From 4560e776df7866f09d1c0bf209d3890414922abe Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Mon, 22 Apr 2024 15:43:50 +0300
Subject: [PATCH] systemd-{resolved,networkd}: just break things

---
 etc/systemd/network/10-ether.network         | 3 ++-
 etc/systemd/network/10-wlan.network          | 4 ++--
 etc/systemd/resolved.conf.d/00-defaults.conf | 3 ++-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/etc/systemd/network/10-ether.network b/etc/systemd/network/10-ether.network
index 699103fd..0a4d1578 100644
--- a/etc/systemd/network/10-ether.network
+++ b/etc/systemd/network/10-ether.network
@@ -31,7 +31,8 @@ DNS=::1
 DNS=127.0.0.1
 DNS=127.0.0.53
 DNSSEC=true
-DNSOverTLS=opportunistic
+#DNSOverTLS=opportunistic
+DNSOverTLS=true
 # Search domains
 Domains=.
 # Enable systemd-timesyncd with `timedatectl set-ntp true`, may be specified
diff --git a/etc/systemd/network/10-wlan.network b/etc/systemd/network/10-wlan.network
index ad326a66..ba294f77 100644
--- a/etc/systemd/network/10-wlan.network
+++ b/etc/systemd/network/10-wlan.network
@@ -29,7 +29,7 @@ MulticastDNS=true
 LLMNR=true
 # systemd-resolved configuration
 DNSSEC=true
-DNSSEC=false
-DNSOverTLS=opportunistic
+#DNSOverTLS=opportunistic
+DNSOverTLS=true
 # Search domains
 Domains=.
diff --git a/etc/systemd/resolved.conf.d/00-defaults.conf b/etc/systemd/resolved.conf.d/00-defaults.conf
index e9825c9f..cec8847c 100644
--- a/etc/systemd/resolved.conf.d/00-defaults.conf
+++ b/etc/systemd/resolved.conf.d/00-defaults.conf
@@ -8,7 +8,8 @@ DNSSEC=true
 # Take the risk of downgrade attacks. Web browser policies enforce
 # DNS-over-HTTPS anyway due to Encrypted Client Hello (ECH) still requiring
 # it.
-DNSOverTLS=opportunistic
+#DNSOverTLS=opportunistic
+DNSOverTLS=true
 Cache=true
 # Consider local DNS servers if they exist. Empty should erase previous values.
 DNS=