You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe
The feature set of systemd-resolved in version 255 does not support specifying DNS servers for individual domains within the same network interface, nor does it allow for configuring DNS-over-TLS (DoT) on a per-server basis. Additionally, the resolvectl query command does not indicate which DNS server was used for a given query, only the network interface. This lack of granularity and transparency can impede the deployment of sophisticated DNS setups in complex network scenarios and when adhering to specific security protocols.
Describe the solution you'd like
I propose four enhancements to systemd-resolved to allow for more nuanced DNS configuration and to provide greater insight into DNS operations:
Per-Domain DNS Server Configuration: Enable the assignment of DNS servers to specific domains on a single network interface. This would facilitate targeted domain resolution through designated DNS servers.
Example configuration for /etc/systemd/resolved.conf or the relevant .network files:
In this example, queries for *.company.local would be directed to 192.168.1.1, and queries for *.private.network would use 10.0.0.1.
DNS-over-TLS Configuration on a Per-Server Basis: Facilitate the configuration of DNS-over-TLS for each DNS server independently, allowing the use of encrypted DNS queries with supporting servers while maintaining standard DNS for others.
Example configuration for /etc/systemd/resolved.conf or the relevant .network files:
Here, queries for *.secure.domain would be resolved using DoT with 1.0.0.1, while *.insecure.domain would be resolved using unencrypted DNS with 8.8.8.8.
Detailed Query Reporting for resolvectl query: Improve the resolvectl query command to include information about which DNS server resolved a query, in addition to the network interface.
Desired output example:
resolvectl query www.example.com
www.example.com: 123.123.123.123 -- link: br0
-- server: 192.168.1.1
(example.com)
-- Information acquired via protocol DNS in 871.0ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: yes
-- Data from: cache network
This output would confirm that the DNS server 192.168.1.1 resolved the query for www.example.com.
Exact Domain Forwarding: Allow for the direct forwarding of specific, exact, and complete domain names to designated DNS servers, rather than just domain suffixes. This feature would enable precise control over DNS resolution for particular fully qualified domain names (FQDNs).
Example configuration for /etc/systemd/resolved.conf or the relevant .network files:
daiaji
changed the title
Enhanced DNS Configuration Options for systemd-resolved: Per-Domain DNS and DNS-over-TLS on a Per-Server Basis.
Enhanced DNS Configuration Options for systemd-resolved: Per-Domain DNS, DNS-over-TLS on a Per-Server Basis, and Detailed Query Reporting.
May 12, 2024
Component
systemd-resolved
Is your feature request related to a problem? Please describe
The feature set of
systemd-resolved
in version 255 does not support specifying DNS servers for individual domains within the same network interface, nor does it allow for configuring DNS-over-TLS (DoT) on a per-server basis. Additionally, theresolvectl query
command does not indicate which DNS server was used for a given query, only the network interface. This lack of granularity and transparency can impede the deployment of sophisticated DNS setups in complex network scenarios and when adhering to specific security protocols.Describe the solution you'd like
I propose four enhancements to
systemd-resolved
to allow for more nuanced DNS configuration and to provide greater insight into DNS operations:Per-Domain DNS Server Configuration: Enable the assignment of DNS servers to specific domains on a single network interface. This would facilitate targeted domain resolution through designated DNS servers.
Example configuration for
/etc/systemd/resolved.conf
or the relevant.network
files:In this example, queries for
*.company.local
would be directed to192.168.1.1
, and queries for*.private.network
would use10.0.0.1
.DNS-over-TLS Configuration on a Per-Server Basis: Facilitate the configuration of DNS-over-TLS for each DNS server independently, allowing the use of encrypted DNS queries with supporting servers while maintaining standard DNS for others.
Example configuration for
/etc/systemd/resolved.conf
or the relevant.network
files:Here, queries for
*.secure.domain
would be resolved using DoT with1.0.0.1
, while*.insecure.domain
would be resolved using unencrypted DNS with8.8.8.8
.Detailed Query Reporting for
resolvectl query
: Improve theresolvectl query
command to include information about which DNS server resolved a query, in addition to the network interface.Desired output example:
This output would confirm that the DNS server
192.168.1.1
resolved the query forwww.example.com
.Exact Domain Forwarding: Allow for the direct forwarding of specific, exact, and complete domain names to designated DNS servers, rather than just domain suffixes. This feature would enable precise control over DNS resolution for particular fully qualified domain names (FQDNs).
Example configuration for
/etc/systemd/resolved.conf
or the relevant.network
files:In this example, only the exact queries for
www.company.local
would be directed to192.168.1.1
, andwww.private.network
would use10.0.0.1
.Describe alternatives you've considered
How about directly porting other more powerful DNS servers? For example, mosdns, dnsmasq.
The systemd version you checked that didn't have the feature you are asking for
255
The text was updated successfully, but these errors were encountered: