mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-11-22 11:19:22 +01:00
systemd-resolved: enforce DoT for files explicitly supporting it, demand DNSSEC from LAN resolver
This commit is contained in:
parent
b470649d3a
commit
c47faaf25e
@ -9,8 +9,7 @@ DNSSEC=true
|
||||
# Take the risk of downgrade attacks. Web browser policies enforce
|
||||
# DNS-over-HTTPS anyway due to Encrypted Client Hello (ECH) still requiring
|
||||
# it.
|
||||
#DNSOverTLS=opportunistic
|
||||
DNSOverTLS=true
|
||||
DNSOverTLS=opportunistic
|
||||
Cache=true
|
||||
# Consider local DNS servers if they exist.
|
||||
DNS=
|
||||
|
@ -2,6 +2,6 @@
|
||||
# OK, this is not 443, but it bothers me to not have both ports used.
|
||||
DNS=[2a02:1b8:10:234::2]:853#dot1.applied-privacy.net 146.255.56.98:853#dot1.applied-privacy.net
|
||||
DNS=[2a02:1b8:10:234::2]:443#dot1.applied-privacy.net 146.255.56.98:443#dot1.applied-privacy.net
|
||||
#DNSOverTLS=true
|
||||
DNSOverTLS=true
|
||||
|
||||
# vim: filetype=systemd
|
||||
|
@ -1,6 +1,6 @@
|
||||
[Resolve]
|
||||
DNS=94.140.14.14#dns.adguard.com 94.140.15.15#dns.adguard.com 2a10:50c0::ad1:ff#dns.adguard.com 2a10:50c0::ad2:ff#dns.adguard.com
|
||||
#DNS=94.140.14.140#unfiltered.adguard-dns.com 94.140.14.141#unfiltered.adguard-dns.com DNS=2a10:50c0::1:ff#unfiltered.adguard-dns.com 2a10:50c0::2:ff#unfiltered.adguard-dns.com
|
||||
#DNSOverTLS=true
|
||||
DNSOverTLS=true
|
||||
|
||||
# vim: filetype=systemd
|
||||
|
@ -3,6 +3,6 @@
|
||||
#DNS=2606:4700:4700::1111#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com 1.1.1.1#cloudflare-dns.com 2606:4700:4700::1111#one.one.one.one 1.1.1.1#one.one.one.one 1.0.0.1#one.one.one.one 2606:4700:4700::1001#one.one.one.one
|
||||
# Malicious domain filtering
|
||||
DNS=2606:4700:4700::1112#security.cloudflare-dns.com 2606:4700:4700::1002#security.cloudflare-dns.com 1.1.1.2#security.cloudflare-dns.com 1.0.0.2#security.cloudflare-dns.com
|
||||
#DNSOverTLS=true
|
||||
DNSOverTLS=true
|
||||
|
||||
# vim: filetype=systemd
|
||||
|
@ -3,6 +3,6 @@ DNS=193.110.81.0#dns0.eu 185.253.5.0#dns0.eu 2a0f:fc80::#dns0.eu 2a0f:fc81::#dns
|
||||
#DNS=193.110.81.1#kids.dns0.eu 185.253.5.1#kids.dns0.eu 2a0f:fc80::1#kids.dns0.eu 2a0f:fc81::1#kids.dns0.eu
|
||||
#DNS=193.110.81.254#open.dns0.eu 185.253.5.254#open.dns0.eu 2a0f:fc80::ffff#open.dns0.eu 2a0f:fc81::ffff#open.dns0.eu
|
||||
#DNS=193.110.81.9#zero.dns0.eu 185.253.5.9#zero.dns0.eu 2a0f:fc80::9#zero.dns0.eu 2a0f:fc81::9#zero.dns0.eu
|
||||
#DNSOverTLS=true
|
||||
DNSOverTLS=true
|
||||
|
||||
# vim: filetype=systemd
|
||||
|
@ -4,6 +4,6 @@
|
||||
DNS=2a07:e340::4#base.dns.mullvad.net 194.242.2.4#base.dns.mullvad.net
|
||||
#DNS=2a07:e340::5#extended.dns.mullvad.net 194.242.2.5#extended.dns.mullvad.net
|
||||
#DNS=2a07:e340::9#all.dns.mullvad.net 194.242.2.9#all.dns.mullvad.net
|
||||
#DNSOverTLS=true
|
||||
DNSOverTLS=true
|
||||
|
||||
# vim: filetype=systemd
|
||||
|
@ -14,6 +14,6 @@ DNS=2620:fe::11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net [2620:fe::11]:885
|
||||
# No Threat Blocking + ECS
|
||||
#DNS=2620:fe::12#dns12.quad9.net 2620:fe::fe:12#dns12.quad9.net [2620:fe::12]:8853#dns12.quad9.net [2620:fe::fe:12]:8853#dns12.quad9.net
|
||||
#DNS=9.9.9.12#dns12.quad9.net 149.112.112.12#dns12.quad9.net 9.9.9.12:8853#dns12.quad9.net 149.112.112.12:8853#dns12.quad9.net
|
||||
#DNSOverTLS=true
|
||||
DNSOverTLS=true
|
||||
|
||||
# vim: filetype=systemd
|
||||
|
@ -8,5 +8,5 @@
|
||||
#DNS=192.168.8.1
|
||||
# Mikrotik
|
||||
#DNS=192.168.88.1
|
||||
|
||||
DNSSEC=true
|
||||
# vim: filetype=systemd
|
||||
|
Loading…
Reference in New Issue
Block a user