-- | man/nss-resolve.xml | 118 | ||||
-rw-r--r-- | man/systemd-resolved.service.xml | 57 |
5 files changed, 186 insertions, 10 deletions
diff --git a/man/machinectl.xml b/man/machinectl.xml index 6cf405ed29..e2be017427 100644 --- a/man/machinectl.xml +++ b/man/machinectl.xml @@ -429,8 +429,9 @@ the new session from the originating session, so that it shares no process or session properties, and is in a clean and well-defined state. It will be tracked in a new utmp, login, - audit and keyring session, and will not inherit an environment - variables or resource limits, among other properties.</para> + audit, security and keyring session, and will not inherit any + environment variables or resource limits, among other + properties.</para> <para>Note that the <citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry> diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml index 2d36df6f6f..b7b7e1b555 100644 --- a/man/nss-myhostname.xml +++ b/man/nss-myhostname.xml @@ -111,17 +111,17 @@ <para>Here's an example <filename>/etc/nsswitch.conf</filename> file, that enables <command>myhostname</command> correctly:</para> -<programlisting>passwd: compat -group: compat -shadow: compat +<programlisting>passwd: compat +group: compat +shadow: compat -hosts: files dns mymachines <command>myhostname</command> +hosts: files resolve mymachines <command>myhostname</command> networks: files protocols: db files services: db files -ethers: db files -rpc: db files +ethers: db files +rpc: db files netgroup: nis</programlisting> @@ -143,6 +143,7 @@ netgroup: nis</programlisting> <title>See Also</title> <para> <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry> diff --git a/man/nss-mymachines.xml b/man/nss-mymachines.xml index 41ec458e4b..92c72846c1 100644 --- a/man/nss-mymachines.xml +++ b/man/nss-mymachines.xml @@ -91,7 +91,7 @@ group: compat <command>mymachines</command> shadow: compat -hosts: files dns <command>mymachines</command> myhostname +hosts: files resolve <command>mymachines</command> myhostname networks: files protocols: db files @@ -108,6 +108,7 @@ netgroup: nis</programlisting> <para> <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, <citerefentry project='man-pages'><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry> diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml new file mode 100644 index 0000000000..dd402b359c --- /dev/null +++ b/man/nss-resolve.xml @@ -0,0 +1,118 @@ +<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*--> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> + +<!-- + This file is part of systemd. + + Copyright 2011 Lennart Poettering + Copyright 2013 Tom Gundersen + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +--> + +<refentry id="nss-resolve" conditional='ENABLE_RESOLVED'> + + <refentryinfo> + <title>nss-resolve</title> + <productname>systemd</productname> + + <authorgroup> + <author> + <contrib>Developer</contrib> + <firstname>Lennart</firstname> + <surname>Poettering</surname> + <email>lennart@poettering.net</email> + </author> + </authorgroup> + </refentryinfo> + + <refmeta> + <refentrytitle>nss-resolve</refentrytitle> + <manvolnum>8</manvolnum> + </refmeta> + + <refnamediv> + <refname>nss-resolve</refname> + <refname>libnss_resolve.so.2</refname> + <refpurpose>Provide hostname resolution via <filename>systemd-resolved.service</filename></refpurpose> + </refnamediv> + + <refsynopsisdiv> + <para><filename>libnss_resolve.so.2</filename></para> + </refsynopsisdiv> + + <refsect1> + <title>Description</title> + + <para><command>nss-resolve</command> is a plugin module for the + GNU Name Service Switch (NSS) functionality of the GNU C Library + (<command>glibc</command>) enabling it to resolve host names via + the + <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry> + local network name resolution service.</para> + + <para>To activate the NSS module, <literal>resolve</literal> + has to be added to the line starting with + <literal>hosts:</literal> in + <filename>/etc/nsswitch.conf</filename>.</para> + + <para>It is recommended to place <literal>resolve</literal> early + in the <filename>nsswitch.conf</filename> line (but after the + <literal>files</literal> entry), replacing the + <literal>dns</literal> entry if it exists, to ensure DNS queries + are always routed via + <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> + </refsect1> + + <refsect1> + <title>Example</title> + + <para>Here's an example <filename>/etc/nsswitch.conf</filename> + file, that enables <command>resolve</command> correctly:</para> + +<programlisting>passwd: compat +group: compat +shadow: compat + +hosts: files <command>resolve</command> mymachines myhostname +networks: files + +protocols: db files +services: db files +ethers: db files +rpc: db files + +netgroup: nis</programlisting> + + <para>Note that <command>nss-resolve</command> will chain-load + <command>nss-dns</command> if + <filename>systemd-resolved.service</filename> is not running, + ensuring that basic DNS resolution continues to work if the + service is down.</para> + + </refsect1> + + <refsect1> + <title>See Also</title> + <para> + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> + </para> + </refsect1> + +</refentry> diff --git a/man/systemd-resolved.service.xml b/man/systemd-resolved.service.xml index 89ec5f8b19..27662456ea 100644 --- a/man/systemd-resolved.service.xml +++ b/man/systemd-resolved.service.xml @@ -1,4 +1,4 @@ -<?xml version='1.0'?> <!--*-nxml-*--> +<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*--> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> @@ -71,6 +71,61 @@ <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more details.</para> + <para><command>systemd-resolved</command> synthesizes DNS RRs for the following cases:</para> + + <itemizedlist> + <listitem><para>The local, configured hostname is resolved to + all locally configured IP addresses ordered by their scope, or + — if none are configured — the IPv4 address 127.0.0.2 (which + is on the local loopback) and the IPv6 address ::1 (which is the + local host).</para></listitem> + + <listitem><para>The hostname <literal>localhost</literal> is + resolved to the IP addresses 127.0.0.1 and + ::1.</para></listitem> + + <listitem><para>The hostname <literal>gateway</literal> is + resolved to all current default routing gateway addresses, + ordered by their metric. This assigns a stable hostname to the + current gateway, useful for referencing it independently of the + current network configuration state.</para></listitem> + </itemizedlist> + + <para>Lookup requests are routed to the available DNS servers + and LLMNR interfaces according to the following rules:</para> + + <itemizedlist> + <listitem><para>Lookups for the special hostname + <literal>localhost</literal> are never routed to the + network.</para></listitem> + + <listitem><para>Single-label names are routed to all local + interfaces capable of IP multicasting, using the LLMNR + protocol. Lookups for IPv4 addresses are only sent via LLMNR on + IPv4, and lookups for IPv6 addresses are only sent via LLMNR on + IPv6. Lookups for the locally configured host name and the + <literal>gateway</literal> host name are never routed to + LLMNR.</para></listitem> + + <listitem><para>Multi-label names are routed to all local + interfaces that have a DNS sever configured, plus the globally + configured DNS server if there is one. Address lookups from the + link-local addres range are never routed to + DNS.</para></listitem> + </itemizedlist> + + <para>If lookups are routed to multiple interfaces, the first + successful response is returned (thus effectively merging the + lookup zones on all matching interfaces). If the lookup failed on + all interfaces the last failing response is returned.</para> + + <para>Routing of lookups may be influenced by configuring + per-interface domain names, see + <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> + for details. Lookups for a hostname ending in one of the + per-interface domains are exclusively routed to the matching + interfaces.</para> + <para>Note that <filename>/run/systemd/resolve/resolv.conf</filename> should not be used directly, but only through a symlink from |