systemd.dns-delegate — DNS Server Delegation Configuration
/etc/systemd/dns-delegate.d/*.dns-delegate |
/run/systemd/dns-delegate.d/*.dns-delegate |
/usr/local/lib/systemd/dns-delegate.d/*.dns-delegate |
/usr/lib/systemd/dns-delegate.d/*.dns-delegate |
*.dns-delegate files may be used to delegate DNS lookups in specific domains to
specific DNS servers. These files are read by
systemd-resolved.service(8).
Each such file defines a combination of one or more DNS servers and one or more DNS domains. Each such
definition synthesizes a DNS lookup scope that ensure lookups below the specified domains are sent to the
specified DNS servers, possibly in addition to any per-interface scopes and the global scope that
systemd-resolved maintains anyway.
DNS=¶Takes one or more DNS server specifications, in the same syntax as the option of the same name in resolved.conf(5).
Domains=¶Takes one or more domain name specifications, in the same syntax as the option of the same name in resolved.conf(5).
DefaultRoute=¶Takes a boolean value, defaults to off. Controls whether this DNS server is a candidate for looking up records for which no better route exists.
FirewallMark=¶Takes a 32 bit unsigned integer value. Controls the firewall mark of packets generated by the
socket used to make DNS requests for this DNS delegate. This can be used in the firewall logic to
filter packets from this socket.
This sets the SO_MARK socket option. See iptables(8) for
details.
Example 1.
# /etc/systemd/dns-delegate.d/foobar.dns-delegate [Delegate] DNS=203.0.113.47 Domains=foobar.com FirewallMark=42
This ensures lookups of "foobar.com" and any domains below it are directed to
DNS server 203.0.113.47 and any packets related to this lookup have a firewall mark set to 42.