adjust resolv.conf order in the generator scripts

2025-10-31 09:27:20 +01:00 · 2024-08-10 11:32:22 +03:00 · 2024-08-10 11:32:22 +03:00 · 8702c16ac0
commit 8702c16ac0
parent e316f929d3
2 changed files with 3 additions and 4 deletions
--- a/etc/resolv.conf-generate.bash
+++ b/etc/resolv.conf-generate.bash
@ -17,7 +17,7 @@ rm -v /etc/resolv.conf
 # Actual resolv.conf creation. OK, this could read resolv.conf in this
 # directory, but I like this being self-contained.
 # tee -p = operate in a more appropriate MODE with pipes.
-printf 'nameserver ::1\nnameserver 127.0.0.1\nnameserver 127.0.0.53\nsearch .\noptions timeout:1 attempts:5 rotate edns0 trust-ad\n' | tee -p /etc/resolv.conf
+printf 'nameserver 127.0.0.53\nnameserver 127.0.0.1\nnameserver ::1\nsearch .\noptions timeout:1 attempts:5 rotate edns0 trust-ad\n' | tee -p /etc/resolv.conf

 # Remove all other permissions than everyone reading resolv.conf
 chmod -v a=r /etc/resolv.conf
--- a/etc/traditional-resolv.conf-generate.bash
+++ b/etc/traditional-resolv.conf-generate.bash
@ -20,10 +20,9 @@ chmod -v +w /etc/resolv.conf
 # Or it's a symlink to e.g. /run/systemd/resolve/stub-resolv.conf
 rm -v /etc/resolv.conf

-# No trust-ad here as chances are these resolvers are unencrypted and the
-# path to them isn't trusted.
+# trust-ad is here, because are you really going to use untrusted remote resolvers?
 # tee -p = operate in a more appropriate MODE with pipes.
-printf "nameserver %b\nnameserver %b\nnameserver %b\nsearch .\noptions timeout:1 attempts:5 rotate edns0\n" "$1" "$2" "$3" | tee -p /etc/resolv.conf
+printf "nameserver %b\nnameserver %b\nnameserver %b\nsearch .\noptions timeout:1 attempts:5 rotate edns0 trust-ad\n" "$1" "$2" "$3" | tee -p /etc/resolv.conf

 # Remove all other permissions than everyone reading resolv.conf
 chmod -v a=r /etc/resolv.conf