Mikaela
/
shell-things
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

etc/systemd/resolved.conf.d: add some configs 

These aren't seeing real world usage though as the only host not running
dnscrypt-proxy has too old systemd.
This commit is contained in:
Aminda Suomalainen 2019-03-25 13:41:23 +02:00
parent b438dde52d
commit 466a7bc2c1
No known key found for this signature in database
GPG Key ID: 0C207F07B2F32B67
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
etc/systemd/resolved.conf.d/general.conf Normal file
View File

@ -0,0 +1,5 @@
[Resolve]
#DNSSEC=allow-downgrade
DNSSEC=true
DNSOverTLS=opportunistic
Cache=true

15
etc/systemd/resolved.conf.d/quad9.conf Normal file
View File

@ -0,0 +1,15 @@
[Resolve]
DNS=2620:fe::9 149.112.112.112 2620:fe::fe 9.9.9.9
Domains=~.
DNSSEC=true
DNSOverTLS=opportunistic
Cache=true
# Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS.
# Sources:
# https://wiki.archlinux.org/index.php/Systemd-resolved
# * request for strict DOT: https://github.com/systemd/systemd/issues/10755
# * vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
# https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
# * I wouldn't have found having to set `~.` without this.