mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-12-23 11:12:48 +01:00
systemd-resolved: think more on local resolvers or not
This commit is contained in:
parent
4c4508ba36
commit
b248392e8a
@ -1,4 +1,5 @@
|
|||||||
[Resolve]
|
[Resolve]
|
||||||
|
# Use this together with other files other than 00-only-unbound.conf!
|
||||||
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
|
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
|
||||||
#DNSSEC=allow-downgrade
|
#DNSSEC=allow-downgrade
|
||||||
# Regardless of the above DNS breaking issues when DNSSEC is
|
# Regardless of the above DNS breaking issues when DNSSEC is
|
12
etc/systemd/resolved.conf.d/00-only-local-resolver.conf
Normal file
12
etc/systemd/resolved.conf.d/00-only-local-resolver.conf
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
[Resolve]
|
||||||
|
# All this is done by Unbound. Don't use other files together with this one.
|
||||||
|
DNSSEC=false
|
||||||
|
DNSOverTLS=false
|
||||||
|
Cache=false
|
||||||
|
DNS=127.0.0.1
|
||||||
|
DNS=::1
|
||||||
|
Domains=~.
|
||||||
|
# .local domains
|
||||||
|
MulticastDNS=true
|
||||||
|
# Microsoft Windows compatibility?
|
||||||
|
LLMNR=true
|
@ -26,9 +26,15 @@ sudo systemctl restart systemd-resolved
|
|||||||
|
|
||||||
## Files explained
|
## Files explained
|
||||||
|
|
||||||
- `00-defaults.conf` - configuration that should be used everywhere.
|
- `00-no-local-resolver.conf` - configuration that should be used everywhere.
|
||||||
Enables DNSSEC (regardless of systemd-resolved not handling it properly),
|
Enables DNSSEC (regardless of systemd-resolved not handling it properly),
|
||||||
enables opportunistic DoT, caching and local DNS servers.
|
enables opportunistic DoT, caching and local DNS servers (because they
|
||||||
|
should exist anyway as I don't trust systemd-resolved entirely. Anyway if
|
||||||
|
there truly is no local resolver, systemd-resolved will detect that and act accordingly.)
|
||||||
|
- To rephrase, this is sto be used together with other files, especially
|
||||||
|
some of those beginning with `dot-`.
|
||||||
|
- `00-only-local-resolver.conf` - for when there is known local resolver.
|
||||||
|
**_Don't combine this with the other files._**
|
||||||
- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
|
- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
|
||||||
captive portals are a concern, `DNSOverTLS=opportunistic`. At least one of these
|
captive portals are a concern, `DNSOverTLS=opportunistic`. At least one of these
|
||||||
should be used in addition to `00-defaults.conf`
|
should be used in addition to `00-defaults.conf`
|
||||||
|
Loading…
Reference in New Issue
Block a user