summaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
Diffstat (limited to 'man')
-rw-r--r--man/machinectl.xml5
-rw-r--r--man/nss-myhostname.xml13
-rw-r--r--man/nss-mymachines.xml3
-rw-r--r--man/nss-resolve.xml118
-rw-r--r--man/systemd-resolved.service.xml57
5 files changed, 186 insertions, 10 deletions
diff --git a/man/machinectl.xml b/man/machinectl.xml
index 6cf405ed29..e2be017427 100644
--- a/man/machinectl.xml
+++ b/man/machinectl.xml
@@ -429,8 +429,9 @@
the new session from the originating session, so that it
shares no process or session properties, and is in a clean and
well-defined state. It will be tracked in a new utmp, login,
- audit and keyring session, and will not inherit an environment
- variables or resource limits, among other properties.</para>
+ audit, security and keyring session, and will not inherit any
+ environment variables or resource limits, among other
+ properties.</para>
<para>Note that the
<citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>
diff --git a/man/nss-myhostname.xml b/man/nss-myhostname.xml
index 2d36df6f6f..b7b7e1b555 100644
--- a/man/nss-myhostname.xml
+++ b/man/nss-myhostname.xml
@@ -111,17 +111,17 @@
<para>Here's an example <filename>/etc/nsswitch.conf</filename>
file, that enables <command>myhostname</command> correctly:</para>
-<programlisting>passwd: compat
-group: compat
-shadow: compat
+<programlisting>passwd: compat
+group: compat
+shadow: compat
-hosts: files dns mymachines <command>myhostname</command>
+hosts: files resolve mymachines <command>myhostname</command>
networks: files
protocols: db files
services: db files
-ethers: db files
-rpc: db files
+ethers: db files
+rpc: db files
netgroup: nis</programlisting>
@@ -143,6 +143,7 @@ netgroup: nis</programlisting>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>
diff --git a/man/nss-mymachines.xml b/man/nss-mymachines.xml
index 41ec458e4b..92c72846c1 100644
--- a/man/nss-mymachines.xml
+++ b/man/nss-mymachines.xml
@@ -91,7 +91,7 @@
group: compat <command>mymachines</command>
shadow: compat
-hosts: files dns <command>mymachines</command> myhostname
+hosts: files resolve <command>mymachines</command> myhostname
networks: files
protocols: db files
@@ -108,6 +108,7 @@ netgroup: nis</programlisting>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>getent</refentrytitle><manvolnum>1</manvolnum></citerefentry>
diff --git a/man/nss-resolve.xml b/man/nss-resolve.xml
new file mode 100644
index 0000000000..dd402b359c
--- /dev/null
+++ b/man/nss-resolve.xml
@@ -0,0 +1,118 @@
+<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<!--
+ This file is part of systemd.
+
+ Copyright 2011 Lennart Poettering
+ Copyright 2013 Tom Gundersen
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+-->
+
+<refentry id="nss-resolve" conditional='ENABLE_RESOLVED'>
+
+ <refentryinfo>
+ <title>nss-resolve</title>
+ <productname>systemd</productname>
+
+ <authorgroup>
+ <author>
+ <contrib>Developer</contrib>
+ <firstname>Lennart</firstname>
+ <surname>Poettering</surname>
+ <email>lennart@poettering.net</email>
+ </author>
+ </authorgroup>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>nss-resolve</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>nss-resolve</refname>
+ <refname>libnss_resolve.so.2</refname>
+ <refpurpose>Provide hostname resolution via <filename>systemd-resolved.service</filename></refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <para><filename>libnss_resolve.so.2</filename></para>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para><command>nss-resolve</command> is a plugin module for the
+ GNU Name Service Switch (NSS) functionality of the GNU C Library
+ (<command>glibc</command>) enabling it to resolve host names via
+ the
+ <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ local network name resolution service.</para>
+
+ <para>To activate the NSS module, <literal>resolve</literal>
+ has to be added to the line starting with
+ <literal>hosts:</literal> in
+ <filename>/etc/nsswitch.conf</filename>.</para>
+
+ <para>It is recommended to place <literal>resolve</literal> early
+ in the <filename>nsswitch.conf</filename> line (but after the
+ <literal>files</literal> entry), replacing the
+ <literal>dns</literal> entry if it exists, to ensure DNS queries
+ are always routed via
+ <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Example</title>
+
+ <para>Here's an example <filename>/etc/nsswitch.conf</filename>
+ file, that enables <command>resolve</command> correctly:</para>
+
+<programlisting>passwd: compat
+group: compat
+shadow: compat
+
+hosts: files <command>resolve</command> mymachines myhostname
+networks: files
+
+protocols: db files
+services: db files
+ethers: db files
+rpc: db files
+
+netgroup: nis</programlisting>
+
+ <para>Note that <command>nss-resolve</command> will chain-load
+ <command>nss-dns</command> if
+ <filename>systemd-resolved.service</filename> is not running,
+ ensuring that basic DNS resolution continues to work if the
+ service is down.</para>
+
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-resolved</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ </para>
+ </refsect1>
+
+</refentry>
diff --git a/man/systemd-resolved.service.xml b/man/systemd-resolved.service.xml
index 89ec5f8b19..27662456ea 100644
--- a/man/systemd-resolved.service.xml
+++ b/man/systemd-resolved.service.xml
@@ -1,4 +1,4 @@
-<?xml version='1.0'?> <!--*-nxml-*-->
+<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
@@ -71,6 +71,61 @@
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for more details.</para>
+ <para><command>systemd-resolved</command> synthesizes DNS RRs for the following cases:</para>
+
+ <itemizedlist>
+ <listitem><para>The local, configured hostname is resolved to
+ all locally configured IP addresses ordered by their scope, or
+ — if none are configured — the IPv4 address 127.0.0.2 (which
+ is on the local loopback) and the IPv6 address ::1 (which is the
+ local host).</para></listitem>
+
+ <listitem><para>The hostname <literal>localhost</literal> is
+ resolved to the IP addresses 127.0.0.1 and
+ ::1.</para></listitem>
+
+ <listitem><para>The hostname <literal>gateway</literal> is
+ resolved to all current default routing gateway addresses,
+ ordered by their metric. This assigns a stable hostname to the
+ current gateway, useful for referencing it independently of the
+ current network configuration state.</para></listitem>
+ </itemizedlist>
+
+ <para>Lookup requests are routed to the available DNS servers
+ and LLMNR interfaces according to the following rules:</para>
+
+ <itemizedlist>
+ <listitem><para>Lookups for the special hostname
+ <literal>localhost</literal> are never routed to the
+ network.</para></listitem>
+
+ <listitem><para>Single-label names are routed to all local
+ interfaces capable of IP multicasting, using the LLMNR
+ protocol. Lookups for IPv4 addresses are only sent via LLMNR on
+ IPv4, and lookups for IPv6 addresses are only sent via LLMNR on
+ IPv6. Lookups for the locally configured host name and the
+ <literal>gateway</literal> host name are never routed to
+ LLMNR.</para></listitem>
+
+ <listitem><para>Multi-label names are routed to all local
+ interfaces that have a DNS sever configured, plus the globally
+ configured DNS server if there is one. Address lookups from the
+ link-local addres range are never routed to
+ DNS.</para></listitem>
+ </itemizedlist>
+
+ <para>If lookups are routed to multiple interfaces, the first
+ successful response is returned (thus effectively merging the
+ lookup zones on all matching interfaces). If the lookup failed on
+ all interfaces the last failing response is returned.</para>
+
+ <para>Routing of lookups may be influenced by configuring
+ per-interface domain names, see
+ <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details. Lookups for a hostname ending in one of the
+ per-interface domains are exclusively routed to the matching
+ interfaces.</para>
+
<para>Note that
<filename>/run/systemd/resolve/resolv.conf</filename> should not
be used directly, but only through a symlink from