From d17a1d936bf967e631970ec04efd11c43896e171 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Wed, 14 Dec 2016 11:54:48 +0200 Subject: [PATCH] NetworkManager: add dnsmasq.d/mikaela.conf I want DNSMasq to behave a little differently from the NetworkManager defaults. The default cache size of 150/400 seems a little small and 10 000 probably won't be full soon and I am sure modern systems at least at home where I am using dnsmasq again won't suffer from it. By default dnsmasq started by NEtworkManager only listens on 127.0.0.1 while ::1 also exists, I want it to be also listened on in case anything decides to try querying with it. DNSSEC is not checked by default while I want that behaviour, but as I am using OpenDNS I cannot make it verify unsigned zones are unsigned :( Also add symlink to trust-anchors.conf that should ship with DNSSEC to avoid having to deal with it manually. It should work as a reminder that it's also needed. --- etc/NetworkManager/dnsmasq.d/mikaela.conf | 14 ++++++++++++++ etc/NetworkManager/dnsmasq.d/trust-anchors.conf | 1 + 2 files changed, 15 insertions(+) create mode 100644 etc/NetworkManager/dnsmasq.d/mikaela.conf create mode 120000 etc/NetworkManager/dnsmasq.d/trust-anchors.conf diff --git a/etc/NetworkManager/dnsmasq.d/mikaela.conf b/etc/NetworkManager/dnsmasq.d/mikaela.conf new file mode 100644 index 00000000..94692558 --- /dev/null +++ b/etc/NetworkManager/dnsmasq.d/mikaela.conf @@ -0,0 +1,14 @@ +# Default 150, 10 000 probably won't hurt with RAM of modern devices +cache-size=10000 + +# Also listen on IPv6 localhost +listen-address=::1,127.0.0.1 + +# Attempt to verify DNSSEC +# ln -s /usr/share/dnsmasq/trust-anchors.conf trust-anchors.conf +# dnsmasq-base on Ubuntu +dnssec + +# Verify that DNSSEC is not stripped, disabled thanks to OpenDNS, to be +# enabled if they ever stop that behaviour (I hope). +#dnssec-check-unsigned diff --git a/etc/NetworkManager/dnsmasq.d/trust-anchors.conf b/etc/NetworkManager/dnsmasq.d/trust-anchors.conf new file mode 120000 index 00000000..f7530329 --- /dev/null +++ b/etc/NetworkManager/dnsmasq.d/trust-anchors.conf @@ -0,0 +1 @@ +/usr/share/dnsmasq/trust-anchors.conf \ No newline at end of file