Mikaela/shell-things
1
0
Fork 0
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git synced 2024-11-22 03:09:22 +01:00
Code Issues Projects Releases Wiki Activity

NetworkManager: add dnsmasq.d/mikaela.conf

Browse Source 
I want DNSMasq to behave a little differently from the NetworkManager
defaults.

The default cache size of 150/400 seems a little small and 10 000 probably
won't be full soon and I am sure modern systems at least at home where I
am using dnsmasq again won't suffer from it.

By default dnsmasq started by NEtworkManager only listens on 127.0.0.1
while ::1 also exists, I want it to be also listened on in case anything
decides to try querying with it.

DNSSEC is not checked by default while I want that behaviour, but as I
am using OpenDNS I cannot make it verify unsigned zones are unsigned :(

Also add symlink to trust-anchors.conf that should ship with DNSSEC to
avoid having to deal with it manually. It should work as a reminder that
it's also needed.
This commit is contained in:
Aminda Suomalainen 2016-12-14 11:54:48 +02:00
parent 1ba8dd4137
commit d17a1d936b
No known key found for this signature in database
GPG Key ID: 0C207F07B2F32B67
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
etc/NetworkManager/dnsmasq.d/mikaela.conf Normal file
View File

@ -0,0 +1,14 @@
# Default 150, 10 000 probably won't hurt with RAM of modern devices
cache-size=10000
# Also listen on IPv6 localhost
listen-address=::1,127.0.0.1
# Attempt to verify DNSSEC
# ln -s /usr/share/dnsmasq/trust-anchors.conf trust-anchors.conf
# dnsmasq-base on Ubuntu
dnssec
# Verify that DNSSEC is not stripped, disabled thanks to OpenDNS, to be
# enabled if they ever stop that behaviour (I hope).
#dnssec-check-unsigned

1
etc/NetworkManager/dnsmasq.d/trust-anchors.conf Symbolic link
View File

@ -0,0 +1 @@
/usr/share/dnsmasq/trust-anchors.conf