mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-11-26 05:09:23 +01:00
etc/systemd/resolved.conf.d: add some configs
These aren't seeing real world usage though as the only host not running dnscrypt-proxy has too old systemd.
This commit is contained in:
parent
b438dde52d
commit
466a7bc2c1
5
etc/systemd/resolved.conf.d/general.conf
Normal file
5
etc/systemd/resolved.conf.d/general.conf
Normal file
@ -0,0 +1,5 @@
|
||||
[Resolve]
|
||||
#DNSSEC=allow-downgrade
|
||||
DNSSEC=true
|
||||
DNSOverTLS=opportunistic
|
||||
Cache=true
|
15
etc/systemd/resolved.conf.d/quad9.conf
Normal file
15
etc/systemd/resolved.conf.d/quad9.conf
Normal file
@ -0,0 +1,15 @@
|
||||
[Resolve]
|
||||
DNS=2620:fe::9 149.112.112.112 2620:fe::fe 9.9.9.9
|
||||
Domains=~.
|
||||
DNSSEC=true
|
||||
DNSOverTLS=opportunistic
|
||||
Cache=true
|
||||
|
||||
# Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS.
|
||||
|
||||
# Sources:
|
||||
# https://wiki.archlinux.org/index.php/Systemd-resolved
|
||||
# * request for strict DOT: https://github.com/systemd/systemd/issues/10755
|
||||
# * vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
|
||||
# https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
|
||||
# * I wouldn't have found having to set `~.` without this.
|
Loading…
Reference in New Issue
Block a user