1 files changed, 162 insertions, 0 deletions
diff --git a/upstream/debian-bookworm/man8/nss-resolve.8 b/upstream/debian-bookworm/man8/nss-resolve.8
new file mode 100644
index 00000000..994bd818
--- /dev/null
+++ b/upstream/debian-bookworm/man8/nss-resolve.8
@@ -0,0 +1,162 @@
+'\" t
+.TH "NSS\-RESOLVE" "8" "" "systemd 254" "nss-resolve"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+nss-resolve, libnss_resolve.so.2 \- Hostname resolution via systemd\-resolved\&.service
+.SH "SYNOPSIS"
+.PP
+libnss_resolve\&.so\&.2
+.SH "DESCRIPTION"
+.PP
+\fBnss\-resolve\fR
+is a plug\-in module for the GNU Name Service Switch (NSS) functionality of the GNU C Library (\fBglibc\fR) enabling it to resolve hostnames via the
+\fBsystemd-resolved\fR(8)
+local network name resolution service\&. It replaces the
+\fBnss\-dns\fR
+plug\-in module that traditionally resolves hostnames via DNS\&.
+.PP
+To activate the NSS module, add
+"resolve\ \&[!UNAVAIL=return]"
+to the line starting with
+"hosts:"
+in
+/etc/nsswitch\&.conf\&. Specifically, it is recommended to place
+"resolve"
+early in
+/etc/nsswitch\&.conf\*(Aqs
+"hosts:"
+line\&. It should be before the
+"files"
+entry, since
+systemd\-resolved
+supports
+/etc/hosts
+internally, but with caching\&. To the contrary, it should be after
+"mymachines", to give hostnames given to local VMs and containers precedence over names received over DNS\&. Finally, we recommend placing
+"dns"
+somewhere after
+"resolve", to fall back to
+\fBnss\-dns\fR
+if
+systemd\-resolved\&.service
+is not available\&.
+.PP
+Note that
+\fBsystemd\-resolved\fR
+will synthesize DNS resource records in a few cases, for example for
+"localhost"
+and the current local hostname, see
+\fBsystemd-resolved\fR(8)
+for the full list\&. This duplicates the functionality of
+\fBnss-myhostname\fR(8), but it is still recommended (see examples below) to keep
+\fBnss\-myhostname\fR
+configured in
+/etc/nsswitch\&.conf, to keep those names resolveable if
+\fBsystemd\-resolved\fR
+is not running\&.
+.PP
+Please keep in mind that
+\fBnss\-myhostname\fR
+(and
+\fBnss\-resolve\fR) also resolve in the other direction \(em from locally attached IP addresses to hostnames\&. If you rely on that lookup being provided by DNS, you might want to order things differently\&.
+.PP
+Communication between
+\fBnss\-resolve\fR
+and
+systemd\-resolved\&.service
+takes place via the
+/run/systemd/resolve/io\&.systemd\&.Resolve
+\fBAF_UNIX\fR
+socket\&.
+.SH "ENVIRONMENT VARIABLES"
+.PP
+\fI$SYSTEMD_NSS_RESOLVE_VALIDATE\fR
+.RS 4
+Takes a boolean argument\&. When false, cryptographic validation of resource records via DNSSEC will be disabled\&. This may be useful for testing, or when system time is known to be unreliable\&.
+.RE
+.PP
+\fI$SYSTEMD_NSS_RESOLVE_SYNTHESIZE\fR
+.RS 4
+Takes a boolean argument\&. When false, synthetic records, e\&.g\&. for the local host name, will not be returned\&. See section SYNTHETIC RECORDS in
+\fBsystemd-resolved.service\fR(8)
+for more information\&. This may be useful to query the "public" resource records, independent of the configuration of the local machine\&.
+.RE
+.PP
+\fI$SYSTEMD_NSS_RESOLVE_CACHE\fR
+.RS 4
+Takes a boolean argument\&. When false, the cache of previously queried records will not be used by
+\fBsystemd-resolved\fR(8)\&.
+.RE
+.PP
+\fI$SYSTEMD_NSS_RESOLVE_ZONE\fR
+.RS 4
+Takes a boolean argument\&. When false, answers using locally registered public LLMNR/mDNS resource records will not be returned\&.
+.RE
+.PP
+\fI$SYSTEMD_NSS_RESOLVE_TRUST_ANCHOR\fR
+.RS 4
+Takes a boolean argument\&. When false, answers using locally configured trust anchors will not be used\&.
+.RE
+.PP
+\fI$SYSTEMD_NSS_RESOLVE_NETWORK\fR
+.RS 4
+Takes a boolean argument\&. When false, answers will be returned without using the network, i\&.e\&. either from local sources or the cache in
+\fBsystemd-resolved\fR(8)\&.
+.RE
+.SH "EXAMPLE"
+.PP
+Here is an example
+/etc/nsswitch\&.conf
+file that enables
+\fBnss\-resolve\fR
+correctly:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+passwd:         compat systemd
+group:          compat [SUCCESS=merge] systemd
+shadow:         compat systemd
+gshadow:        files systemd
+
+hosts:          mymachines \fBresolve [!UNAVAIL=return]\fR files myhostname dns
+networks:       files
+
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+
+netgroup:       nis
+.fi
+.if n \{\
+.RE
+.\}
+.SH "SEE ALSO"
+.PP
+\fBsystemd\fR(1),
+\fBsystemd-resolved\fR(8),
+\fBnss-systemd\fR(8),
+\fBnss-myhostname\fR(8),
+\fBnss-mymachines\fR(8),
+\fBnsswitch.conf\fR(5),
+\fBsystemd.syntax\fR(5)