From 8c532e3ef8b749304bd5359e74454edd3ff1f932 Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Mon, 28 Mar 2022 20:34:34 +0300
Subject: [PATCH] =?UTF-8?q?etc=E2=80=A6resolved=E2=80=A6:=20add/clarify=20?=
 =?UTF-8?q?links=20in/to=20comments?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Courtesy of https://wiki.archlinux.org/title/Systemd-resolved#DNSSEC
---
 etc/systemd/resolved.conf.d/00-defaults.conf | 2 +-
 etc/systemd/resolved.conf.d/unbound.conf     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/systemd/resolved.conf.d/00-defaults.conf b/etc/systemd/resolved.conf.d/00-defaults.conf
index 91bc1fb8..a47ec07f 100644
--- a/etc/systemd/resolved.conf.d/00-defaults.conf
+++ b/etc/systemd/resolved.conf.d/00-defaults.conf
@@ -1,5 +1,5 @@
 [Resolve]
-# Breaks everything, https://github.com/systemd/systemd/issues?q=dnssec%3Dallow-downgrade+is%3Aissue+is%3Aopen
+# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
 #DNSSEC=allow-downgrade
 DNSSEC=no
 DNSOverTLS=opportunistic
diff --git a/etc/systemd/resolved.conf.d/unbound.conf b/etc/systemd/resolved.conf.d/unbound.conf
index 225842eb..ca839719 100644
--- a/etc/systemd/resolved.conf.d/unbound.conf
+++ b/etc/systemd/resolved.conf.d/unbound.conf
@@ -3,7 +3,7 @@
 DNS=127.0.0.1
 DNS=::1
 Domains=~.
-# Done better by Unbound
+# Done better by Unbound, no failed-auxiliary (https://github.com/systemd/systemd/issues/9867)
 DNSSEC=no
 # Not needed on localhost
 DNSOverTLS=no