systemd-resolved.service, systemd-resolved — Network Name Resolution manager

Synopsis

systemd-resolved.service

/usr/lib/systemd/systemd-resolved

Description

systemd-resolved is a system service that provides network name resolution to local applications. It implements a caching and validating DNS/DNSSEC stub resolver, as well as an LLMNR and MulticastDNS resolver and responder. Local applications may submit network name resolution requests via three interfaces:

The DNS servers contacted are determined from the global settings in /etc/systemd/resolved.conf, the per-link static settings in /etc/systemd/network/*.network files (in case systemd-networkd.service(8) is used), the per-link dynamic settings received over DHCP, user request made via resolvectl(1), and any DNS server information made available by other system services. See resolved.conf(5) and systemd.network(5) for details about systemd's own configuration files for DNS servers. To improve compatibility, /etc/resolv.conf is read in order to discover configured system DNS servers, but only if it is not a symlink to /run/systemd/resolve/stub-resolv.conf, /usr/lib/systemd/resolv.conf or /run/systemd/resolve/resolv.conf (see below).

Synthetic Records

systemd-resolved synthesizes DNS resource records (RRs) for the following cases:

Protocols and Routing

Lookup requests are routed to the available DNS servers, LLMNR and MulticastDNS interfaces according to the following rules:

If lookups are routed to multiple interfaces, the first successful response is returned (thus effectively merging the lookup zones on all matching interfaces). If the lookup failed on all interfaces, the last failing response is returned.

Routing of lookups may be influenced by configuring per-interface domain names and other settings. See systemd.network(5) and resolvectl(1) for details. The following query routing logic applies for unicast DNS traffic:

The "DNS default route" option is a boolean setting configurable with resolvectl or in .network files. If not set, it is implicitly determined based on the configured DNS domains for a link: if there's any route-only domain (not matching "~.") it defaults to false, otherwise to true.

Effectively this means: in order to preferably route all DNS queries not explicitly matched by search/route-only domain configuration to a specific link, configure a "~." route-only domain on it. This will ensure that other links will not be considered for the queries (unless they too carry such a route-only domain). In order to route all such DNS queries to a specific link only in case no other link is preferable, then set the "DNS default route" option for the link to true, and do not configure a "~." route-only domain on it. Finally, in order to ensure that a specific link never receives any DNS traffic not matching any of its configured search/route-only domains, set the "DNS default route" option for it to false.

See the resolved D-Bus API Documentation[1] for information about the APIs systemd-resolved provides.

/etc/resolv.conf

Four modes of handling /etc/resolv.conf (see resolv.conf(5)) are supported:

Note that the selected mode of operation for this file is detected fully automatically, depending on whether /etc/resolv.conf is a symlink to /run/systemd/resolve/resolv.conf or lists 127.0.0.53 as DNS server.

Signals

SIGUSR1

Upon reception of the SIGUSR1 process signal systemd-resolved will dump the contents of all DNS resource record caches it maintains, as well as all feature level information it learnt about configured DNS servers into the system logs.

SIGUSR2

Upon reception of the SIGUSR2 process signal systemd-resolved will flush all caches it maintains. Note that it should normally not be necessary to request this explicitly – except for debugging purposes – as systemd-resolved flushes the caches automatically anyway any time the host's network configuration changes. Sending this signal to systemd-resolved is equivalent to the resolvectl flush-caches command, however the latter is recommended since it operates in a synchronous way.

SIGRTMIN+1

Upon reception of the SIGRTMIN+1 process signal systemd-resolved will forget everything it learnt about the configured DNS servers. Specifically any information about server feature support is flushed out, and the server feature probing logic is restarted on the next request, starting with the most fully featured level. Note that it should normally not be necessary to request this explicitly – except for debugging purposes – as systemd-resolved automatically forgets learnt information any time the DNS server configuration changes. Sending this signal to systemd-resolved is equivalent to the resolvectl reset-server-features command, however the latter is recommended since it operates in a synchronous way.

See Also

systemd(1), resolved.conf(5), dnssec-trust-anchors.d(5), nss-resolve(8), resolvectl(1), resolv.conf(5), hosts(5), systemd.network(5), systemd-networkd.service(8)

Notes

  1. API Documentation
    https://www.freedesktop.org/wiki/Software/systemd/resolved
  2. RFC3493
    https://tools.ietf.org/html/rfc3493
  3. RFC6762
    https://tools.ietf.org/html/rfc6762

Referenced By

dnssec-trust-anchors.d(5), nss-resolve(8), resolvectl(1), resolved.conf(5), slirp4netns(1), systemd.directives(7), systemd.dnssd(5), systemd.index(7), systemd.network(5), systemd-nspawn(1).

The man page systemd-resolved(8) is an alias of systemd-resolved.service(8).

systemd 244