2025-09-29 16:54:46 +02:00
5 changed files with 27 additions and 112 deletions
--- a/src/resolve/resolvectl.c
+++ b/src/resolve/resolvectl.c
@ -3321,8 +3321,6 @@ static int dump_cache_scope(sd_json_variant *scope) {
                int ifindex;
                const char *ifname;
                sd_json_variant *cache;
-                const char *dnssec_mode;
-                const char *dns_over_tls_mode;
        } scope_info = {
                .family = AF_UNSPEC,
        };
@ -3330,13 +3328,11 @@ static int dump_cache_scope(sd_json_variant *scope) {
        int r, c = 0;

        static const sd_json_dispatch_field dispatch_table[] = {
-                { "protocol",     SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string,  offsetof(struct scope_info, protocol),          SD_JSON_MANDATORY },
-                { "family",       _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_int,           offsetof(struct scope_info, family),            0                 },
-                { "ifindex",      _SD_JSON_VARIANT_TYPE_INVALID, json_dispatch_ifindex,          offsetof(struct scope_info, ifindex),           SD_JSON_RELAX     },
-                { "ifname",       SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string,  offsetof(struct scope_info, ifname),            0                 },
-                { "cache",        SD_JSON_VARIANT_ARRAY,         sd_json_dispatch_variant_noref, offsetof(struct scope_info, cache),             SD_JSON_MANDATORY },
-                { "dnssec",       SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string,  offsetof(struct scope_info, dnssec_mode),       0                 },
-                { "dnsOverTLS",   SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string,  offsetof(struct scope_info, dns_over_tls_mode), 0                 },
+                { "protocol", SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string,  offsetof(struct scope_info, protocol), SD_JSON_MANDATORY },
+                { "family",   _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_int,           offsetof(struct scope_info, family),   0                 },
+                { "ifindex",  _SD_JSON_VARIANT_TYPE_INVALID, json_dispatch_ifindex,          offsetof(struct scope_info, ifindex),  SD_JSON_RELAX     },
+                { "ifname",   SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string,  offsetof(struct scope_info, ifname),   0                 },
+                { "cache",    SD_JSON_VARIANT_ARRAY,         sd_json_dispatch_variant_noref, offsetof(struct scope_info, cache),    SD_JSON_MANDATORY },
                {},
        };

@ -3354,13 +3350,6 @@ static int dump_cache_scope(sd_json_variant *scope) {
        if (scope_info.ifname)
                printf(" ifname=%s", scope_info.ifname);

-        if (dns_protocol_from_string(scope_info.protocol) == DNS_PROTOCOL_DNS) {
-                if (scope_info.dnssec_mode)
-                        printf(" DNSSEC=%s", scope_info.dnssec_mode);
-                if (scope_info.dns_over_tls_mode)
-                        printf(" DNSOverTLS=%s", scope_info.dns_over_tls_mode);
-        }
-
        printf("%s\n", ansi_normal());

        JSON_VARIANT_ARRAY_FOREACH(i, scope_info.cache) {
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@ -1427,14 +1427,6 @@ void dns_scope_dump(DnsScope *s, FILE *f) {
                fputs(s->delegate->id, f);
        }

-        if (s->protocol == DNS_PROTOCOL_DNS) {
-                fputs(" DNSSEC=", f);
-                fputs(dnssec_mode_to_string(s->dnssec_mode), f);
-
-                fputs(" DNSOverTLS=", f);
-                fputs(dns_over_tls_mode_to_string(s->dns_over_tls_mode), f);
-        }
-
        fputs("]\n", f);

        if (!dns_zone_is_empty(&s->zone)) {
@ -1810,13 +1802,7 @@ int dns_scope_dump_cache_to_json(DnsScope *scope, sd_json_variant **ret) {
                        SD_JSON_BUILD_PAIR_CONDITION(scope->family != AF_UNSPEC, "family", SD_JSON_BUILD_INTEGER(scope->family)),
                        SD_JSON_BUILD_PAIR_CONDITION(!!scope->link, "ifindex", SD_JSON_BUILD_INTEGER(dns_scope_ifindex(scope))),
                        SD_JSON_BUILD_PAIR_CONDITION(!!scope->link, "ifname", SD_JSON_BUILD_STRING(dns_scope_ifname(scope))),
-                        SD_JSON_BUILD_PAIR_VARIANT("cache", cache),
-                        SD_JSON_BUILD_PAIR_CONDITION(scope->protocol == DNS_PROTOCOL_DNS,
-                                                     "dnssec",
-                                                     SD_JSON_BUILD_STRING(dnssec_mode_to_string(scope->dnssec_mode))),
-                        SD_JSON_BUILD_PAIR_CONDITION(scope->protocol == DNS_PROTOCOL_DNS,
-                                                     "dnsOverTLS",
-                                                     SD_JSON_BUILD_STRING(dns_over_tls_mode_to_string(scope->dns_over_tls_mode))));
+                        SD_JSON_BUILD_PAIR_VARIANT("cache", cache));
 }

 int dns_type_suitable_for_protocol(uint16_t type, DnsProtocol protocol) {
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@ -645,7 +645,6 @@ static void manager_set_defaults(Manager *m) {

 static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
        Manager *m = ASSERT_PTR(userdata);
-        Link *l;
        int r;

        (void) notify_reloading();
@ -680,12 +679,6 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa
        if (r < 0)
                return sd_event_exit(sd_event_source_get_event(s), r);

-        /* A link's unicast scope may also be influenced by the manager's configuration. I.e., DNSSEC= and DNSOverTLS=
-         * from the manager will be used if not explicitly configured on the link. Free the scopes here so that
-         * link_allocate_scopes() in on_network_event() re-creates them. */
-        HASHMAP_FOREACH(l, m->links)
-                l->unicast_scope = dns_scope_free(l->unicast_scope);
-
        /* The configuration has changed, so reload the per-interface configuration too in order to take
         * into account any changes (e.g.: enable/disable DNSSEC). */
        r = on_network_event(/* source= */ NULL, -EBADF, /* revents= */ 0, m);
--- a/src/shared/varlink-io.systemd.Resolve.Monitor.c
+++ b/src/shared/varlink-io.systemd.Resolve.Monitor.c
@ -48,9 +48,7 @@ static SD_VARLINK_DEFINE_STRUCT_TYPE(
                SD_VARLINK_DEFINE_FIELD(family, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
                SD_VARLINK_DEFINE_FIELD(ifindex, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
                SD_VARLINK_DEFINE_FIELD(ifname, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
-                SD_VARLINK_DEFINE_FIELD_BY_TYPE(cache, CacheEntry, SD_VARLINK_ARRAY),
-                SD_VARLINK_DEFINE_FIELD(dnssec, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
-                SD_VARLINK_DEFINE_FIELD(dnsOverTLS, SD_VARLINK_STRING, SD_VARLINK_NULLABLE));
+                SD_VARLINK_DEFINE_FIELD_BY_TYPE(cache, CacheEntry, SD_VARLINK_ARRAY));

 static SD_VARLINK_DEFINE_METHOD(
                DumpCache,
--- a/test/units/TEST-75-RESOLVED.sh
+++ b/test/units/TEST-75-RESOLVED.sh
@ -135,7 +135,7 @@ EOF
        echo "FallbackDNS="
        echo "DNSSEC=allow-downgrade"
        echo "DNSOverTLS=opportunistic"
-    } >/run/systemd/resolved.conf.d/10-test.conf
+    } >/run/systemd/resolved.conf.d/test.conf
    ln -svf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
    # Override the default NTA list, which turns off DNSSEC validation for (among
    # others) the test. domain
@ -232,6 +232,7 @@ manual_testcase_01_resolvectl() {
    # Cleanup
    # shellcheck disable=SC2317
    cleanup() {
+        rm -f /run/systemd/resolved.conf.d/mdns-llmnr.conf
        ip link del hoge
        ip link del hoge.foo
    }
@ -319,7 +320,7 @@ manual_testcase_02_mdns_llmnr() {

    # Cleanup
    cleanup() {
-        rm -f /run/systemd/resolved.conf.d/90-mdns-llmnr.conf
+        rm -f /run/systemd/resolved.conf.d/mdns-llmnr.conf
        ip link del hoge
        ip link del hoge.foo
    }
@ -331,7 +332,7 @@ manual_testcase_02_mdns_llmnr() {
        echo "[Resolve]"
        echo "MulticastDNS=no"
        echo "LLMNR=no"
-    } >/run/systemd/resolved.conf.d/90-mdns-llmnr.conf
+    } >/run/systemd/resolved.conf.d/mdns-llmnr.conf
    restart_resolved
    # make sure networkd is not running.
    systemctl stop systemd-networkd.service
@ -342,7 +343,7 @@ manual_testcase_02_mdns_llmnr() {
        echo "[Resolve]"
        echo "MulticastDNS=yes"
        echo "LLMNR=yes"
-    } >/run/systemd/resolved.conf.d/90-mdns-llmnr.conf
+    } >/run/systemd/resolved.conf.d/mdns-llmnr.conf
    systemctl reload systemd-resolved.service
    # defaults to yes (both the global and per-link settings are yes)
    assert_in 'yes' "$(resolvectl mdns hoge)"
@ -366,7 +367,7 @@ manual_testcase_02_mdns_llmnr() {
        echo "[Resolve]"
        echo "MulticastDNS=resolve"
        echo "LLMNR=resolve"
-    } >/run/systemd/resolved.conf.d/90-mdns-llmnr.conf
+    } >/run/systemd/resolved.conf.d/mdns-llmnr.conf
    systemctl reload systemd-resolved.service
    # set per-link setting
    resolvectl mdns hoge yes
@ -386,7 +387,7 @@ manual_testcase_02_mdns_llmnr() {
        echo "[Resolve]"
        echo "MulticastDNS=no"
        echo "LLMNR=no"
-    } >/run/systemd/resolved.conf.d/90-mdns-llmnr.conf
+    } >/run/systemd/resolved.conf.d/mdns-llmnr.conf
    systemctl reload systemd-resolved.service
    (! lsof -p "$(systemctl show --property MainPID --value systemd-resolved.service)" | grep -q ":mdns\|:5353")
    # set per-link setting
@ -791,62 +792,10 @@ testcase_08_resolved() {
 }

 testcase_09_resolvectl_showcache() {
-    # Cleanup
-    # shellcheck disable=SC2317
-    cleanup() {
-        rm -f /run/systemd/resolved.conf.d/90-resolved.conf
-        rm -f /run/systemd/network/10-dns2.netdev
-        rm -f /run/systemd/network/10-dns2.network
-        networkctl reload
-        systemctl reload systemd-resolved.service
-        resolvectl revert dns0
-    }
-
-    trap cleanup RETURN
-
    ### Test resolvectl show-cache
    run resolvectl show-cache
    run resolvectl show-cache --json=short
    run resolvectl show-cache --json=pretty
-
-    # Use resolvectl show-cache to check that reloding resolved updates scope
-    # DNSSEC and DNSOverTLS modes.
-    {
-        echo "[NetDev]"
-        echo "Name=dns2"
-        echo "Kind=dummy"
-    } > /run/systemd/network/10-dns2.netdev
-    {
-        echo "[Match]"
-        echo "Name=dns2"
-        echo "[Network]"
-        echo "IPv6AcceptRA=no"
-        echo "Address=10.123.0.1/24"
-        echo "DNS=10.0.0.1"
-    } > /run/systemd/network/10-dns2.network
-    networkctl reload
-    networkctl reconfigure dns2
-
-    mkdir -p /run/systemd/resolved.conf.d/
-    {
-        echo "[Resolve]"
-        echo "DNSSEC=no"
-        echo "DNSOverTLS=no"
-    } > /run/systemd/resolved.conf.d/90-resolved.conf
-    systemctl reload systemd-resolved.service
-
-    test "$(resolvectl show-cache --json=short | jq -rc '.[] | select(.ifname == "dns2" and .protocol == "dns") | .dnssec')" == 'no'
-    test "$(resolvectl show-cache --json=short | jq -rc '.[] | select(.ifname == "dns2" and .protocol == "dns") | .dnsOverTLS')" == 'no'
-
-    {
-        echo "[Resolve]"
-        echo "DNSSEC=allow-downgrade"
-        echo "DNSOverTLS=opportunistic"
-    } > /run/systemd/resolved.conf.d/90-resolved.conf
-    systemctl reload systemd-resolved.service
-
-    test "$(resolvectl show-cache --json=short | jq -rc '.[] | select(.ifname == "dns2" and .protocol == "dns") | .dnssec')" == 'allow-downgrade'
-    test "$(resolvectl show-cache --json=short | jq -rc '.[] | select(.ifname == "dns2" and .protocol == "dns") | .dnsOverTLS')" == 'opportunistic'
 }

 testcase_10_resolvectl_json() {
@ -908,7 +857,7 @@ testcase_11_nft() {
    {
        echo "[Resolve]"
        echo "StaleRetentionSec=1d"
-    } >/run/systemd/resolved.conf.d/10-test.conf
+    } >/run/systemd/resolved.conf.d/test.conf
    systemctl reload systemd-resolved.service

    run dig stale1.unsigned.test -t A
@ -999,7 +948,7 @@ testcase_12_resolvectl2() {
    # Cleanup
    # shellcheck disable=SC2317
    cleanup() {
-        rm -f /run/systemd/resolved.conf.d/90-reload.conf
+        rm -f /run/systemd/resolved.conf.d/reload.conf
        systemctl reload systemd-resolved.service
        resolvectl revert dns0
    }
@ -1054,7 +1003,7 @@ testcase_12_resolvectl2() {
        echo "[Resolve]"
        echo "DNS=8.8.8.8"
        echo "DNSStubListenerExtra=127.0.0.153"
-    } >/run/systemd/resolved.conf.d/90-reload.conf
+    } >/run/systemd/resolved.conf.d/reload.conf
    resolvectl dns dns0 1.1.1.1
    systemctl reload systemd-resolved.service
    resolvectl status
@ -1072,7 +1021,7 @@ testcase_12_resolvectl2() {
        echo "[Resolve]"
        echo "DNS=8.8.4.4"
        echo "DNSStubListenerExtra=127.0.0.154"
-    } >/run/systemd/resolved.conf.d/90-reload.conf
+    } >/run/systemd/resolved.conf.d/reload.conf
    systemctl reload systemd-resolved.service
    resolvectl status

@ -1104,7 +1053,7 @@ testcase_13_varlink_subscribe_dns_configuration() {
        echo "===== io.systemd.Resolve.Monitor.SubscribeDNSConfiguration output: ====="
        cat "$tmpfile"
        echo "=========="
-        rm -f /run/systemd/resolved.conf.d/90-global-dns.conf
+        rm -f /run/systemd/resolved.conf.d/global-dns.conf
        restart_resolved
        resolvectl revert dns0
    }
@ -1122,7 +1071,7 @@ testcase_13_varlink_subscribe_dns_configuration() {
    {
        echo "[Resolve]"
        echo "DNS="
-    } > /run/systemd/resolved.conf.d/90-global-dns.conf
+    } > /run/systemd/resolved.conf.d/global-dns.conf
    systemctl reload systemd-resolved.service
    resolvectl dns dns0 ""
    resolvectl domain dns0 ""
@ -1140,7 +1089,7 @@ testcase_13_varlink_subscribe_dns_configuration() {
        echo "[Resolve]"
        echo "DNS=8.8.8.8"
        echo "Domains=lan"
-    } > /run/systemd/resolved.conf.d/90-global-dns.conf
+    } > /run/systemd/resolved.conf.d/global-dns.conf
    systemctl reload systemd-resolved.service

    # Update a link configuration.
@ -1178,7 +1127,7 @@ testcase_13_varlink_subscribe_dns_configuration() {
 testcase_14_refuse_record_types() {
    # shellcheck disable=SC2317
    cleanup() {
-        rm -f /run/systemd/resolved.conf.d/90-refuserecords.conf
+        rm -f /run/systemd/resolved.conf.d/refuserecords.conf
        restart_resolved
    }
    trap cleanup RETURN ERR
@ -1187,7 +1136,7 @@ testcase_14_refuse_record_types() {
    {
        echo "[Resolve]"
        echo "RefuseRecordTypes=AAAA SRV TXT"
-    } >/run/systemd/resolved.conf.d/90-refuserecords.conf
+    } >/run/systemd/resolved.conf.d/refuserecords.conf
    systemctl reload systemd-resolved.service

    run dig localhost -t AAAA
@ -1236,7 +1185,7 @@ testcase_14_refuse_record_types() {
    {
        echo "[Resolve]"
        echo "RefuseRecordTypes=AAAA"
-    } >/run/systemd/resolved.conf.d/90-refuserecords.conf
+    } >/run/systemd/resolved.conf.d/refuserecords.conf
    systemctl reload systemd-resolved.service

    run dig localhost -t SRV
@ -1285,7 +1234,7 @@ testcase_14_refuse_record_types() {
    {
        echo "[Resolve]"
        echo "RefuseRecordTypes=A AAAA"
-    } >/run/systemd/resolved.conf.d/90-refuserecords.conf
+    } >/run/systemd/resolved.conf.d/refuserecords.conf
    systemctl reload systemd-resolved.service

    run resolvectl service _mysvc._tcp signed.test
@ -1307,7 +1256,7 @@ testcase_14_refuse_record_types() {
    {
        echo "[Resolve]"
        echo "RefuseRecordTypes=AAAA TXT"
-    } >/run/systemd/resolved.conf.d/90-refuserecords.conf
+    } >/run/systemd/resolved.conf.d/refuserecords.conf
    systemctl reload systemd-resolved.service

    run resolvectl service _mysvc._tcp signed.test
@ -1328,7 +1277,7 @@ testcase_14_refuse_record_types() {
    {
        echo "[Resolve]"
        echo "RefuseRecordTypes=SRV"
-    } >/run/systemd/resolved.conf.d/90-refuserecords.conf
+    } >/run/systemd/resolved.conf.d/refuserecords.conf
    systemctl reload systemd-resolved.service

    (! run resolvectl service _mysvc._tcp signed.test)