@@ -169,7 +169,7 @@
dns search-domains domain [domain ...]
dns server n address addr[:port] [addr[:port] ...]
- dns server n resolve-domains|exclude-domains domain [domain ...]
+ dns server n resolve-domains domain [domain ...]
dns server n dnssec yes|optional|no
dns server n transport DoH|DoT|plain
dns server n sni server-name
@@ -191,14 +191,10 @@
Optionally a port can be appended after a colon. IPv6 addresses need to
be enclosed in brackets if a port is appended.
- The ``resolve-domains`` and ``exclude-domains`` options take one or
- more DNS domains which are explicitly resolved or explicitly not resolved
- by a server. Only one of the options can be configured for a server.
- ``resolve-domains`` is used to define a split-dns setup, where only
- given domains are resolved by a server. ``exclude-domains`` is used to
- define domains which will never be resolved by a server (e.g. domains
- which can only be resolved locally). Systems which do not support fine
- grained DNS domain configuration, will ignore these settings.
+ The ``resolve-domains`` option takes one or more DNS domains used to define
+ a split-dns or dns-routing setup, where only the given domains are resolved
+ by the server. Systems which do not support fine grained DNS domain
+ configuration will ignore this setting.
The ``dnssec`` option is used to configure validation of DNSSEC records.
While the exact semantics may differ for resolvers on different systems,
@@ -663,7 +663,6 @@
dns_server_{n}_address_{m}
dns_server_{n}_port_{m}
dns_server_{n}_resolve_domain_{m}
- dns_server_{n}_exclude_domain_{m}
dns_server_{n}_dnssec
dns_server_{n}_transport
dns_server_{n}_sni
@@ -402,11 +402,9 @@
if (s->domains)
{
- const char *format = s->domain_type == DNS_RESOLVE_DOMAINS ?
- "dns_server_%d_resolve_domain_%d" : "dns_server_%d_exclude_domain_%d";
for (j = 1, d = s->domains; d != NULL; j++, d = d->next)
{
- setenv_dns_option(es, format, i, j, d->name);
+ setenv_dns_option(es, "dns_server_%d_resolve_domain_%d", i, j, d->name);
}
}
@@ -484,14 +482,7 @@
struct dns_domain *domain = server->domains;
if (domain)
{
- if (server->domain_type == DNS_RESOLVE_DOMAINS)
- {
- msg(D_SHOW_PARMS, " resolve domains:");
- }
- else
- {
- msg(D_SHOW_PARMS, " exclude domains:");
- }
+ msg(D_SHOW_PARMS, " resolve domains:");
while (domain)
{
msg(D_SHOW_PARMS, " %s", domain->name);
@@ -27,12 +27,6 @@
#include "buffer.h"
#include "env_set.h"
-enum dns_domain_type {
- DNS_DOMAINS_UNSET,
- DNS_RESOLVE_DOMAINS,
- DNS_EXCLUDE_DOMAINS
-};
-
enum dns_security {
DNS_SECURITY_UNSET,
DNS_SECURITY_NO,
@@ -68,7 +62,6 @@
size_t addr_count;
struct dns_server_addr addr[8];
struct dns_domain *domains;
- enum dns_domain_type domain_type;
enum dns_security dnssec;
enum dns_server_transport transport;
const char *sni;
@@ -514,7 +514,6 @@
" Valid options are :\n"
" address <addr[:port]> [addr[:port] ...] : server addresses 4/6\n"
" resolve-domains <domain> [domain ...] : split domains\n"
- " exclude-domains <domain> [domain ...] : domains not to resolve\n"
" dnssec <yes|no|optional> : option to use DNSSEC\n"
" type <DoH|DoT> : query server over HTTPS / TLS\n"
" sni <domain> : DNS server name indication\n"
@@ -8022,22 +8021,6 @@
}
else if (streq(p[3], "resolve-domains"))
{
- if (server->domain_type == DNS_EXCLUDE_DOMAINS)
- {
- msg(msglevel, "--dns server %ld: cannot use resolve-domains and exclude-domains", priority);
- goto err;
- }
- server->domain_type = DNS_RESOLVE_DOMAINS;
- dns_domain_list_append(&server->domains, &p[4], &options->dns_options.gc);
- }
- else if (streq(p[3], "exclude-domains"))
- {
- if (server->domain_type == DNS_RESOLVE_DOMAINS)
- {
- msg(msglevel, "--dns server %ld: cannot use exclude-domains and resolve-domains", priority);
- goto err;
- }
- server->domain_type = DNS_EXCLUDE_DOMAINS;
dns_domain_list_append(&server->domains, &p[4], &options->dns_options.gc);
}
else if (streq(p[3], "dnssec") && !p[5])