shell-things/etc/systemd/resolved.conf.d/quad9.conf

[Resolve]
DNS=2620:fe::9 149.112.112.112 2620:fe::fe 9.9.9.9
Domains=~.
DNSSEC=true
DNSOverTLS=opportunistic
Cache=true

# Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS
# (systemd v237)

# Sources:
# https://wiki.archlinux.org/index.php/Systemd-resolved
# * request for strict DOT: https://github.com/systemd/systemd/issues/10755
# * vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
# https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
# * I wouldn't have found having to set `~.` without this.

# DNSOverTLS became supported in v239, strict mode (yes) in v243 (big
# improvements in v244).
etc/systemd/resolved.conf.d: add some configs These aren't seeing real world usage though as the only host not running dnscrypt-proxy has too old systemd. 2019-03-25 12:41:23 +01:00			`[Resolve]`
			`DNS=2620:fe::9 149.112.112.112 2620:fe::fe 9.9.9.9`
			`Domains=~.`
			`DNSSEC=true`
			`DNSOverTLS=opportunistic`
			`Cache=true`

systemd/resolved.conf.d/quad9: expand on versions 2019-11-02 17:37:12 +01:00			`# Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS`
			`# (systemd v237)`
etc/systemd/resolved.conf.d: add some configs These aren't seeing real world usage though as the only host not running dnscrypt-proxy has too old systemd. 2019-03-25 12:41:23 +01:00
			`# Sources:`
			`# https://wiki.archlinux.org/index.php/Systemd-resolved`
			`# * request for strict DOT: https://github.com/systemd/systemd/issues/10755`
			`# * vulnerable to MITM: https://github.com/systemd/systemd/issues/9397`
			`# https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd`
			# * I wouldn't have found having to set `~.` without this.
systemd/resolved.conf.d/quad9: expand on versions 2019-11-02 17:37:12 +01:00
			`# DNSOverTLS became supported in v239, strict mode (yes) in v243 (big`
			`# improvements in v244).`