2024-04-22 14:08:03 +02:00
|
|
|
[Resolve]
|
|
|
|
|
# Don't trust upstream to verify DNSSEC, even if was encrypted.
|
|
|
|
|
# https://notes.valdikss.org.ru/jabber.ru-mitm/
|
|
|
|
|
# BREAKAGE WARNING for everything else than DNSSEC=false !
|
|
|
|
|
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
|
|
|
|
|
# PRIVACY WARNING! systemd-networkd/links may override this.
|
2024-04-25 12:45:37 +02:00
|
|
|
# NOTE: Empty variables unset whatever is set before! They are not a mistake.
|
2024-04-22 14:08:03 +02:00
|
|
|
DNSSEC=true
|
|
|
|
|
# Take the risk of downgrade attacks. Web browser policies enforce
|
|
|
|
|
# DNS-over-HTTPS anyway due to Encrypted Client Hello (ECH) still requiring
|
|
|
|
|
# it.
|
2024-04-22 14:43:50 +02:00
|
|
|
#DNSOverTLS=opportunistic
|
|
|
|
|
DNSOverTLS=true
|
2024-04-22 14:08:03 +02:00
|
|
|
Cache=true
|
2024-04-25 12:45:37 +02:00
|
|
|
# Consider local DNS servers if they exist.
|
2024-04-22 14:08:03 +02:00
|
|
|
DNS=
|
|
|
|
|
DNS=::1
|
2024-04-25 12:45:37 +02:00
|
|
|
DNS=127.0.0.1
|
|
|
|
|
FallbackDNS=
|
|
|
|
|
FallbackDNS=::1
|
|
|
|
|
FallbackDNS=127.0.0.1
|
2024-04-22 14:08:03 +02:00
|
|
|
Domains=~.
|
|
|
|
|
# .local domains
|
|
|
|
|
MulticastDNS=true
|
|
|
|
|
# Microsoft Windows compatibility?
|
|
|
|
|
LLMNR=true
|
|
|
|
|
|
|
|
|
|
# vim: filetype=systemd
|
