'\" t .TH "NSS\-RESOLVE" "8" "" "systemd 255" "nss-resolve" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" nss-resolve, libnss_resolve.so.2 \- Hostname resolution via systemd\-resolved\&.service .SH "SYNOPSIS" .PP libnss_resolve\&.so\&.2 .SH "DESCRIPTION" .PP \fBnss\-resolve\fR is a plug\-in module for the GNU Name Service Switch (NSS) functionality of the GNU C Library (\fBglibc\fR) enabling it to resolve hostnames via the \fBsystemd-resolved\fR(8) local network name resolution service\&. It replaces the \fBnss\-dns\fR plug\-in module that traditionally resolves hostnames via DNS\&. .PP To activate the NSS module, add "resolve\ \&[!UNAVAIL=return]" to the line starting with "hosts:" in /etc/nsswitch\&.conf\&. Specifically, it is recommended to place "resolve" early in /etc/nsswitch\&.conf\*(Aqs "hosts:" line\&. It should be before the "files" entry, since systemd\-resolved supports /etc/hosts internally, but with caching\&. To the contrary, it should be after "mymachines", to give hostnames given to local VMs and containers precedence over names received over DNS\&. Finally, we recommend placing "dns" somewhere after "resolve", to fall back to \fBnss\-dns\fR if systemd\-resolved\&.service is not available\&. .PP Note that \fBsystemd\-resolved\fR will synthesize DNS resource records in a few cases, for example for "localhost" and the current local hostname, see \fBsystemd-resolved\fR(8) for the full list\&. This duplicates the functionality of \fBnss-myhostname\fR(8), but it is still recommended (see examples below) to keep \fBnss\-myhostname\fR configured in /etc/nsswitch\&.conf, to keep those names resolveable if \fBsystemd\-resolved\fR is not running\&. .PP Please keep in mind that \fBnss\-myhostname\fR (and \fBnss\-resolve\fR) also resolve in the other direction \(em from locally attached IP addresses to hostnames\&. If you rely on that lookup being provided by DNS, you might want to order things differently\&. .PP Communication between \fBnss\-resolve\fR and systemd\-resolved\&.service takes place via the /run/systemd/resolve/io\&.systemd\&.Resolve \fBAF_UNIX\fR socket\&. .SH "ENVIRONMENT VARIABLES" .PP \fI$SYSTEMD_NSS_RESOLVE_VALIDATE\fR .RS 4 Takes a boolean argument\&. When false, cryptographic validation of resource records via DNSSEC will be disabled\&. This may be useful for testing, or when system time is known to be unreliable\&. .sp Added in version 250\&. .RE .PP \fI$SYSTEMD_NSS_RESOLVE_SYNTHESIZE\fR .RS 4 Takes a boolean argument\&. When false, synthetic records, e\&.g\&. for the local host name, will not be returned\&. See section SYNTHETIC RECORDS in \fBsystemd-resolved.service\fR(8) for more information\&. This may be useful to query the "public" resource records, independent of the configuration of the local machine\&. .sp Added in version 250\&. .RE .PP \fI$SYSTEMD_NSS_RESOLVE_CACHE\fR .RS 4 Takes a boolean argument\&. When false, the cache of previously queried records will not be used by \fBsystemd-resolved\fR(8)\&. .sp Added in version 250\&. .RE .PP \fI$SYSTEMD_NSS_RESOLVE_ZONE\fR .RS 4 Takes a boolean argument\&. When false, answers using locally registered public LLMNR/mDNS resource records will not be returned\&. .sp Added in version 250\&. .RE .PP \fI$SYSTEMD_NSS_RESOLVE_TRUST_ANCHOR\fR .RS 4 Takes a boolean argument\&. When false, answers using locally configured trust anchors will not be used\&. .sp Added in version 250\&. .RE .PP \fI$SYSTEMD_NSS_RESOLVE_NETWORK\fR .RS 4 Takes a boolean argument\&. When false, answers will be returned without using the network, i\&.e\&. either from local sources or the cache in \fBsystemd-resolved\fR(8)\&. .sp Added in version 250\&. .RE .SH "EXAMPLE" .PP Here is an example /etc/nsswitch\&.conf file that enables \fBnss\-resolve\fR correctly: .sp .if n \{\ .RS 4 .\} .nf passwd: files systemd group: files [SUCCESS=merge] systemd shadow: files systemd gshadow: files systemd hosts: mymachines \fBresolve [!UNAVAIL=return]\fR files myhostname dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis .fi .if n \{\ .RE .\} .SH "SEE ALSO" .PP \fBsystemd\fR(1), \fBsystemd-resolved\fR(8), \fBnss-systemd\fR(8), \fBnss-myhostname\fR(8), \fBnss-mymachines\fR(8), \fBnsswitch.conf\fR(5), \fBsystemd.syntax\fR(5)