mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-12-23 03:02:52 +01:00
NetworkManager: add dnsmasq.d/mikaela.conf
I want DNSMasq to behave a little differently from the NetworkManager defaults. The default cache size of 150/400 seems a little small and 10 000 probably won't be full soon and I am sure modern systems at least at home where I am using dnsmasq again won't suffer from it. By default dnsmasq started by NEtworkManager only listens on 127.0.0.1 while ::1 also exists, I want it to be also listened on in case anything decides to try querying with it. DNSSEC is not checked by default while I want that behaviour, but as I am using OpenDNS I cannot make it verify unsigned zones are unsigned :( Also add symlink to trust-anchors.conf that should ship with DNSSEC to avoid having to deal with it manually. It should work as a reminder that it's also needed.
This commit is contained in:
parent
1ba8dd4137
commit
d17a1d936b
14
etc/NetworkManager/dnsmasq.d/mikaela.conf
Normal file
14
etc/NetworkManager/dnsmasq.d/mikaela.conf
Normal file
@ -0,0 +1,14 @@
|
||||
# Default 150, 10 000 probably won't hurt with RAM of modern devices
|
||||
cache-size=10000
|
||||
|
||||
# Also listen on IPv6 localhost
|
||||
listen-address=::1,127.0.0.1
|
||||
|
||||
# Attempt to verify DNSSEC
|
||||
# ln -s /usr/share/dnsmasq/trust-anchors.conf trust-anchors.conf
|
||||
# dnsmasq-base on Ubuntu
|
||||
dnssec
|
||||
|
||||
# Verify that DNSSEC is not stripped, disabled thanks to OpenDNS, to be
|
||||
# enabled if they ever stop that behaviour (I hope).
|
||||
#dnssec-check-unsigned
|
1
etc/NetworkManager/dnsmasq.d/trust-anchors.conf
Symbolic link
1
etc/NetworkManager/dnsmasq.d/trust-anchors.conf
Symbolic link
@ -0,0 +1 @@
|
||||
/usr/share/dnsmasq/trust-anchors.conf
|
Loading…
Reference in New Issue
Block a user