systemd.dns-delegate - Man Page

*.dns-delegate files may be used to delegate DNS lookups in specific domains to specific DNS servers. These files are read by systemd-resolved.service(8). Each such file defines a combination of one or more DNS servers and one or more DNS domains. Each such definition synthesizes a DNS lookup scope that ensure lookups below the specified domains are sent to the specified DNS servers, possibly in addition to any per-interface scopes and the global scope that systemd-resolved maintains anyway.

DNS=

Takes one or more DNS server specifications, in the same syntax as the option of the same name in resolved.conf(5).

Added in version 258.

Domains=

Takes one or more domain name specifications, in the same syntax as the option of the same name in resolved.conf(5).

Added in version 258.

DefaultRoute=

Takes a boolean value, defaults to off. Controls whether this DNS server is a candidate for looking up records for which no better route exists.

Added in version 258.

FirewallMark=

Takes a 32 bit unsigned integer value. Controls the firewall mark of packets generated by the socket used to make DNS requests for this DNS delegate. This can be used in the firewall logic to filter packets from this socket. This sets the SO_MARK socket option. See iptables(8) for details.

Added in version 260.

Example 1. 

# /etc/systemd/dns-delegate.d/foobar.dns-delegate
[Delegate]
DNS=203.0.113.47
Domains=foobar.com
FirewallMark=42

This ensures lookups of "foobar.com" and any domains below it are directed to DNS server 203.0.113.47 and any packets related to this lookup have a firewall mark set to 42.

systemd(1), systemd-resolved.service(8), resolved.conf(5), resolvectl(1)

systemd.directives(7), systemd.index(7), systemd-resolved.service(8).