From ba55b2c9e9468aa7cc48d7a75ac7e9fb0cea9fb3 Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Tue, 23 Apr 2024 19:26:33 +0300
Subject: [PATCH] {bash,zsh}rc: specify LOCALDOMAIN & RES_OPTIONS

---
 rc/bashrc | 6 ++++++
 rc/zshrc  | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/rc/bashrc b/rc/bashrc
index c4cc804d..4da6e1a9 100755
--- a/rc/bashrc
+++ b/rc/bashrc
@@ -254,6 +254,12 @@ export LSCOLORS=gxBxhxDxfxhxhxhxhxcxcx
 # znc uses this variable for figuring out hostname
 #export HOSTNAME=$(hostname --fqdn)
 
+# Ensure not leaking queries to upstream nameservers (resolv.conf)
+export LOCALDOMAIN=.
+# Secureish resolv.conf options (except trust-ad, but systemd also sets it
+# regardless of whether DNSSEC=true or not.
+export RES_OPTIONS="edns0 trust-ad timeout:1 attempts:5"
+
 #####	Aliases						RJ706I	#####
 
 # To get sudo work with aliases.
diff --git a/rc/zshrc b/rc/zshrc
index 3d216dfd..961348dd 100755
--- a/rc/zshrc
+++ b/rc/zshrc
@@ -213,6 +213,12 @@ export LSCOLORS=gxBxhxDxfxhxhxhxhxcxcx
 # znc uses this variable for figuring out hostname
 #export HOSTNAME=$(hostname --fqdn)
 
+# Ensure not leaking queries to upstream nameservers (resolv.conf)
+export LOCALDOMAIN=.
+# Secureish resolv.conf options (except trust-ad, but systemd also sets it
+# regardless of whether DNSSEC=true or not.
+export RES_OPTIONS="edns0 trust-ad timeout:1 attempts:5"
+
 #####	Aliases						RJ706I	#####
 
 # To get sudo work with aliases.