From a8e9d7d81f7c27424e5b42d713deb8686e30e354 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Mon, 20 Jul 2020 23:11:55 +0300 Subject: [PATCH] etc/resolv.conf: add option trust-ad --- etc/resolv.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/etc/resolv.conf b/etc/resolv.conf index ada25822..c86b8055 100644 --- a/etc/resolv.conf +++ b/etc/resolv.conf @@ -20,7 +20,9 @@ nameserver 9.9.9.9 nameserver 2620:fe::9 # CloudFlare IPv4 #1 #nameserver 1.1.1.1 -options edns0 single-request-reopen +# trust-ad option is required from glibc2.31+ to tell everything to trust +# AD/DNSSEC in case there is a localhost DNS server that validates it +options edns0 single-request-reopen #trust-ad # I am not entirely sure local is valid to use here. And this has a bad # habit of flooding nameserver with names I don't want it to know about # and in some cases there are _fun_ A/AAA responses to nonexistant domains.