mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-12-23 03:02:52 +01:00
systemd-resolved: think more on local resolvers or not
This commit is contained in:
parent
4c4508ba36
commit
b248392e8a
@ -1,4 +1,5 @@
|
||||
[Resolve]
|
||||
# Use this together with other files other than 00-only-unbound.conf!
|
||||
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
|
||||
#DNSSEC=allow-downgrade
|
||||
# Regardless of the above DNS breaking issues when DNSSEC is
|
12
etc/systemd/resolved.conf.d/00-only-local-resolver.conf
Normal file
12
etc/systemd/resolved.conf.d/00-only-local-resolver.conf
Normal file
@ -0,0 +1,12 @@
|
||||
[Resolve]
|
||||
# All this is done by Unbound. Don't use other files together with this one.
|
||||
DNSSEC=false
|
||||
DNSOverTLS=false
|
||||
Cache=false
|
||||
DNS=127.0.0.1
|
||||
DNS=::1
|
||||
Domains=~.
|
||||
# .local domains
|
||||
MulticastDNS=true
|
||||
# Microsoft Windows compatibility?
|
||||
LLMNR=true
|
@ -26,9 +26,15 @@ sudo systemctl restart systemd-resolved
|
||||
|
||||
## Files explained
|
||||
|
||||
- `00-defaults.conf` - configuration that should be used everywhere.
|
||||
- `00-no-local-resolver.conf` - configuration that should be used everywhere.
|
||||
Enables DNSSEC (regardless of systemd-resolved not handling it properly),
|
||||
enables opportunistic DoT, caching and local DNS servers.
|
||||
enables opportunistic DoT, caching and local DNS servers (because they
|
||||
should exist anyway as I don't trust systemd-resolved entirely. Anyway if
|
||||
there truly is no local resolver, systemd-resolved will detect that and act accordingly.)
|
||||
- To rephrase, this is sto be used together with other files, especially
|
||||
some of those beginning with `dot-`.
|
||||
- `00-only-local-resolver.conf` - for when there is known local resolver.
|
||||
**_Don't combine this with the other files._**
|
||||
- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
|
||||
captive portals are a concern, `DNSOverTLS=opportunistic`. At least one of these
|
||||
should be used in addition to `00-defaults.conf`
|
||||
|
Loading…
Reference in New Issue
Block a user