Drop connections and caches and reload config from files, to allow
for low-interruptions updates, and hook up to the usual SIGHUP and
ExecReload=. Mark servers and services configured directly via D-Bus
so that they can be kept around, and only the configuration file
settings are dropped and reloaded.
Fixes https://github.com/systemd/systemd/issues/17503
Fixes https://github.com/systemd/systemd/issues/20604
This tries to add information about when each option was added. It goes
back to version 183.
The version info is included from a separate file to allow generating it,
which would allow more control on the formatting of the final output.
ImportCredential= takes a credential name and searches for a matching
credential in all the credential stores we know about it. It supports
globs which are expanded so that all matching credentials are loaded.
Note that this drops ProtectProc=invisible from
systemd-resolved.service.
This is done because othewise access to the booted "kernel" command line is not
necessarily available. That's because in containers we want to read
/proc/1/cmdline for that.
Fixes: #24103
This beefs up the DNS stub logic to listen on two IP addresses:
127.0.0.53 (as before) + 127.0.0.54 (new). When the latter is contact
our stub will operate in "bypass" mode only, i.e we'll try to pass DNS
requests as unmodified upstream as we can (and not do mDNS/LLMNR and
such, also no DNSSEC validation – but we'll still do DNS-over-TLS
wrapping).
This is supposed to be useful for container environments or tethering:
this stub could be exposed (via NAT redirect) to clients of this system
and we'll try to stay out of the way with doing too much DNS magic
ourselves, but still expose whatever the current DNS server is from
upstream under a stable address/port.
How to use this:
# iptables -t nat -I PREROUTING -p udp -i <interface> --dport 53 -j DNAT --to 127.0.0.54:53
# echo 1 > /proc/sys/net/ipv4/conf/<interface>/route_localnet
Text currently refers to `/etc/nsswitch.conf` where it should refer to `/etc/resolv.conf`.
This is in the context of defining a nameserver IP and search domains.
