Mikaela/shell-things
1
0
Fork 0
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git synced 2024-11-01 07:59:22 +01:00
Code Issues Projects Releases Wiki Activity
5dbc461687
shell-things/etc/NetworkManager/dnsmasq.d/mikaela.conf

19 lines
741 B
Plaintext
Raw Normal View History

NetworkManager: add dnsmasq.d/mikaela.conf I want DNSMasq to behave a little differently from the NetworkManager defaults. The default cache size of 150/400 seems a little small and 10 000 probably won't be full soon and I am sure modern systems at least at home where I am using dnsmasq again won't suffer from it. By default dnsmasq started by NEtworkManager only listens on 127.0.0.1 while ::1 also exists, I want it to be also listened on in case anything decides to try querying with it. DNSSEC is not checked by default while I want that behaviour, but as I am using OpenDNS I cannot make it verify unsigned zones are unsigned :( Also add symlink to trust-anchors.conf that should ship with DNSSEC to avoid having to deal with it manually. It should work as a reminder that it's also needed.
2016-12-14 10:54:48 +01:00
# Default 150, 10 000 probably won't hurt with RAM of modern devices
cache-size=10000
# Also listen on IPv6 localhost
listen-address=::1,127.0.0.1
# Attempt to verify DNSSEC
# ln -s /usr/share/dnsmasq/trust-anchors.conf trust-anchors.conf
# dnsmasq-base on Ubuntu
dnssec
dnsmasq: I don't care about breaking OpenDNS OpenDNS should care about breaking me.
2017-01-12 11:54:52 +01:00
# Verify that DNSSEC is not stripped. This breaks OpenDNS, but at time
# of writing I don't care about OpenDNS as them not supporting DNSSEC is
# their issue, not my issue.
# https://support.opendns.com/hc/en-us/community/posts/220015487-Implement-DNSSEC
# https://support.opendns.com/hc/en-us/community/posts/220018307-DNSSEC-on-resolver-side
# https://support.opendns.com/hc/en-us/community/posts/220022287-support-for-DNSSEC
dnssec-check-unsigned
Reference in New Issue Copy Permalink