From 7be1800002806f750ce5d71cd58274dec97de856 Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Mon, 22 Apr 2024 13:16:14 +0300
Subject: [PATCH] systemd-networkd: disable DNSSEC/DNSOverTLS by default as
 localhost

---
 etc/systemd/network/10-ether.network | 2 ++
 etc/systemd/network/10-wlan.network  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/etc/systemd/network/10-ether.network b/etc/systemd/network/10-ether.network
index cf599224..f8b39704 100644
--- a/etc/systemd/network/10-ether.network
+++ b/etc/systemd/network/10-ether.network
@@ -31,8 +31,10 @@ DNS=127.0.0.1
 DNS=127.0.0.53
 #DNSSEC=true
 #DNSSEC=allow-downgrade
+DNSSEC=false
 #DNSOverTLS=true
 #DNSOverTLS=opportunistic
+DNSOverTLS=false
 # Search domains
 Domains=.
 # Enable systemd-timesyncd with `timedatectl set-ntp true`, may be specified
diff --git a/etc/systemd/network/10-wlan.network b/etc/systemd/network/10-wlan.network
index 384e92dd..6fbef876 100644
--- a/etc/systemd/network/10-wlan.network
+++ b/etc/systemd/network/10-wlan.network
@@ -29,7 +29,9 @@ LLMNR=true
 # systemd-resolved configuration
 #DNSSEC=true
 #DNSSEC=allow-downgrade
+DNSSEC=false
 #DNSOverTLS=true
 #DNSOverTLS=opportunistic
+DNSOverTLS=false
 # Search domains
 Domains=.