1<?xml version='1.0'?> 2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> 4<!-- SPDX-License-Identifier: LGPL-2.1-or-later --> 5 6<refentry id="resolvectl" conditional='ENABLE_RESOLVE' 7 xmlns:xi="http://www.w3.org/2001/XInclude"> 8 9 <refentryinfo> 10 <title>resolvectl</title> 11 <productname>systemd</productname> 12 </refentryinfo> 13 14 <refmeta> 15 <refentrytitle>resolvectl</refentrytitle> 16 <manvolnum>1</manvolnum> 17 </refmeta> 18 19 <refnamediv> 20 <refname>resolvectl</refname> 21 <refname>resolvconf</refname> 22 <refpurpose>Resolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services; introspect and reconfigure the DNS resolver</refpurpose> 23 </refnamediv> 24 25 <refsynopsisdiv> 26 <cmdsynopsis> 27 <command>resolvectl</command> 28 <arg choice="opt" rep="repeat">OPTIONS</arg> 29 <arg choice="req">COMMAND</arg> 30 <arg choice="opt" rep="repeat">NAME</arg> 31 </cmdsynopsis> 32 </refsynopsisdiv> 33 34 <refsect1> 35 <title>Description</title> 36 37 <para><command>resolvectl</command> may be used to resolve domain names, IPv4 and IPv6 addresses, DNS resource 38 records and services with the 39 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> 40 resolver service. By default, the specified list of parameters will be resolved as hostnames, retrieving their IPv4 41 and IPv6 addresses. If the parameters specified are formatted as IPv4 or IPv6 operation the reverse operation is 42 done, and a hostname is retrieved for the specified addresses.</para> 43 44 <para>The program's output contains information about the protocol used for the look-up and on which network 45 interface the data was discovered. It also contains information on whether the information could be 46 authenticated. All data for which local DNSSEC validation succeeds is considered authenticated. Moreover all data 47 originating from local, trusted sources is also reported authenticated, including resolution of the local host 48 name, the <literal>localhost</literal> hostname or all data from <filename>/etc/hosts</filename>.</para> 49 </refsect1> 50 51 <refsect1> 52 <title>Commands</title> 53 <variablelist> 54 55 <varlistentry> 56 <term><command>query</command> <replaceable>HOSTNAME|ADDRESS</replaceable>…</term> 57 58 <listitem><para>Resolve domain names, as well as IPv4 and IPv6 addresses. When used in conjunction 59 with <option>--type=</option> or <option>--class=</option> (see below), resolves low-level DNS 60 resource records.</para> 61 62 <para>If a single-label domain name is specified it is searched for according to the configured 63 search domains — unless <option>--search=no</option> or 64 <option>--type=</option>/<option>--class=</option> are specified, both of which turn this logic 65 off.</para> 66 67 <para>If an international domain name is specified, it is automatically translated according to IDNA 68 rules when resolved via classic DNS — but not for look-ups via MulticastDNS or LLMNR. If 69 <option>--type=</option>/<option>--class=</option> is used IDNA translation is turned off and domain 70 names are processed as specified.</para></listitem> 71 </varlistentry> 72 73 <varlistentry> 74 <term><command>service</command> 75 [[<replaceable>NAME</replaceable>] <replaceable>TYPE</replaceable>] 76 <replaceable>DOMAIN</replaceable></term> 77 78 <listitem><para>Resolve <ulink url="https://tools.ietf.org/html/rfc6763">DNS-SD</ulink> and <ulink 79 url="https://tools.ietf.org/html/rfc2782">SRV</ulink> services, depending on the specified list of 80 parameters. If three parameters are passed the first is assumed to be the DNS-SD service name, the 81 second the <constant class='dns'>SRV</constant> service type, and the third the domain to search in. 82 In this case a full DNS-SD style <constant class='dns'>SRV</constant> and <constant 83 class='dns'>TXT</constant> lookup is executed. If only two parameters are specified, the first is 84 assumed to be the <constant class='dns'>SRV</constant> service type, and the second the domain to look 85 in. In this case no <constant class='dns'>TXT</constant> resource record is requested. Finally, if 86 only one parameter is specified, it is assumed to be a domain name, that is already prefixed with an 87 <constant class='dns'>SRV</constant> type, and an <constant class='dns'>SRV</constant> lookup is done 88 (no <constant class='dns'>TXT</constant>).</para></listitem> 89 </varlistentry> 90 91 <varlistentry> 92 <term><command>openpgp</command> <replaceable>EMAIL@DOMAIN</replaceable>…</term> 93 94 <listitem><para>Query PGP keys stored as <constant class='dns'>OPENPGPKEY</constant> resource records, 95 see <ulink url="https://tools.ietf.org/html/rfc7929">RFC 7929</ulink>. Specified e-mail addresses 96 are converted to the corresponding DNS domain name, and any <constant class='dns'>OPENPGPKEY</constant> 97 keys are printed.</para></listitem> 98 </varlistentry> 99 100 <varlistentry> 101 <term><command>tlsa</command> 102 [<replaceable>FAMILY</replaceable>] 103 <replaceable>DOMAIN</replaceable>[:<replaceable>PORT</replaceable>]…</term> 104 105 <listitem><para>Query TLS public keys stored as <constant class='dns'>TLSA</constant> resource 106 records, see <ulink url="https://tools.ietf.org/html/rfc6698">RFC 6698</ulink>. A query will be 107 performed for each of the specified names prefixed with the port and family 108 (<literal>_<replaceable>port</replaceable>._<replaceable>family</replaceable>.<replaceable>domain</replaceable></literal>). 109 The port number may be specified after a colon (<literal>:</literal>), otherwise 110 <constant>443</constant> will be used by default. The family may be specified as the first argument, 111 otherwise <constant>tcp</constant> will be used.</para></listitem> 112 </varlistentry> 113 114 <varlistentry> 115 <term><command>status</command> [<replaceable>LINK</replaceable>…]</term> 116 117 <listitem><para>Shows the global and per-link DNS settings currently in effect. If no command is specified, 118 this is the implied default.</para></listitem> 119 </varlistentry> 120 121 <varlistentry> 122 <term><command>statistics</command></term> 123 124 <listitem><para>Shows general resolver statistics, including information whether DNSSEC is 125 enabled and available, as well as resolution and validation statistics.</para></listitem> 126 </varlistentry> 127 128 <varlistentry> 129 <term><command>reset-statistics</command></term> 130 131 <listitem><para>Resets the statistics counters shown in <command>statistics</command> to zero. 132 This operation requires root privileges.</para></listitem> 133 </varlistentry> 134 135 <varlistentry> 136 <term><command>flush-caches</command></term> 137 138 <listitem><para>Flushes all DNS resource record caches the service maintains locally. This is mostly 139 equivalent to sending the <constant>SIGUSR2</constant> to the <command>systemd-resolved</command> 140 service.</para></listitem> 141 </varlistentry> 142 143 <varlistentry> 144 <term><command>reset-server-features</command></term> 145 146 <listitem><para>Flushes all feature level information the resolver learnt about specific servers, and ensures 147 that the server feature probing logic is started from the beginning with the next look-up request. This is 148 mostly equivalent to sending the <constant>SIGRTMIN+1</constant> to the <command>systemd-resolved</command> 149 service.</para></listitem> 150 </varlistentry> 151 152 <varlistentry> 153 <term><command>dns</command> [<replaceable>LINK</replaceable> [<replaceable>SERVER</replaceable>…]]</term> 154 <term><command>domain</command> [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</term> 155 <term><command>default-route</command> [<replaceable>LINK</replaceable> [<replaceable>BOOL</replaceable>…]]</term> 156 <term><command>llmnr</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term> 157 <term><command>mdns</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term> 158 <term><command>dnssec</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term> 159 <term><command>dnsovertls</command> [<replaceable>LINK</replaceable> [<replaceable>MODE</replaceable>]]</term> 160 <term><command>nta</command> [<replaceable>LINK</replaceable> [<replaceable>DOMAIN</replaceable>…]]</term> 161 162 <listitem> 163 <para>Get/set per-interface DNS configuration. These commands may be used to configure various DNS 164 settings for network interfaces. These commands may be used to inform 165 <command>systemd-resolved</command> or <command>systemd-networkd</command> about per-interface DNS 166 configuration determined through external means. The <command>dns</command> command expects IPv4 or 167 IPv6 address specifications of DNS servers to use. Each address can optionally take a port number 168 separated with <literal>:</literal>, a network interface name or index separated with 169 <literal>%</literal>, and a Server Name Indication (SNI) separated with <literal>#</literal>. When 170 IPv6 address is specified with a port number, then the address must be in the square brackets. That 171 is, the acceptable full formats are <literal>111.222.333.444:9953%ifname#example.com</literal> for 172 IPv4 and <literal>[1111:2222::3333]:9953%ifname#example.com</literal> for IPv6. The 173 <command>domain</command> command expects valid DNS domains, possibly prefixed with 174 <literal>~</literal>, and configures a per-interface search or route-only domain. The 175 <command>default-route</command> command expects a boolean parameter, and configures whether the 176 link may be used as default route for DNS lookups, i.e. if it is suitable for lookups on domains no 177 other link explicitly is configured for. The <command>llmnr</command>, <command>mdns</command>, 178 <command>dnssec</command> and <command>dnsovertls</command> commands may be used to configure the 179 per-interface LLMNR, MulticastDNS, DNSSEC and DNSOverTLS settings. Finally, <command>nta</command> 180 command may be used to configure additional per-interface DNSSEC NTA domains.</para> 181 182 <para>Commands <command>dns</command>, <command>domain</command> and <command>nta</command> can take 183 a single empty string argument to clear their respective value lists.</para> 184 185 <para>For details about these settings, their possible values and their effect, see the 186 corresponding settings in 187 <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> 188 </listitem> 189 </varlistentry> 190 191 <varlistentry> 192 <term><command>revert <replaceable>LINK</replaceable></command></term> 193 194 <listitem><para>Revert the per-interface DNS configuration. If the DNS configuration is reverted all 195 per-interface DNS setting are reset to their defaults, undoing all effects of <command>dns</command>, 196 <command>domain</command>, <command>default-route</command>, <command>llmnr</command>, 197 <command>mdns</command>, <command>dnssec</command>, <command>dnsovertls</command>, 198 <command>nta</command>. Note that when a network interface disappears all configuration is lost 199 automatically, an explicit reverting is not necessary in that case.</para></listitem> 200 </varlistentry> 201 202 <xi:include href="systemctl.xml" xpointer="log-level" /> 203 </variablelist> 204 </refsect1> 205 206 <refsect1> 207 <title>Options</title> 208 <variablelist> 209 <varlistentry> 210 <term><option>-4</option></term> 211 <term><option>-6</option></term> 212 213 <listitem><para>By default, when resolving a hostname, both IPv4 and IPv6 214 addresses are acquired. By specifying <option>-4</option> only IPv4 addresses are requested, by specifying 215 <option>-6</option> only IPv6 addresses are requested.</para> 216 </listitem> 217 </varlistentry> 218 219 <varlistentry> 220 <term><option>-i</option> <replaceable>INTERFACE</replaceable></term> 221 <term><option>--interface=</option><replaceable>INTERFACE</replaceable></term> 222 223 <listitem><para>Specifies the network interface to execute the query on. This may either be specified as numeric 224 interface index or as network interface string (e.g. <literal>en0</literal>). Note that this option has no 225 effect if system-wide DNS configuration (as configured in <filename>/etc/resolv.conf</filename> or 226 <filename>/etc/systemd/resolved.conf</filename>) in place of per-link configuration is used.</para></listitem> 227 </varlistentry> 228 229 <varlistentry> 230 <term><option>-p</option> <replaceable>PROTOCOL</replaceable></term> 231 <term><option>--protocol=</option><replaceable>PROTOCOL</replaceable></term> 232 233 <listitem><para>Specifies the network protocol for the query. May be one of <literal>dns</literal> 234 (i.e. classic unicast DNS), <literal>llmnr</literal> (<ulink 235 url="https://tools.ietf.org/html/rfc4795">Link-Local Multicast Name Resolution</ulink>), 236 <literal>llmnr-ipv4</literal>, <literal>llmnr-ipv6</literal> (LLMNR via the indicated underlying IP 237 protocols), <literal>mdns</literal> (<ulink url="https://www.ietf.org/rfc/rfc6762.txt">Multicast DNS</ulink>), 238 <literal>mdns-ipv4</literal>, <literal>mdns-ipv6</literal> (MDNS via the indicated underlying IP protocols). 239 By default the lookup is done via all protocols suitable for the lookup. If used, limits the set of 240 protocols that may be used. Use this option multiple times to enable resolving via multiple protocols at the 241 same time. The setting <literal>llmnr</literal> is identical to specifying this switch once with 242 <literal>llmnr-ipv4</literal> and once via <literal>llmnr-ipv6</literal>. Note that this option does not force 243 the service to resolve the operation with the specified protocol, as that might require a suitable network 244 interface and configuration. 245 The special value <literal>help</literal> may be used to list known values. 246 </para></listitem> 247 </varlistentry> 248 249 <varlistentry> 250 <term><option>-t</option> <replaceable>TYPE</replaceable></term> 251 <term><option>--type=</option><replaceable>TYPE</replaceable></term> 252 <term><option>-c</option> <replaceable>CLASS</replaceable></term> 253 <term><option>--class=</option><replaceable>CLASS</replaceable></term> 254 255 <listitem><para>When used in conjunction with the <command>query</command> command, specifies the DNS 256 resource record type (e.g. <constant class='dns'>A</constant>, <constant class='dns'>AAAA</constant>, 257 <constant class='dns'>MX</constant>, …) and class (e.g. <constant>IN</constant>, 258 <constant>ANY</constant>, …) to look up. If these options are used a DNS resource record set matching 259 the specified class and type is requested. The class defaults to <constant>IN</constant> if only a 260 type is specified. The special value <literal>help</literal> may be used to list known values.</para> 261 262 <para>Without these options <command>resolvectl query</command> provides high-level domain name to 263 address and address to domain name resolution. With these options it provides low-level DNS resource 264 record resolution. The search domain logic is automatically turned off when these options are used, 265 i.e. specified domain names need to be fully qualified domain names. Moreover, IDNA internal domain 266 name translation is turned off as well, i.e. international domain names should be specified in 267 <literal>xn--…</literal> notation, unless look-up in MulticastDNS/LLMNR is desired, in which case 268 UTF-8 characters should be used.</para></listitem> 269 </varlistentry> 270 271 <varlistentry> 272 <term><option>--service-address=</option><replaceable>BOOL</replaceable></term> 273 274 <listitem><para>Takes a boolean parameter. If true (the default), when doing a service lookup with 275 <option>--service</option> the hostnames contained in the <constant class='dns'>SRV</constant> 276 resource records are resolved as well.</para></listitem> 277 </varlistentry> 278 279 <varlistentry> 280 <term><option>--service-txt=</option><replaceable>BOOL</replaceable></term> 281 282 <listitem><para>Takes a boolean parameter. If true (the default), when doing a DNS-SD service lookup 283 with <option>--service</option> the <constant class='dns'>TXT</constant> service metadata record is 284 resolved as well.</para></listitem> 285 </varlistentry> 286 287 <varlistentry> 288 <term><option>--cname=</option><replaceable>BOOL</replaceable></term> 289 290 <listitem><para>Takes a boolean parameter. If true (the default), DNS <constant 291 class='dns'>CNAME</constant> or <constant class='dns'>DNAME</constant> redirections are 292 followed. Otherwise, if a CNAME or DNAME record is encountered while resolving, an error is 293 returned.</para></listitem> 294 </varlistentry> 295 296 <varlistentry> 297 <term><option>--validate=</option><replaceable>BOOL</replaceable></term> 298 299 <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true 300 (the default), DNSSEC validation is applied as usual — under the condition that it is enabled for the 301 network and for <filename>systemd-resolved.service</filename> as a whole. If false, DNSSEC validation 302 is disabled for the specific query, regardless of whether it is enabled for the network or in the 303 service. Note that setting this option to true does not force DNSSEC validation on systems/networks 304 where DNSSEC is turned off. This option is only suitable to turn off such validation where otherwise 305 enabled, not enable validation where otherwise disabled.</para></listitem> 306 </varlistentry> 307 308 <varlistentry> 309 <term><option>--synthesize=</option><replaceable>BOOL</replaceable></term> 310 311 <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true 312 (the default), select domains are resolved on the local system, among them 313 <literal>localhost</literal>, <literal>_gateway</literal> and <literal>_outbound</literal>, or 314 entries from <filename>/etc/hosts</filename>. If false these domains are not resolved locally, and 315 either fail (in case of <literal>localhost</literal>, <literal>_gateway</literal> or 316 <literal>_outbound</literal> and suchlike) or go to the network via regular DNS/mDNS/LLMNR lookups 317 (in case of <filename>/etc/hosts</filename> entries).</para></listitem> 318 </varlistentry> 319 320 <varlistentry> 321 <term><option>--cache=</option><replaceable>BOOL</replaceable></term> 322 323 <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true 324 (the default), lookups use the local DNS resource record cache. If false, lookups are routed to the 325 network instead, regardless if already available in the local cache.</para></listitem> 326 </varlistentry> 327 328 <varlistentry> 329 <term><option>--zone=</option><replaceable>BOOL</replaceable></term> 330 331 <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true 332 (the default), lookups are answered from locally registered LLMNR or mDNS resource records, if 333 defined. If false, locally registered LLMNR/mDNS records are not considered for the lookup 334 request.</para></listitem> 335 </varlistentry> 336 337 <varlistentry> 338 <term><option>--trust-anchor=</option><replaceable>BOOL</replaceable></term> 339 340 <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true 341 (the default), lookups for DS and DNSKEY are answered from the local DNSSEC trust anchors if 342 possible. If false, the local trust store is not considered for the lookup request.</para></listitem> 343 </varlistentry> 344 345 <varlistentry> 346 <term><option>--network=</option><replaceable>BOOL</replaceable></term> 347 348 <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true 349 (the default), lookups are answered via DNS, LLMNR or mDNS network requests if they cannot be 350 synthesized locally, or be answered from the local cache, zone or trust anchors (see above). If false, 351 the request is not answered from the network and will thus fail if none of the indicated sources can 352 answer them.</para></listitem> 353 </varlistentry> 354 355 <varlistentry> 356 <term><option>--search=</option><replaceable>BOOL</replaceable></term> 357 358 <listitem><para>Takes a boolean parameter. If true (the default), any specified single-label 359 hostnames will be searched in the domains configured in the search domain list, if it is 360 non-empty. Otherwise, the search domain logic is disabled. Note that this option has no effect if 361 <option>--type=</option> is used (see above), in which case the search domain logic is 362 unconditionally turned off.</para></listitem> 363 </varlistentry> 364 365 <varlistentry> 366 <term><option>--raw</option><optional>=payload|packet</optional></term> 367 368 <listitem><para>Dump the answer as binary data. If there is no argument or if the argument is 369 <literal>payload</literal>, the payload of the packet is exported. If the argument is 370 <literal>packet</literal>, the whole packet is dumped in wire format, prefixed by 371 length specified as a little-endian 64-bit number. This format allows multiple packets 372 to be dumped and unambiguously parsed.</para></listitem> 373 </varlistentry> 374 375 <varlistentry> 376 <term><option>--legend=</option><replaceable>BOOL</replaceable></term> 377 378 <listitem><para>Takes a boolean parameter. If true (the default), column headers and meta information about the 379 query response are shown. Otherwise, this output is suppressed.</para></listitem> 380 </varlistentry> 381 382 <xi:include href="standard-options.xml" xpointer="help" /> 383 <xi:include href="standard-options.xml" xpointer="version" /> 384 <xi:include href="standard-options.xml" xpointer="no-pager" /> 385 </variablelist> 386 </refsect1> 387 388 <refsect1> 389 <title>Compatibility with 390 <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry></title> 391 392 <para><command>resolvectl</command> is a multi-call binary. When invoked as <literal>resolvconf</literal> 393 (generally achieved by means of a symbolic link of this name to the <command>resolvectl</command> binary) it 394 is run in a limited 395 <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry> 396 compatibility mode. It accepts mostly the same arguments and pushes all data into 397 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, 398 similar to how <option>dns</option> and <option>domain</option> commands operate. Note that 399 <command>systemd-resolved.service</command> is the only supported backend, which is different from other 400 implementations of this command.</para> 401 402 <para><filename>/etc/resolv.conf</filename> will only be updated with servers added with this command 403 when <filename>/etc/resolv.conf</filename> is a symlink to 404 <filename>/run/systemd/resolve/resolv.conf</filename>, and not a static file. See the discussion of 405 <filename>/etc/resolv.conf</filename> handling in 406 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. 407 </para> 408 409 <para>Not all operations supported by other implementations are supported natively. Specifically:</para> 410 411 <variablelist> 412 <varlistentry> 413 <term><option>-a</option></term> 414 <listitem><para>Registers per-interface DNS configuration data with 415 <command>systemd-resolved</command>. Expects a network interface name as only command line argument. Reads 416 <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>-compatible 417 DNS configuration data from its standard input. Relevant fields are <literal>nameserver</literal> and 418 <literal>domain</literal>/<literal>search</literal>. This command is mostly identical to invoking 419 <command>resolvectl</command> with a combination of <option>dns</option> and <option>domain</option> 420 commands.</para></listitem> 421 </varlistentry> 422 423 <varlistentry> 424 <term><option>-d</option></term> 425 <listitem><para>Unregisters per-interface DNS configuration data with <command>systemd-resolved</command>. This 426 command is mostly identical to invoking <command>resolvectl revert</command>.</para></listitem> 427 </varlistentry> 428 429 <varlistentry> 430 <term><option>-f</option></term> 431 432 <listitem><para>When specified <option>-a</option> and <option>-d</option> will not complain about missing 433 network interfaces and will silently execute no operation in that case.</para></listitem> 434 </varlistentry> 435 436 <varlistentry> 437 <term><option>-x</option></term> 438 439 <listitem><para>This switch for "exclusive" operation is supported only partially. It is mapped to an 440 additional configured search domain of <literal>~.</literal> — i.e. ensures that DNS traffic is preferably 441 routed to the DNS servers on this interface, unless there are other, more specific domains configured on other 442 interfaces.</para></listitem> 443 </varlistentry> 444 445 <varlistentry> 446 <term><option>-m</option></term> 447 <term><option>-p</option></term> 448 449 <listitem><para>These switches are not supported and are silently ignored.</para></listitem> 450 </varlistentry> 451 452 <varlistentry> 453 <term><option>-u</option></term> 454 <term><option>-I</option></term> 455 <term><option>-i</option></term> 456 <term><option>-l</option></term> 457 <term><option>-R</option></term> 458 <term><option>-r</option></term> 459 <term><option>-v</option></term> 460 <term><option>-V</option></term> 461 <term><option>--enable-updates</option></term> 462 <term><option>--disable-updates</option></term> 463 <term><option>--are-updates-enabled</option></term> 464 465 <listitem><para>These switches are not supported and the command will fail if used.</para></listitem> 466 </varlistentry> 467 468 </variablelist> 469 470 <para>See 471 <citerefentry project="debian"><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry> 472 for details on those command line options.</para> 473 </refsect1> 474 475 <refsect1> 476 <title>Examples</title> 477 478 <example> 479 <title>Retrieve the addresses of the <literal>www.0pointer.net</literal> domain (<constant class='dns'>A</constant> and <constant class='dns'>AAAA</constant> resource records)</title> 480 481 <programlisting>$ resolvectl query www.0pointer.net 482www.0pointer.net: 2a01:238:43ed:c300:10c3:bcf3:3266:da74 483 85.214.157.71 484 485-- Information acquired via protocol DNS in 611.6ms. 486-- Data is authenticated: no 487</programlisting> 488 </example> 489 490 <example> 491 <title>Retrieve the domain of the <literal>85.214.157.71</literal> IP address 492 (<constant class='dns'>PTR</constant> resource record)</title> 493 494 <programlisting>$ resolvectl query 85.214.157.71 49585.214.157.71: gardel.0pointer.net 496 497-- Information acquired via protocol DNS in 1.2997s. 498-- Data is authenticated: no 499</programlisting> 500 </example> 501 502 <example> 503 <title>Retrieve the <constant class='dns'>MX</constant> record of the <literal>yahoo.com</literal> 504 domain</title> 505 506 <programlisting>$ resolvectl --legend=no -t MX query yahoo.com 507yahoo.com. IN MX 1 mta7.am0.yahoodns.net 508yahoo.com. IN MX 1 mta6.am0.yahoodns.net 509yahoo.com. IN MX 1 mta5.am0.yahoodns.net 510</programlisting> 511 </example> 512 513 <example> 514 <title>Resolve an <constant class='dns'>SRV</constant> service</title> 515 516 <programlisting>$ resolvectl service _xmpp-server._tcp gmail.com 517_xmpp-server._tcp/gmail.com: alt1.xmpp-server.l.google.com:5269 [priority=20, weight=0] 518 173.194.210.125 519 alt4.xmpp-server.l.google.com:5269 [priority=20, weight=0] 520 173.194.65.125 521 … 522</programlisting> 523 </example> 524 525 <example> 526 <title>Retrieve a PGP key (<constant class='dns'>OPENPGP</constant> resource record)</title> 527 528 <programlisting>$ resolvectl openpgp zbyszek@fedoraproject.org 529d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproject.org. IN OPENPGPKEY 530 mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5soJjlMyf 531 MFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2Cjk3xUwAynCsSs 532 … 533</programlisting> 534 </example> 535 536 <example> 537 <title>Retrieve a TLS key (<constant class='dns'>TLSA</constant> resource record)</title> 538 539 <programlisting>$ resolvectl tlsa tcp fedoraproject.org:443 540_443._tcp.fedoraproject.org IN TLSA 0 0 1 19400be5b7a31fb733917700789d2f0a2471c0c9d506c0e504c06c16d7cb17c0 541 -- Cert. usage: CA constraint 542 -- Selector: Full Certificate 543 -- Matching type: SHA-256 544</programlisting> 545 546 <para><literal>tcp</literal> and <literal>:443</literal> are optional and could be skipped.</para> 547 </example> 548 </refsect1> 549 550 <refsect1> 551 <title>See Also</title> 552 <para> 553 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, 554 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, 555 <citerefentry><refentrytitle>systemd.dnssd</refentrytitle><manvolnum>5</manvolnum></citerefentry>, 556 <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, 557 <citerefentry><refentrytitle>resolvconf</refentrytitle><manvolnum>8</manvolnum></citerefentry> 558 </para> 559 </refsect1> 560</refentry> 561