systemd-resolved: another attempt at local resolvers

2024-11-22 03:09:22 +01:00 · 2024-04-25 13:45:37 +03:00 · 2024-04-25 13:45:37 +03:00 · 342e3116a6
commit 342e3116a6
parent d17ad34650
2 changed files with 20 additions and 2 deletions
--- a/etc/systemd/resolved.conf.d/00-defaults.conf
+++ b/etc/systemd/resolved.conf.d/00-defaults.conf
@ -4,6 +4,7 @@
 # BREAKAGE WARNING for everything else than DNSSEC=false !
 # https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
 # PRIVACY WARNING! systemd-networkd/links may override this.
+# NOTE: Empty variables unset whatever is set before! They are not a mistake.
 DNSSEC=true
 # Take the risk of downgrade attacks. Web browser policies enforce
 # DNS-over-HTTPS anyway due to Encrypted Client Hello (ECH) still requiring
@ -11,10 +12,13 @@ DNSSEC=true
 #DNSOverTLS=opportunistic
 DNSOverTLS=true
 Cache=true
-# Consider local DNS servers if they exist. Empty should erase previous values.
+# Consider local DNS servers if they exist.
 DNS=
-DNS=127.0.0.1
 DNS=::1
+DNS=127.0.0.1
+FallbackDNS=
+FallbackDNS=::1
+FallbackDNS=127.0.0.1
 Domains=~.
 # .local domains
 MulticastDNS=true
--- a/etc/systemd/resolved.conf.d/zz-local-resolver.conf
+++ b/etc/systemd/resolved.conf.d/zz-local-resolver.conf
@ -0,0 +1,14 @@
+# Being at the end of the English alphabet, this file will take priority
+# and override values of others with the unsets.
+[Resolve]
+DNSSEC=false
+DNSOverTLS=false
+Cache=false
+DNS=
+DNS=::1
+DNS=127.0.0.1
+FallbackDNS=
+FallbackDNS=::1
+FallbackDNS=127.0.0.1
+Domains=~.
+# vim: filetype=systemd