shell-things/etc/resolv.conf

# Don't do this, just run this instead:
#     sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

# Problem: unbound is slow to start and everything complains of failing DNS,
# and systemd-resolved often gets itself stuck with DNSSEC.
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
# Solution that I dislike: use both unbound & systemd-resolved! When one
# breaks, maybe the other still works! Funnily /etc/resolv.conf is still
# restricted to three nameservers. However this may cause slowness unless
# the options timeout is specified and I increase attempts to further prefer
# unbound (which is listed twice).

# unbound or other local resolver
nameserver ::1
nameserver 127.0.0.1

# systemd-resolved. WARNING: May cause DNS leaks.
nameserver 127.0.0.53
# also systemd-resolved, but this is limited to three entries (others ignored)
#nameserver 127.0.0.54

# edns0 = extended DNS
# trust-ad = trust DNSSEC authenticated data
# timeout:1 = nameserver timeout 1 s (default 5, max 30), then next
# attempts:5 = if all nameservers fail, attempt again 5 times (def 2, max 5)
options edns0 trust-ad timeout:1 attempts:5

# no sending local domain to upstream whenever NXDOMAIN happens
search .

# PS. Remove empty lines and comments if this ends up in /etc/resolv.conf
# PPS. The traditional spell is:
#    sudo chattr -i /etc/resolv.conf;sudo nvim /etc/resolv.conf;sudo chattr +i /etc/resolv.conf
practically rewrite etc/resolv.conf 2023-12-26 09:51:30 +01:00			`# Don't do this, just run this instead:`
			`# sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf`
resolv.conf: move resolvers to resolv.csv 2020-09-27 14:05:53 +02:00
practically rewrite etc/resolv.conf 2023-12-26 09:51:30 +01:00			`# Problem: unbound is slow to start and everything complains of failing DNS,`
			`# and systemd-resolved often gets itself stuck with DNSSEC.`
			`# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867`
			`# Solution that I dislike: use both unbound & systemd-resolved! When one`
			`# breaks, maybe the other still works! Funnily /etc/resolv.conf is still`
resolv.conf: remove rotate comments, attempt to explain the logic behind timeout & attempts 2024-04-23 15:23:36 +02:00			`# restricted to three nameservers. However this may cause slowness unless`
			`# the options timeout is specified and I increase attempts to further prefer`
			`# unbound (which is listed twice).`
etc/resolv.conf: add dnscrypt-proxy & searches mikaela.internal that I have adopted and I have no idea if I am allowed to use TLDs here, but I am putting local there anyway. 2018-10-26 21:48:38 +02:00
resolv.conf: remove rotate comments, attempt to explain the logic behind timeout & attempts 2024-04-23 15:23:36 +02:00			`# unbound or other local resolver`
practically rewrite etc/resolv.conf 2023-12-26 09:51:30 +01:00			`nameserver ::1`
			`nameserver 127.0.0.1`
resolv.conf: more notes, hilight systemd-resolved, add DoH addresses 2020-08-08 18:44:08 +02:00
etc/resolv.conf: add warning about mixing systemd-resolved & unbound 2024-04-22 13:15:17 +02:00			`# systemd-resolved. WARNING: May cause DNS leaks.`
practically rewrite etc/resolv.conf 2023-12-26 09:51:30 +01:00			`nameserver 127.0.0.53`
resolv.conf: remove rotate comments, attempt to explain the logic behind timeout & attempts 2024-04-23 15:23:36 +02:00			`# also systemd-resolved, but this is limited to three entries (others ignored)`
			`#nameserver 127.0.0.54`
resolv.conf: more notes, hilight systemd-resolved, add DoH addresses 2020-08-08 18:44:08 +02:00
etc/resolv.conf: add warning about mixing systemd-resolved & unbound 2024-04-22 13:15:17 +02:00			`# edns0 = extended DNS`
etc/resolv.conf: specify timeout 1 and attempts 5 2024-04-23 15:03:49 +02:00			`# trust-ad = trust DNSSEC authenticated data`
			`# timeout:1 = nameserver timeout 1 s (default 5, max 30), then next`
etc/resolv.conf: fix comment 2024-04-23 15:47:03 +02:00			`# attempts:5 = if all nameservers fail, attempt again 5 times (def 2, max 5)`
etc/resolv.conf: specify timeout 1 and attempts 5 2024-04-23 15:03:49 +02:00			`options edns0 trust-ad timeout:1 attempts:5`
etc/resolv.conf: add notes for nm-connection-editor 2018-08-10 16:18:33 +02:00
practically rewrite etc/resolv.conf 2023-12-26 09:51:30 +01:00			`# no sending local domain to upstream whenever NXDOMAIN happens`
			`search .`
resolv.conf: add missing empty line 2020-07-23 21:59:53 +02:00
practically rewrite etc/resolv.conf 2023-12-26 09:51:30 +01:00			`# PS. Remove empty lines and comments if this ends up in /etc/resolv.conf`
			`# PPS. The traditional spell is:`
			`# sudo chattr -i /etc/resolv.conf;sudo nvim /etc/resolv.conf;sudo chattr +i /etc/resolv.conf`