shell-things/etc/systemd/resolved.conf.d/00-defaults.conf

[Resolve]
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
#DNSSEC=allow-downgrade
# Regardless of the above DNS breaking issues when DNSSEC is
# enabled/opportunistic, it provides authentication which is important. TLS
# cannot be fully trusted. https://notes.valdikss.org.ru/jabber.ru-mitm/
DNSSEC=yes
DNSOverTLS=opportunistic
Cache=yes
etc/ststemd/resolved…: aggressive cleanup/rewriting 2022-03-28 19:28:17 +02:00			`[Resolve]`
etc…resolved…: add/clarify links in/to comments Courtesy of https://wiki.archlinux.org/title/Systemd-resolved#DNSSEC 2022-03-28 19:34:34 +02:00			`# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867`
etc/ststemd/resolved…: aggressive cleanup/rewriting 2022-03-28 19:28:17 +02:00			`#DNSSEC=allow-downgrade`
systemd-resolved: keep DNSSEC enabled 2023-10-21 10:27:07 +02:00			`# Regardless of the above DNS breaking issues when DNSSEC is`
			`# enabled/opportunistic, it provides authentication which is important. TLS`
			`# cannot be fully trusted. https://notes.valdikss.org.ru/jabber.ru-mitm/`
			`DNSSEC=yes`
etc/ststemd/resolved…: aggressive cleanup/rewriting 2022-03-28 19:28:17 +02:00			`DNSOverTLS=opportunistic`
			`Cache=yes`