summaryrefslogtreecommitdiff
path: root/man/resolved.conf.xml
AgeCommit message (Collapse)Author
2016-06-24resolved: add option to disable caching (#3592)Martin Pitt
In some cases, caching DNS results locally is not desirable, a it makes DNS cache poisoning attacks a tad easier and also allows users on the system to determine whether or not a particular domain got visited by another user. Thus provide a new "Cache" resolved.conf option to disable it.
2016-01-30Merge pull request #2469 from keszybz/resolved-2Lennart Poettering
Resolved 2
2016-01-29man: reword sentenceZbigniew Jędrzejewski-Szmek
2016-01-29man: actually say which section resolv.conf's setting should be placed inLennart Poettering
2016-01-26resolved: allow configuration of routing domains in Domains=Lennart Poettering
2016-01-25man: fix references to a few external man pagesZbigniew Jędrzejewski-Szmek
Noticed in pull request #2067.
2016-01-19resolved: remove configuration knobs for mDNS until it's readyDaniel Mack
These bits were intenionally left out while mDNS is under development. Remove the exposed knobs and man page entries again until this is settled.
2016-01-05resolved: try to detect fritz.box-style private DNS zones, and downgrade to ↵Lennart Poettering
non-DNSSEC mode for them This adds logic to detect cases like the Fritz!Box routers which serve a private DNS domain "fritz.box" under the TLD "box" that does not exist in the root servers. If this is detected DNSSEC validation is turned off for this private domain, thus improving compatibility with such private DNS zones. This should be fairly secure as we first rely on the proof that .box does not exist before this logic is applied. Nevertheless the logic is only enabled for DNSSEC=allow-downgrade mode. This logic does not work for routers that set up a full DNS zone directly under a non-existing TLD, as in that case we cannot prove that the domain is truly non-existing according to the root servers.
2016-01-05resolved,networkd: add a per-interface DNSSEC settingLennart Poettering
This adds a DNSSEC= setting to .network files, and makes resolved honour them.
2016-01-05resolved: rename "downgrade-ok" mode to "allow-downgrade"Lennart Poettering
After discussing this with Tom, we figured out "allow-downgrade" sounds nicer.
2016-01-05resolved: make MulticastDNS support configurable in resolved.confLennart Poettering
The option is already there, but wasn't exported in the configuration file so far. Fix that.
2016-01-05man: fix a few typosLennart Poettering
2016-01-05man: add documentation for dnssec-trust-anchors.d(5)Lennart Poettering
2016-01-05man: add basic documentation for resolved.conf's DNSSEC= switchLennart Poettering
2015-11-25resolved: add a generic DnsSearchDomain conceptLennart Poettering
With this change, we add a new object to resolved, "DnsSearchDomain=" which wraps a search domain. This is then used to introduce a global search domain list, in addition to the existing per-link search domain list which is reword to make use of this new object too. This is preparation for implement proper unicast DNS search domain support.
2015-11-25man: fix documentation how /etc/resolv.conf is readLennart Poettering
/etc/resolv.conf is only read when the DNS= setting does not appear at all in resolved.conf, regardless if set to the empty list or anything else. Correct that in the man page.
2015-11-06doc: correct orthography, word forms and missing/extraneous wordsJan Engelhardt
2015-11-06doc: correct punctuation and improve typography in documentationJan Engelhardt
2015-06-18man: revert dynamic paths for split-usr setupsTom Gundersen
This did not really work out as we had hoped. Trying to do this upstream introduced several problems that probably makes it better suited as a downstream patch after all. At any rate, it is not releaseable in the current state, so we at least need to revert this before the release. * by adjusting the path to binaries, but not do the same thing to the search path we end up with inconsistent man-pages. Adjusting the search path too would be quite messy, and it is not at all obvious that this is worth the effort, but at any rate it would have to be done before we could ship this. * this means that distributed man-pages does not make sense as they depend on config options, and for better or worse we are still distributing man pages, so that is something that definitely needs sorting out before we could ship with this patch. * we have long held that split-usr is only minimally supported in order to boot, and something we hope will eventually go away. So before we start adding even more magic/effort in order to make this work nicely, we should probably question if it makes sense at all.
2015-05-28man: generate configured paths in manpagesFilipe Brandenburger
In particular, use /lib/systemd instead of /usr/lib/systemd in distributions like Debian which still have not adopted a /usr merge setup. Use XML entities from man/custom-entities.ent to replace configured paths while doing XSLT processing of the original XML files. There was precedent of some files (such as systemd.generator.xml) which were already using this approach. This addresses most of the (manual) fixes from this patch: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/patches/Fix-paths-in-man-pages.patch?h=experimental-220 The idea of using generic XML entities was presented here: http://lists.freedesktop.org/archives/systemd-devel/2015-May/032240.html This patch solves almost all the issues, with the exception of: - Path to /bin/mount and /bin/umount. - Generic statements about preference of /lib over /etc. These will be handled separately by follow up patches. Tested: - With default configure settings, ran "make install" to two separate directories and compared the output to confirm they matched exactly. - Used a set of configure flags including $CONFFLAGS from Debian: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/rules Installed the tree and confirmed the paths use /lib/systemd instead of /usr/lib/systemd and that no other unexpected differences exist. - Confirmed that `make distcheck` still passes.
2015-03-03Do not advertise .d snippets over main config fileZbigniew Jędrzejewski-Szmek
For daemons which have a main configuration file, there's little reason for the administrator to use configuration snippets. They are useful for packagers which need to override settings, but we shouldn't advertise that as the main way of configuring those services. https://bugs.freedesktop.org/show_bug.cgi?id=89397
2015-02-10man: boilerplate unificationZbigniew Jędrzejewski-Szmek
2015-02-03Reindent man pages to 2chZbigniew Jędrzejewski-Szmek
2014-11-29resolved: Support resolved.conf.d directories in the usual search pathsJosh Triplett
2014-08-11man: update resolved man pages a bitLennart Poettering
2014-08-04man: bring resolved.conf up-to-dateLennart Poettering
2014-05-19resolved: add daemon to manage resolv.confTom Gundersen
Also remove the equivalent functionality from networkd.