Mikaela
/
shell-things
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

practically rewrite etc/resolv.conf

This commit is contained in:
Aminda Suomalainen 2023-12-26 10:51:30 +02:00
parent 9d69584103
commit f31cb882a5
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
1 changed files with 20 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
etc/resolv.conf
View File

@ -1,32 +1,26 @@
# notes on resolv.conf, actual DNS resolvers in resolv.csv (not a system
# config file)
# Don't do this, just run this instead:
# sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
# Problem: unbound is slow to start and everything complains of failing DNS,
# and systemd-resolved often gets itself stuck with DNSSEC.
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
# Solution that I dislike: use both unbound & systemd-resolved! When one
# breaks, maybe the other still works! Funnily /etc/resolv.conf is still
# restricted to three nameservers.
# unbound
nameserver ::1
nameserver 127.0.0.1
# Local resolver (Unbound?)
#nameserver 127.0.0.1
#nameserver ::1
# systemd-resolved
#nameserver 127.0.0.51
# dnscrypt-proxy directly (Debian/systemd)
#nameserver 127.0.2.1
nameserver 127.0.0.53
# trust-ad option is required from glibc2.31+ to tell everything to trust
# AD/DNSSEC in case there is a localhost DNS server that validates it
options edns0 single-request-reopen trust-ad
# randomly utilize both, extended DNS, trust DNSSEC from both
options rotate edns0 trust-ad
# Disable search domains by looking for .
# no sending local domain to upstream whenever NXDOMAIN happens
search .
# note and remember missing DNSSEC
# use.opendns.com http://208.69.38.205/
# system.opendns.com http://208.69.38.170/
# systemd-resolved symlink files:
# !!! /run/systemd/resolve/stub-resolv.conf !!! /usr/lib/systemd/resolv.conf /run/systemd/resolve/resolv.conf
# !!! /run/systemd/resolve/stub-resolv.conf !!! contains search domains and doesn't seem to be
# overwritable and somehow works with Mullvad
# https://github.com/mullvad/mullvadvpn-app/issues/1952
# /usr/lib/systemd/resolv.conf doesn't contain search domains, can
# get overwritten and "broken"
# /run/systemd/resolve/resolv.conf contains uplink resolvers and domains
# SHOULDN'T BE USED!
# PS. Remove empty lines and comments if this ends up in /etc/resolv.conf
# PPS. The traditional spell is:
# sudo chattr -i /etc/resolv.conf;sudo nvim /etc/resolv.conf;sudo chattr +i /etc/resolv.conf