1<?xml version="1.0"?> 2<!--*-nxml-*--> 3<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" 4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ 5<!ENTITY % entities SYSTEM "custom-entities.ent" > 6%entities; 7]> 8<!-- SPDX-License-Identifier: LGPL-2.1-or-later --> 9 10<refentry id="org.freedesktop.resolve1" conditional='ENABLE_RESOLVE' 11 xmlns:xi="http://www.w3.org/2001/XInclude"> 12 <refentryinfo> 13 <title>org.freedesktop.resolve1</title> 14 <productname>systemd</productname> 15 </refentryinfo> 16 17 <refmeta> 18 <refentrytitle>org.freedesktop.resolve1</refentrytitle> 19 <manvolnum>5</manvolnum> 20 </refmeta> 21 22 <refnamediv> 23 <refname>org.freedesktop.resolve1</refname> 24 <refpurpose>The D-Bus interface of systemd-resolved</refpurpose> 25 </refnamediv> 26 27 <refsect1> 28 <title>Introduction</title> 29 30 <para> 31 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> 32 is a system service that provides hostname resolution and caching using DNS, LLMNR, and mDNS. It also 33 does DNSSEC validation. This page describes the resolve semantics and the D-Bus interface.</para> 34 35 <para>This page contains an API reference only. If you are looking for a longer explanation how to use 36 this API, please consult 37 <ulink url="https://wiki.freedesktop.org/www/Software/systemd/writing-network-configuration-managers"> 38 Writing Network Configuration Managers</ulink> and 39 <ulink url="https://wiki.freedesktop.org/www/Software/systemd/writing-resolver-clients">Writing Resolver 40 Clients</ulink>. 41 </para> 42 </refsect1> 43 44 <refsect1> 45 <title>The Manager Object</title> 46 47 <para>The service exposes the following interfaces on the Manager object on the bus:</para> 48 49 <programlisting executable="systemd-resolved" node="/org/freedesktop/resolve1" interface="org.freedesktop.resolve1.Manager"> 50node /org/freedesktop/resolve1 { 51 interface org.freedesktop.resolve1.Manager { 52 methods: 53 ResolveHostname(in i ifindex, 54 in s name, 55 in i family, 56 in t flags, 57 out a(iiay) addresses, 58 out s canonical, 59 out t flags); 60 ResolveAddress(in i ifindex, 61 in i family, 62 in ay address, 63 in t flags, 64 out a(is) names, 65 out t flags); 66 ResolveRecord(in i ifindex, 67 in s name, 68 in q class, 69 in q type, 70 in t flags, 71 out a(iqqay) records, 72 out t flags); 73 ResolveService(in i ifindex, 74 in s name, 75 in s type, 76 in s domain, 77 in i family, 78 in t flags, 79 out a(qqqsa(iiay)s) srv_data, 80 out aay txt_data, 81 out s canonical_name, 82 out s canonical_type, 83 out s canonical_domain, 84 out t flags); 85 GetLink(in i ifindex, 86 out o path); 87 SetLinkDNS(in i ifindex, 88 in a(iay) addresses); 89 SetLinkDNSEx(in i ifindex, 90 in a(iayqs) addresses); 91 SetLinkDomains(in i ifindex, 92 in a(sb) domains); 93 SetLinkDefaultRoute(in i ifindex, 94 in b enable); 95 SetLinkLLMNR(in i ifindex, 96 in s mode); 97 SetLinkMulticastDNS(in i ifindex, 98 in s mode); 99 SetLinkDNSOverTLS(in i ifindex, 100 in s mode); 101 SetLinkDNSSEC(in i ifindex, 102 in s mode); 103 SetLinkDNSSECNegativeTrustAnchors(in i ifindex, 104 in as names); 105 RevertLink(in i ifindex); 106 RegisterService(in s name, 107 in s name_template, 108 in s type, 109 in q service_port, 110 in q service_priority, 111 in q service_weight, 112 in aa{say} txt_datas, 113 out o service_path); 114 UnregisterService(in o service_path); 115 ResetStatistics(); 116 FlushCaches(); 117 ResetServerFeatures(); 118 properties: 119 readonly s LLMNRHostname = '...'; 120 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 121 readonly s LLMNR = '...'; 122 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 123 readonly s MulticastDNS = '...'; 124 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 125 readonly s DNSOverTLS = '...'; 126 readonly a(iiay) DNS = [...]; 127 readonly a(iiayqs) DNSEx = [...]; 128 @org.freedesktop.DBus.Property.EmitsChangedSignal("const") 129 readonly a(iiay) FallbackDNS = [...]; 130 @org.freedesktop.DBus.Property.EmitsChangedSignal("const") 131 readonly a(iiayqs) FallbackDNSEx = [...]; 132 readonly (iiay) CurrentDNSServer = ...; 133 readonly (iiayqs) CurrentDNSServerEx = ...; 134 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 135 readonly a(isb) Domains = [...]; 136 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 137 readonly (tt) TransactionStatistics = ...; 138 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 139 readonly (ttt) CacheStatistics = ...; 140 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 141 readonly s DNSSEC = '...'; 142 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 143 readonly (tttt) DNSSECStatistics = ...; 144 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 145 readonly b DNSSECSupported = ...; 146 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 147 readonly as DNSSECNegativeTrustAnchors = ['...', ...]; 148 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 149 readonly s DNSStubListener = '...'; 150 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 151 readonly s ResolvConfMode = '...'; 152 }; 153 interface org.freedesktop.DBus.Peer { ... }; 154 interface org.freedesktop.DBus.Introspectable { ... }; 155 interface org.freedesktop.DBus.Properties { ... }; 156}; 157 </programlisting> 158 159 <!--method RegisterService is not documented!--> 160 161 <!--method UnregisterService is not documented!--> 162 163 <!--method FlushCaches is not documented!--> 164 165 <!--method ResetServerFeatures is not documented!--> 166 167 <!--property DNSSECNegativeTrustAnchors is not documented!--> 168 169 <!--Autogenerated cross-references for systemd.directives, do not edit--> 170 171 <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.resolve1.Manager"/> 172 173 <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.resolve1.Manager"/> 174 175 <variablelist class="dbus-method" generated="True" extra-ref="ResolveHostname()"/> 176 177 <variablelist class="dbus-method" generated="True" extra-ref="ResolveAddress()"/> 178 179 <variablelist class="dbus-method" generated="True" extra-ref="ResolveRecord()"/> 180 181 <variablelist class="dbus-method" generated="True" extra-ref="ResolveService()"/> 182 183 <variablelist class="dbus-method" generated="True" extra-ref="GetLink()"/> 184 185 <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDNS()"/> 186 187 <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDNSEx()"/> 188 189 <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDomains()"/> 190 191 <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDefaultRoute()"/> 192 193 <variablelist class="dbus-method" generated="True" extra-ref="SetLinkLLMNR()"/> 194 195 <variablelist class="dbus-method" generated="True" extra-ref="SetLinkMulticastDNS()"/> 196 197 <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDNSOverTLS()"/> 198 199 <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDNSSEC()"/> 200 201 <variablelist class="dbus-method" generated="True" extra-ref="SetLinkDNSSECNegativeTrustAnchors()"/> 202 203 <variablelist class="dbus-method" generated="True" extra-ref="RevertLink()"/> 204 205 <variablelist class="dbus-method" generated="True" extra-ref="RegisterService()"/> 206 207 <variablelist class="dbus-method" generated="True" extra-ref="UnregisterService()"/> 208 209 <variablelist class="dbus-method" generated="True" extra-ref="ResetStatistics()"/> 210 211 <variablelist class="dbus-method" generated="True" extra-ref="FlushCaches()"/> 212 213 <variablelist class="dbus-method" generated="True" extra-ref="ResetServerFeatures()"/> 214 215 <variablelist class="dbus-property" generated="True" extra-ref="LLMNRHostname"/> 216 217 <variablelist class="dbus-property" generated="True" extra-ref="LLMNR"/> 218 219 <variablelist class="dbus-property" generated="True" extra-ref="MulticastDNS"/> 220 221 <variablelist class="dbus-property" generated="True" extra-ref="DNSOverTLS"/> 222 223 <variablelist class="dbus-property" generated="True" extra-ref="DNS"/> 224 225 <variablelist class="dbus-property" generated="True" extra-ref="DNSEx"/> 226 227 <variablelist class="dbus-property" generated="True" extra-ref="FallbackDNS"/> 228 229 <variablelist class="dbus-property" generated="True" extra-ref="FallbackDNSEx"/> 230 231 <variablelist class="dbus-property" generated="True" extra-ref="CurrentDNSServer"/> 232 233 <variablelist class="dbus-property" generated="True" extra-ref="CurrentDNSServerEx"/> 234 235 <variablelist class="dbus-property" generated="True" extra-ref="Domains"/> 236 237 <variablelist class="dbus-property" generated="True" extra-ref="TransactionStatistics"/> 238 239 <variablelist class="dbus-property" generated="True" extra-ref="CacheStatistics"/> 240 241 <variablelist class="dbus-property" generated="True" extra-ref="DNSSEC"/> 242 243 <variablelist class="dbus-property" generated="True" extra-ref="DNSSECStatistics"/> 244 245 <variablelist class="dbus-property" generated="True" extra-ref="DNSSECSupported"/> 246 247 <variablelist class="dbus-property" generated="True" extra-ref="DNSSECNegativeTrustAnchors"/> 248 249 <variablelist class="dbus-property" generated="True" extra-ref="DNSStubListener"/> 250 251 <variablelist class="dbus-property" generated="True" extra-ref="ResolvConfMode"/> 252 253 <!--End of Autogenerated section--> 254 255 <refsect2> 256 <title>Methods</title> 257 258 <para><function>ResolveHostname()</function> takes a hostname and resolves it to one or more IP 259 addresses. As parameters it takes the Linux network interface index to execute the query on, or 0 if 260 it may be done on any suitable interface. The <varname>name</varname> parameter specifies the hostname 261 to resolve. Note that if required, IDNA conversion is applied to this name unless it is resolved via 262 LLMNR or MulticastDNS. The <varname>family</varname> parameter limits the results to a specific address 263 family. It may be <constant>AF_INET</constant>, <constant>AF_INET6</constant> or 264 <constant>AF_UNSPEC</constant>. If <constant>AF_UNSPEC</constant> is specified (recommended), both 265 kinds are retrieved, subject to local network configuration (i.e. if no local, routable IPv6 address is 266 found, no IPv6 address is retrieved; and similarly for IPv4). A 64-bit <varname>flags</varname> field 267 may be used to alter the behaviour of the resolver operation (see below). The method returns an array 268 of address records. Each address record consists of the interface index the address belongs to, an 269 address family as well as a byte array with the actual IP address data (which either has 4 or 16 270 elements, depending on the address family). The returned address family will be one of 271 <constant>AF_INET</constant> or <constant>AF_INET6</constant>. For IPv6, the returned address interface 272 index should be used to initialize the .sin6_scope_id field of a 273 <structname>struct sockaddr_in6</structname> instance to permit support for resolution to link-local IP 274 addresses. The address array is followed by the canonical name of the host, which may or may not be 275 identical to the resolved hostname. Finally, a 64-bit <varname>flags</varname> field is returned that 276 is defined similarly to the <varname>flags</varname> field that was passed in, but contains information 277 about the resolved data (see below). If the hostname passed in is an IPv4 or IPv6 address formatted as 278 string, it is parsed, and the result is returned. In this case, no network communication is 279 done.</para> 280 281 <para><function>ResolveAddress()</function> executes the reverse operation: it takes an IP address and 282 acquires one or more hostnames for it. As parameters it takes the interface index to execute the query 283 on, or <constant>0</constant> if all suitable interfaces are OK. The <varname>family</varname> 284 parameter indicates the address family of the IP address to resolve. It may be either 285 <constant>AF_INET</constant> or <constant>AF_INET6</constant>. The <varname>address</varname> parameter 286 takes the raw IP address data (as either a 4 or 16 byte array). The <varname>flags</varname> input 287 parameter may be used to alter the resolver operation (see below). The method returns an array of name 288 records, each consisting of an interface index and a hostname. The <varname>flags</varname> output 289 field contains additional information about the resolver operation (see below).</para> 290 291 <para><function>ResolveRecord()</function> takes a DNS resource record (RR) type, class and name, and 292 retrieves the full resource record set (RRset), including the RDATA, for it. As parameter it takes the 293 Linux network interface index to execute the query on, or <constant>0</constant> if it may be done on 294 any suitable interface. The <varname>name</varname> parameter specifies the RR domain name to look up 295 (no IDNA conversion is applied), followed by the 16-bit class and type fields (which may be 296 ANY). Finally, a <varname>flags</varname> field may be passed in to alter behaviour of the look-up (see 297 below). On completion, an array of RR items is returned. Each array entry consists of the network interface 298 index the RR was discovered on, the type and class field of the RR found, and a byte array of the raw 299 RR discovered. The raw RR data starts with the RR's domain name, in the original casing, followed 300 by the RR type, class, TTL and RDATA, in the binary format documented in 301 <ulink url="https://www.ietf.org/rfc/rfc1035.txt">RFC 1035</ulink>. For RRs that support name 302 compression in the payload (such as MX or PTR), the compression is expanded in the returned 303 data.</para> 304 305 <para>Note that currently, the class field has to be specified as IN or ANY. Specifying a different 306 class will return an error indicating that look-ups of this kind are unsupported. Similarly, some 307 special types are not supported either (AXFR, OPT, …). While <filename>systemd-resolved</filename> parses and validates resource 308 records of many types, it is crucial that clients using this API understand that the RR data originates 309 from the network and should be thoroughly validated before use.</para> 310 311 <para><function>ResolveService()</function> may be used to resolve a DNS 312 <constant class="dns">SRV</constant> service record, as well as the hostnames referenced in it, and 313 possibly an accompanying DNS-SD <constant class="dns">TXT</constant> record containing additional 314 service metadata. The primary benefit of using this method over <function>ResolveRecord()</function> 315 specifying the <constant class="dns">SRV</constant> type is that it will resolve the 316 <constant class="dns">SRV</constant> and <constant class="dns">TXT</constant> RRs as well as the 317 hostnames referenced in the SRV in a single operation. As parameters it takes a Linux network interface 318 index, a service name, a service type and a service domain. This method may be invoked in three 319 different modes:</para> 320 321 <orderedlist> 322 <listitem><para>To resolve a DNS-SD service, specify the service name (e.g. <literal>Lennart's 323 Files</literal>), the service type (e.g. <literal>_webdav._tcp</literal>) and the domain to search in 324 (e.g. <literal>local</literal>) as the three service parameters. The service name must be in UTF-8 325 format, and no IDNA conversion is applied to it in this mode (as mandated by the DNS-SD 326 specifications). However, if necessary, IDNA conversion is applied to the domain parameter.</para> 327 </listitem> 328 329 <listitem><para>To resolve a plain <constant class="dns">SRV</constant> record, set the service name 330 parameter to the empty string and set the service type and domain properly. (IDNA conversion is 331 applied to the domain, if necessary.)</para></listitem> 332 333 <listitem><para>Alternatively, leave both the service name and type empty and specify the full domain 334 name of the <constant class="dns">SRV</constant> record (i.e. prefixed with the service type) in the 335 domain parameter. (No IDNA conversion is applied in this mode.)</para></listitem> 336 </orderedlist> 337 338 <para>The <varname>family</varname> parameter of the <function>ResolveService()</function> method encodes 339 the desired family of the addresses to resolve (use <constant>AF_INET</constant>, 340 <constant>AF_INET6</constant>, or <constant>AF_UNSPEC</constant>). If this is enabled (Use the 341 <constant>NO_ADDRESS</constant> flag to turn address resolution off, see below). The 342 <varname>flags</varname> parameter takes a couple of flags that may be used to alter the resolver 343 operation.</para> 344 345 <para>On completion, <function>ResolveService()</function> returns an array of 346 <constant class="dns">SRV</constant> record structures. Each items consisting of the priority, weight and port 347 fields as well as the hostname to contact, as encoded in the <constant class="dns">SRV</constant> 348 record. Immediately following is an array of the addresses of this hostname, with each item consisting 349 of the interface index, the address family and the address data in a byte array. This address array is 350 followed by the canonicalized hostname. After this array of <constant class="dns">SRV</constant> record 351 structures an array of byte arrays follows that encodes the TXT RR strings, in case DNS-SD look-ups are 352 enabled. The next parameters are the canonical service name, type and domain. This may or may not be 353 identical to the parameters passed in. Finally, a <varname>flags</varname> field is returned that 354 contains information about the resolver operation performed.</para> 355 356 <para>The <function>ResetStatistics()</function> method resets the various statistics counters that 357 <filename>systemd-resolved</filename> maintains to zero. (For details, see the statistics properties below.)</para> 358 359 <para>The <function>GetLink()</function> method takes a network interface index and returns the object 360 path to the <interfacename>org.freedesktop.resolve1.Link</interfacename> object corresponding to it. 361 </para> 362 363 <para>The <function>SetLinkDNS()</function> method sets the DNS servers to use on a specific 364 interface. This method (and the following ones) may be used by network management software to configure 365 per-interface DNS settings. It takes a network interface index as well as an array of DNS server IP 366 address records. Each array item consists of an address family (either <constant>AF_INET</constant> or 367 <constant>AF_INET6</constant>), followed by a 4-byte or 16-byte array with the raw address data. This 368 method is a one-step shortcut for retrieving the Link object for a network interface using 369 <function>GetLink()</function> (see above) and then invoking the <function>SetDNS()</function> method 370 (see below) on it.</para> 371 372 <para><function>SetLinkDNSEx()</function> is similar to <function>SetLinkDNS()</function>, but allows 373 an IP port (instead of the default 53) and DNS name to be specified for each DNS server. The server 374 name is used for Server Name Indication (SNI), which is useful when DNS-over-TLS is 375 used. C.f. <varname>DNS=</varname> in 376 <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>. 377 </para> 378 379 <para><function>SetLinkDefaultRoute()</function> specifies whether the link shall be used as the 380 default route for name queries. See the description of name routing in 381 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> 382 for details.</para> 383 384 <para>The <function>SetLinkDomains()</function> method sets the search and routing domains to use on a 385 specific network interface for DNS look-ups. It takes a network interface index and an array of domains, 386 each with a boolean parameter indicating whether the specified domain shall be used as a search domain 387 (false), or just as a routing domain (true). Search domains are used for qualifying single-label names into 388 FQDN when looking up hostnames, as well as for making routing decisions on which interface to send 389 queries ending in the domain to. Routing domains are only used for routing decisions and not used for single-label 390 name qualification. Pass the search domains in the order they should be used.</para> 391 392 <para>The <function>SetLinkLLMNR()</function> method enables or disables LLMNR support on a specific 393 network interface. It takes a network interface index as well as a string that may either be empty or one of 394 <literal>yes</literal>, <literal>no</literal> or <literal>resolve</literal>. If empty, the systemd-wide 395 default LLMNR setting is used. If <literal>yes</literal>, LLMNR is used for resolution of single-label 396 names and the local hostname is registered on all local LANs for LLMNR resolution by peers. If 397 <literal>no</literal>, LLMNR is turned off fully on this interface. If <literal>resolve</literal>, LLMNR 398 is only enabled for resolving names, but the local hostname is not registered for other peers to 399 use.</para> 400 401 <para>Similarly, the <function>SetLinkMulticastDNS()</function> method enables or disables MulticastDNS 402 support on a specific interface. It takes the same parameters as <function>SetLinkLLMNR()</function> 403 described above.</para> 404 405 <para>The <function>SetLinkDNSSEC()</function> method enables or disables DNSSEC validation on a 406 specific network interface. It takes a network interface index as well as a string that may either be 407 empty or one of <literal>yes</literal>, <literal>no</literal>, or <literal>allow-downgrade</literal>. When 408 empty, the system-wide default DNSSEC setting is used. If <literal>yes</literal>, full DNSSEC validation 409 is done for all look-ups. If the selected DNS server does not support DNSSEC, look-ups will fail if this 410 mode is used. If <literal>no</literal>, DNSSEC validation is fully disabled. If 411 <literal>allow-downgrade</literal>, DNSSEC validation is enabled, but is turned off automatically if the 412 selected server does not support it (thus opening up behaviour to downgrade attacks). Note that DNSSEC 413 only applies to traditional DNS, not to LLMNR or MulticastDNS.</para> 414 415 <para>The <function>SetLinkDNSSECNegativeTrustAnchors()</function> method may be used to configure DNSSEC 416 Negative Trust Anchors (NTAs) for a specific network interface. It takes a network interface index and a 417 list of domains as arguments.</para> 418 419 <para>The <function>SetLinkDNSOverTLS()</function> method enables or disables DNS-over-TLS. 420 C.f. <varname>DNSOverTLS=</varname> in 421 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> 422 for details.</para> 423 424 <para>Network management software integrating with <filename>systemd-resolved</filename> should call 425 <function>SetLinkDNS()</function> or <function>SetLinkDNSEx()</function>, 426 <function>SetLinkDefaultRoute()</function>, <function>SetLinkDomains()</function> and others after the 427 interface appeared in the kernel (and thus after a network interface index has been assigned), but 428 before the network interfaces is activated (<constant>IFF_UP</constant> set) so that all settings take 429 effect during the full time the network interface is up. It is safe to alter settings while the 430 interface is up, however. Use <function>RevertLink()</function> (described below) to reset all 431 per-interface settings.</para> 432 433 <para>The <function>RevertLink()</function> method may be used to revert all per-link settings 434 described above to the defaults.</para> 435 436 <refsect3> 437 <title>The Flags Parameter</title> 438 439 <para>The four methods above accept and return a 64-bit flags value. In most cases passing 0 is sufficient 440 and recommended. However, the following flags are defined to alter the look-up:</para> 441 442 <programlisting> 443#define SD_RESOLVED_DNS (UINT64_C(1) << 0) 444#define SD_RESOLVED_LLMNR_IPV4 (UINT64_C(1) << 1) 445#define SD_RESOLVED_LLMNR_IPV6 (UINT64_C(1) << 2) 446#define SD_RESOLVED_MDNS_IPV4 (UINT64_C(1) << 3) 447#define SD_RESOLVED_MDNS_IPV6 (UINT64_C(1) << 4) 448#define SD_RESOLVED_NO_CNAME (UINT64_C(1) << 5) 449#define SD_RESOLVED_NO_TXT (UINT64_C(1) << 6) 450#define SD_RESOLVED_NO_ADDRESS (UINT64_C(1) << 7) 451#define SD_RESOLVED_NO_SEARCH (UINT64_C(1) << 8) 452#define SD_RESOLVED_AUTHENTICATED (UINT64_C(1) << 9) 453#define SD_RESOLVED_NO_VALIDATE (UINT64_C(1) << 10) 454#define SD_RESOLVED_NO_SYNTHESIZE (UINT64_C(1) << 11) 455#define SD_RESOLVED_NO_CACHE (UINT64_C(1) << 12) 456#define SD_RESOLVED_NO_ZONE (UINT64_C(1) << 13) 457#define SD_RESOLVED_NO_TRUST_ANCHOR (UINT64_C(1) << 14) 458#define SD_RESOLVED_NO_NETWORK (UINT64_C(1) << 15) 459#define SD_RESOLVED_REQUIRE_PRIMARY (UINT64_C(1) << 16) 460#define SD_RESOLVED_CLAMP_TTL (UINT64_C(1) << 17) 461#define SD_RESOLVED_CONFIDENTIAL (UINT64_C(1) << 18) 462#define SD_RESOLVED_SYNTHETIC (UINT64_C(1) << 19) 463#define SD_RESOLVED_FROM_CACHE (UINT64_C(1) << 20) 464#define SD_RESOLVED_FROM_ZONE (UINT64_C(1) << 21) 465#define SD_RESOLVED_FROM_TRUST_ANCHOR (UINT64_C(1) << 22) 466#define SD_RESOLVED_FROM_NETWORK (UINT64_C(1) << 23) 467 </programlisting> 468 469 <para>On input, the first five flags control the protocols to use for the look-up. They refer to 470 classic unicast DNS, LLMNR via IPv4/UDP and IPv6/UDP respectively, as well as MulticastDNS via 471 IPv4/UDP and IPv6/UDP. If all of these five bits are off on input (which is strongly recommended) the 472 look-up will be done via all suitable protocols for the specific look-up. Note that these flags 473 operate as filter only, but cannot force a look-up to be done via a protocol. Specifically, 474 <filename>systemd-resolved</filename> will only route look-ups within the .local TLD to MulticastDNS 475 (plus some reverse look-up address domains), and single-label names to LLMNR (plus some reverse 476 address lookup domains). It will route neither of these to Unicast DNS servers. Also, it will do 477 LLMNR and Multicast DNS only on interfaces suitable for multicast.</para> 478 479 <para>On output, these five flags indicate which protocol was used to execute the operation, and hence 480 where the data was found.</para> 481 482 <para>The primary use cases for these five flags are follow-up look-ups based on DNS data retrieved 483 earlier. In this case it is often a good idea to limit the follow-up look-up to the protocol that was 484 used to discover the first DNS result.</para> 485 486 <para>The NO_CNAME flag controls whether CNAME/DNAME resource records shall be followed during the 487 look-up. This flag is only available at input, none of the functions will return it on output. If a 488 CNAME/DNAME RR is discovered while resolving a hostname, an error is returned instead. By default, 489 when the flag is off, CNAME/DNAME RRs are followed.</para> 490 491 <para>The NO_TXT and NO_ADDRESS flags only influence operation of the 492 <function>ResolveService()</function> method. They are only defined for input, not output. If NO_TXT 493 is set, the DNS-SD TXT RR look-up is not done in the same operation. If NO_ADDRESS is set, the 494 discovered hostnames are not implicitly translated to their addresses.</para> 495 496 <para>The NO_SEARCH flag turns off the search domain logic. It is only defined for input in 497 <function>ResolveHostname()</function>. When specified, single-label hostnames are not qualified 498 using defined search domains, if any are configured. Note that <function>ResolveRecord()</function> 499 will never qualify single-label domain names using search domains. Also note that 500 multi-label hostnames are never subject to search list expansion.</para> 501 502 <para>The AUTHENTICATED bit is defined only in the output flags of the four functions. If set, the 503 returned data has been fully authenticated. Specifically, this bit is set for all DNSSEC-protected 504 data for which a full trust chain may be established to a trusted domain anchor. It is also set for 505 locally synthesized data, such as <literal>localhost</literal> or data from 506 <filename>/etc/hosts</filename>. Moreover, it is set for all LLMNR or mDNS RRs which originate from 507 the local host. Applications that require authenticated RR data for operation should check this flag 508 before trusting the data. Note that <filename>systemd-resolved</filename> will never return 509 invalidated data, hence this flag simply allows one to discern the cases where data is known to be 510 trusted, or where there is proof that the data is "rightfully" unauthenticated (which includes cases 511 where the underlying protocol or server does not support authenticating data).</para> 512 513 <para>NO_VALIDATE can be set to disable validation via DNSSEC even if it would normally be used. 514 </para> 515 516 <para>The next four flags allow disabling certain sources during resolution. NO_SYNTHESIZE disables 517 synthetic records, e.g. the local host name, see section SYNTHETIC RECORDS in 518 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> 519 for more information. NO_CACHE disables the use of the cache of previously resolved records. NO_ZONE 520 disables answers using locally registered public LLMNR/mDNS resource records. NO_TRUST_ANCHOR 521 disables answers using locally configured trust anchors. NO_NETWORK requires all answers to be 522 provided without using the network, i.e. either from local sources or the cache.</para> 523 524 <para>With REQUIRE_PRIMARY the request must be answered from a "primary" answer, i.e. not from 525 resource records acquired as a side-effect of a previous transaction.</para> 526 527 <para>With CLAMP_TTL, if reply is answered from cache, the TTLs will be adjusted by age of cache 528 entry.</para> 529 530 <para>The next six bits flags are used in output and provide information about the source of the answer. 531 CONFIDENTIAL means the query was resolved via encrypted channels or never left this system. 532 FROM_SYNTHETIC means the query was (at least partially) synthesized. 533 FROM_CACHE means the query was answered (at least partially) using the cache. 534 FROM_ZONE means the query was answered (at least partially) using LLMNR/mDNS. 535 FROM_TRUST_ANCHOR means the query was answered (at least partially) using local trust anchors. 536 FROM_NETWORK means the query was answered (at least partially) using the network. 537 </para> 538 </refsect3> 539 </refsect2> 540 541 <refsect2> 542 <title>Properties</title> 543 544 <para>The <varname>LLMNR</varname> and <varname>MulticastDNS</varname> properties report whether LLMNR 545 and MulticastDNS are (globally) enabled. Each may be one of <literal>yes</literal>, 546 <literal>no</literal>, and <literal>resolve</literal>. See <function>SetLinkLLMNR()</function> 547 and <function>SetLinkMulticastDNS()</function> above.</para> 548 549 <para><varname>LLMNRHostname</varname> contains the hostname currently exposed on the network via 550 LLMNR. It usually follows the system hostname as may be queried via 551 <citerefentry project="man-pages"><refentrytitle>gethostname</refentrytitle><manvolnum>3</manvolnum></citerefentry>, 552 but may differ if a conflict is detected on the network.</para> 553 554 <para><varname>DNS</varname> and <varname>DNSEx</varname> contain arrays of all DNS servers currently 555 used by <filename>systemd-resolved</filename>. <varname>DNS</varname> contains information similar to 556 the DNS server data in <filename>/run/systemd/resolve/resolv.conf</filename>. Each structure in the 557 array consists of a numeric network interface index, an address family, and a byte array containing the 558 DNS server address (either 4 bytes in length for IPv4 or 16 bytes in lengths for IPv6). 559 <varname>DNSEx</varname> is similar, but additionally contains the IP port and server name (used for 560 Server Name Indication, SNI). Both arrays contain DNS servers configured system-wide, including those 561 possibly read from a foreign <filename>/etc/resolv.conf</filename> or the <varname>DNS=</varname> 562 setting in <filename>/etc/systemd/resolved.conf</filename>, as well as per-interface DNS server 563 information either retrieved from 564 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, 565 or configured by external software via <function>SetLinkDNS()</function> or 566 <function>SetLinkDNSEx()</function> (see above). The network interface index will be 0 for the 567 system-wide configured services and non-zero for the per-link servers.</para> 568 569 <para><varname>FallbackDNS</varname> and <varname>FallbackDNSEx</varname> contain arrays of all DNS 570 servers configured as fallback servers, if any, using the same format as <varname>DNS</varname> and 571 <varname>DNSEx</varname> described above. See the description of <varname>FallbackDNS=</varname> in 572 <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> for 573 the description of when those servers are used.</para> 574 575 <para><varname>CurrentDNSServer</varname> and <varname>CurrentDNSServerEx</varname> specify the server 576 that is currently used for query resolution, in the same format as a single entry in the 577 <varname>DNS</varname> and <varname>DNSEx</varname> arrays described above.</para> 578 579 <para>Similarly, the <varname>Domains</varname> property contains an array of all search and routing 580 domains currently used by <filename>systemd-resolved</filename>. Each entry consists of a network 581 interface index (again, 0 encodes system-wide entries), the actual domain name, and whether the entry 582 is used only for routing (true) or for both routing and searching (false).</para> 583 584 <para>The <varname>TransactionStatistics</varname> property contains information about the number of 585 transactions <filename>systemd-resolved</filename> has processed. It contains a pair of unsigned 64-bit counters, the first 586 containing the number of currently ongoing transactions, the second the number of total transactions 587 <filename>systemd-resolved</filename> is processing or has processed. The latter value may be reset using the 588 <function>ResetStatistics()</function> method described above. Note that the number of transactions does 589 not directly map to the number of issued resolver bus method calls. While simple look-ups usually require a 590 single transaction only, more complex look-ups might result in more, for example when CNAMEs or DNSSEC 591 are in use.</para> 592 593 <para>The <varname>CacheStatistics</varname> property contains information about the executed cache 594 operations so far. It exposes three 64-bit counters: the first being the total number of current cache 595 entries (both positive and negative), the second the number of cache hits, and the third the number of 596 cache misses. The latter counters may be reset using <function>ResetStatistics()</function> (see 597 above).</para> 598 599 <para>The <varname>DNSSEC</varname> property specifies current status of DNSSEC validation. It is one 600 of <literal>yes</literal> (validation is enforced), <literal>no</literal> (no validation is done), 601 <literal>allow-downgrade</literal> (validation is done if the current DNS server supports it). See the 602 description of <varname>DNSSEC=</varname> in 603 <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>. 604 </para> 605 606 <para>The <varname>DNSSECStatistics</varname> property contains information about the DNSSEC 607 validations executed so far. It contains four 64-bit counters: the number of secure, insecure, bogus, 608 and indeterminate DNSSEC validations so far. The counters are increased for each validated RRset, and 609 each non-existance proof. The secure counter is increased for each operation that successfully verified 610 a signed reply, the insecure counter is increased for each operation that successfully verified that an 611 unsigned reply is rightfully unsigned. The bogus counter is increased for each operation where the 612 validation did not check out and the data is likely to have been tempered with. Finally the 613 indeterminate counter is increased for each operation which did not complete because the necessary keys 614 could not be acquired or the cryptographic algorithms were unknown.</para> 615 616 <para>The <varname>DNSSECSupported</varname> boolean property reports whether DNSSEC is enabled and 617 the selected DNS servers support it. It combines information about system-wide and per-link DNS 618 settings (see below), and only reports true if DNSSEC is enabled and supported on every interface for 619 which DNS is configured and for the system-wide settings if there are any. Note that <filename>systemd-resolved</filename> assumes 620 DNSSEC is supported by DNS servers until it verifies that this is not the case. Thus, the reported 621 value may initially be true, until the first transactions are executed.</para> 622 623 <para>The <varname>DNSOverTLS</varname> boolean property reports whether DNS-over-TLS is enabled. 624 </para> 625 626 <para>The <varname>ResolvConfMode</varname> property exposes how <filename>/etc/resolv.conf</filename> 627 is managed on the host. Currently, the values <literal>uplink</literal>, <literal>stub</literal>, 628 <literal>static</literal> (these three correspond to the three different files 629 <filename>systemd-resolved.service</filename> provides), <literal>foreign</literal> (the file is 630 managed by admin or another service, <filename>systemd-resolved.service</filename> just consumes it), 631 <literal>missing</literal> (<filename>/etc/resolv.conf</filename> is missing).</para> 632 633 <para>The <varname>DNSStubListener</varname> property reports whether the stub listener on port 53 is 634 enabled. Possible values are <literal>yes</literal> (enabled), <literal>no</literal> (disabled), 635 <literal>udp</literal> (only the UDP listener is enabled), and <literal>tcp</literal> (only the TCP 636 listener is enabled).</para> 637 </refsect2> 638 </refsect1> 639 640 <refsect1> 641 <title>Link Object</title> 642 643 <programlisting executable="systemd-resolved" node="/org/freedesktop/resolve1/link/_1" interface="org.freedesktop.resolve1.Link"> 644node /org/freedesktop/resolve1/link/_1 { 645 interface org.freedesktop.resolve1.Link { 646 methods: 647 SetDNS(in a(iay) addresses); 648 SetDNSEx(in a(iayqs) addresses); 649 SetDomains(in a(sb) domains); 650 SetDefaultRoute(in b enable); 651 SetLLMNR(in s mode); 652 SetMulticastDNS(in s mode); 653 SetDNSOverTLS(in s mode); 654 SetDNSSEC(in s mode); 655 SetDNSSECNegativeTrustAnchors(in as names); 656 Revert(); 657 properties: 658 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 659 readonly t ScopesMask = ...; 660 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 661 readonly a(iay) DNS = [...]; 662 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 663 readonly a(iayqs) DNSEx = [...]; 664 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 665 readonly (iay) CurrentDNSServer = ...; 666 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 667 readonly (iayqs) CurrentDNSServerEx = ...; 668 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 669 readonly a(sb) Domains = [...]; 670 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 671 readonly b DefaultRoute = ...; 672 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 673 readonly s LLMNR = '...'; 674 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 675 readonly s MulticastDNS = '...'; 676 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 677 readonly s DNSOverTLS = '...'; 678 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 679 readonly s DNSSEC = '...'; 680 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 681 readonly as DNSSECNegativeTrustAnchors = ['...', ...]; 682 @org.freedesktop.DBus.Property.EmitsChangedSignal("false") 683 readonly b DNSSECSupported = ...; 684 }; 685 interface org.freedesktop.DBus.Peer { ... }; 686 interface org.freedesktop.DBus.Introspectable { ... }; 687 interface org.freedesktop.DBus.Properties { ... }; 688}; 689 </programlisting> 690 691 <!--property DNSSECNegativeTrustAnchors is not documented!--> 692 693 <!--Autogenerated cross-references for systemd.directives, do not edit--> 694 695 <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.resolve1.Link"/> 696 697 <variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.resolve1.Link"/> 698 699 <variablelist class="dbus-method" generated="True" extra-ref="SetDNS()"/> 700 701 <variablelist class="dbus-method" generated="True" extra-ref="SetDNSEx()"/> 702 703 <variablelist class="dbus-method" generated="True" extra-ref="SetDomains()"/> 704 705 <variablelist class="dbus-method" generated="True" extra-ref="SetDefaultRoute()"/> 706 707 <variablelist class="dbus-method" generated="True" extra-ref="SetLLMNR()"/> 708 709 <variablelist class="dbus-method" generated="True" extra-ref="SetMulticastDNS()"/> 710 711 <variablelist class="dbus-method" generated="True" extra-ref="SetDNSOverTLS()"/> 712 713 <variablelist class="dbus-method" generated="True" extra-ref="SetDNSSEC()"/> 714 715 <variablelist class="dbus-method" generated="True" extra-ref="SetDNSSECNegativeTrustAnchors()"/> 716 717 <variablelist class="dbus-method" generated="True" extra-ref="Revert()"/> 718 719 <variablelist class="dbus-property" generated="True" extra-ref="ScopesMask"/> 720 721 <variablelist class="dbus-property" generated="True" extra-ref="DNS"/> 722 723 <variablelist class="dbus-property" generated="True" extra-ref="DNSEx"/> 724 725 <variablelist class="dbus-property" generated="True" extra-ref="CurrentDNSServer"/> 726 727 <variablelist class="dbus-property" generated="True" extra-ref="CurrentDNSServerEx"/> 728 729 <variablelist class="dbus-property" generated="True" extra-ref="Domains"/> 730 731 <variablelist class="dbus-property" generated="True" extra-ref="DefaultRoute"/> 732 733 <variablelist class="dbus-property" generated="True" extra-ref="LLMNR"/> 734 735 <variablelist class="dbus-property" generated="True" extra-ref="MulticastDNS"/> 736 737 <variablelist class="dbus-property" generated="True" extra-ref="DNSOverTLS"/> 738 739 <variablelist class="dbus-property" generated="True" extra-ref="DNSSEC"/> 740 741 <variablelist class="dbus-property" generated="True" extra-ref="DNSSECNegativeTrustAnchors"/> 742 743 <variablelist class="dbus-property" generated="True" extra-ref="DNSSECSupported"/> 744 745 <!--End of Autogenerated section--> 746 747 <para>For each Linux network interface a "Link" object is created which exposes per-link DNS 748 configuration and state. Use <function>GetLink()</function> on the Manager interface to retrieve the 749 object path for a link object given the network interface index (see above).</para> 750 751 <refsect2> 752 <title>Methods</title> 753 754 <para>The various methods exposed by the Link interface are equivalent to their similarly named 755 counterparts on the Manager interface. e.g. <function>SetDNS()</function> on the Link object maps to 756 <function>SetLinkDNS()</function> on the Manager object, the main difference being that the later 757 expects an interface index to be specified. Invoking the methods on the Manager interface has the 758 benefit of reducing roundtrips, as it is not necessary to first request the Link object path via 759 <function>GetLink()</function> before invoking the methods. The same relationship holds for 760 <function>SetDNSEx()</function>, <function>SetDomains()</function>, 761 <function>SetDefaultRoute()</function>, <function>SetLLMNR()</function>, 762 <function>SetMulticastDNS()</function>, <function>SetDNSOverTLS()</function>, 763 <function>SetDNSSEC()</function>, <function>SetDNSSECNegativeTrustAnchors()</function>, and 764 <function>Revert()</function>. For further details on these methods see the 765 <interfacename>Manager</interfacename> documentation above.</para> 766 </refsect2> 767 768 <refsect2> 769 <title>Properties</title> 770 771 <para><varname>ScopesMask</varname> defines which resolver scopes are currently active on this 772 interface. This 64-bit unsigned integer field is a bit mask consisting of a subset of the bits of the 773 flags parameter describe above. Specifically, it may have the DNS, LLMNR and MDNS bits (the latter in 774 IPv4 and IPv6 flavours) set. Each individual bit is set when the protocol applies to a specific 775 interface and is enabled for it. It is unset otherwise. Specifically, a multicast-capable interface in 776 the "UP" state with an IP address is suitable for LLMNR or MulticastDNS, and any interface that is UP and 777 has an IP address is suitable for DNS. Note the relationship of the bits exposed here with the LLMNR 778 and MulticastDNS properties also exposed on the Link interface. The latter expose what is *configured* 779 to be used on the interface, the former expose what is actually used on the interface, taking into 780 account the abilities of the interface.</para> 781 782 <para><varname>DNSSECSupported</varname> exposes a boolean field that indicates whether DNSSEC is 783 currently configured and in use on the interface. Note that if DNSSEC is enabled on an interface, it is 784 assumed available until it is detected that the configured server does not actually support it. Thus, 785 this property may initially report that DNSSEC is supported on an interface.</para> 786 787 <para><varname>DefaultRoute</varname> exposes a boolean field that indicates whether the interface will 788 be used as default route for name queries. See <function>SetLinkDefaultRoute()</function> above.</para> 789 790 <para>The other properties reflect the state of the various configuration settings for the link which 791 may be set with the various methods calls such as <function>SetDNS()</function> or 792 <function>SetLLMNR()</function>.</para> 793 </refsect2> 794 </refsect1> 795 796 <refsect1> 797 <title>Common Errors</title> 798 799 <para>Many bus methods <filename>systemd-resolved</filename> exposes (in particular the resolver methods such 800 as <function>ResolveHostname()</function> on the <interfacename>Manager</interfacename> interface) may return 801 some of the following errors:</para> 802 803 <variablelist> 804 <varlistentry><term><constant>org.freedesktop.resolve1.NoNameServers</constant></term> 805 <listitem><para>No suitable DNS servers were found to resolve a request.</para></listitem> 806 </varlistentry> 807 808 <varlistentry><term><constant>org.freedesktop.resolve1.InvalidReply</constant></term> 809 <listitem><para>A response from the selected DNS server was not understood.</para></listitem> 810 </varlistentry> 811 812 <varlistentry><term><constant>org.freedesktop.resolve1.NoSuchRR</constant></term> 813 <listitem><para>The requested name exists, but there is no resource record of the requested type for 814 it. (This is the DNS NODATA case).</para></listitem></varlistentry> 815 816 <varlistentry><term><constant>org.freedesktop.resolve1.CNameLoop</constant></term> 817 <listitem><para>The look-up failed because a CNAME or DNAME loop was detected.</para></listitem> 818 </varlistentry> 819 820 <varlistentry><term><constant>org.freedesktop.resolve1.Aborted</constant></term> 821 <listitem><para>The look-up was aborted because the selected protocol became unavailable while the 822 operation was ongoing.</para></listitem> 823 </varlistentry> 824 825 <varlistentry><term><constant>org.freedesktop.resolve1.NoSuchService</constant></term> 826 <listitem><para>A service look-up was successful, but the <constant class="dns">SRV</constant> record 827 reported that the service is not available.</para></listitem></varlistentry> 828 829 <varlistentry><term><constant>org.freedesktop.resolve1.DnssecFailed</constant></term> 830 <listitem><para>The acquired response did not pass DNSSEC validation.</para></listitem> 831 </varlistentry> 832 833 <varlistentry><term><constant>org.freedesktop.resolve1.NoTrustAnchor</constant></term> 834 <listitem><para>No chain of trust could be established for the response to a configured DNSSEC trust 835 anchor.</para></listitem> 836 </varlistentry> 837 838 <varlistentry><term><constant>org.freedesktop.resolve1.ResourceRecordTypeUnsupported</constant></term> 839 <listitem><para>The requested resource record type is not supported on the selected DNS servers. This 840 error is generated for example when an RRSIG record is requested from a DNS server that does not 841 support DNSSEC.</para></listitem> 842 843 </varlistentry> 844 845 <varlistentry><term><constant>org.freedesktop.resolve1.NoSuchLink</constant></term> 846 <listitem><para>No network interface with the specified network interface index exists. 847 </para></listitem></varlistentry> 848 849 <varlistentry><term><constant>org.freedesktop.resolve1.LinkBusy</constant></term> 850 <listitem><para>The requested configuration change could not be made because 851 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>, 852 already took possession of the interface and supplied configuration data for it.</para></listitem> 853 </varlistentry> 854 855 <varlistentry><term><constant>org.freedesktop.resolve1.NetworkDown</constant></term> 856 <listitem><para>The requested look-up failed because the system is currently not connected to any 857 suitable network.</para></listitem></varlistentry> 858 859 <varlistentry><term><constant>org.freedesktop.resolve1.DnsError.NXDOMAIN</constant></term> 860 <term><constant>org.freedesktop.resolve1.DnsError.REFUSED</constant></term> 861 <term>...</term> 862 <listitem><para>The look-up failed with a DNS return code reporting a failure. The error names used as 863 suffixes here are defined in by IANA in 864 <ulink url="https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6">DNS RCODEs</ulink>. 865 </para></listitem> 866 </varlistentry> 867 </variablelist> 868 </refsect1> 869 870 <refsect1> 871 <title>Examples</title> 872 873 <example> 874 <title>Introspect <interfacename>org.freedesktop.resolve1.Manager</interfacename> on the bus</title> 875 876 <programlisting> 877$ gdbus introspect --system \ 878 --dest org.freedesktop.resolve1 \ 879 --object-path /org/freedesktop/resolve1 880 </programlisting> 881 </example> 882 883 <example> 884 <title>Introspect <interfacename>org.freedesktop.resolve1.Link</interfacename> on the bus</title> 885 886 <programlisting> 887$ gdbus introspect --system \ 888 --dest org.freedesktop.resolve1 \ 889 --object-path /org/freedesktop/resolve1/link/_11 890 </programlisting> 891 </example> 892 </refsect1> 893 894 <xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/> 895</refentry> 896