{bash,zsh}rc: specify LOCALDOMAIN & RES_OPTIONS

sway/autostart-utilities.conf: start KDE6 policykit
etc/resolv.conf: fix comment
2024-04-23 19:26:33 +03:00 · 2024-04-23 19:21:08 +03:00 · 2024-04-23 16:47:03 +03:00 · 2024-04-23 16:23:36 +03:00 · 2024-04-23 16:03:49 +03:00
4 changed files with 23 additions and 6 deletions
--- a/conf/sway/config.d/autostart-utilities.conf
+++ b/conf/sway/config.d/autostart-utilities.conf
@ -6,6 +6,7 @@
 #exec --no-startup-id lxpolkit
 # The KDE version as I tend to have it as base image (Fedora)
 exec --no-startup-id /usr/libexec/kf5/polkit-kde-authentication-agent-1
+exec --no-startup-id /usr/libexec/kf6/polkit-kde-authentication-agent-1
 # Debian
 exec --no-startup-id /usr/lib/x86_64-linux-gnu/libexec/polkit-kde-authentication-agent-1

--- a/etc/resolv.conf
+++ b/etc/resolv.conf
@ -6,20 +6,24 @@
 # https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
 # Solution that I dislike: use both unbound & systemd-resolved! When one
 # breaks, maybe the other still works! Funnily /etc/resolv.conf is still
-# restricted to three nameservers.
+# restricted to three nameservers. However this may cause slowness unless
+# the options timeout is specified and I increase attempts to further prefer
+# unbound (which is listed twice).

-# unbound
+# unbound or other local resolver
 nameserver ::1
 nameserver 127.0.0.1

 # systemd-resolved. WARNING: May cause DNS leaks.
 nameserver 127.0.0.53
+# also systemd-resolved, but this is limited to three entries (others ignored)
+#nameserver 127.0.0.54

-# rotate = randomly use all
 # edns0 = extended DNS
-# trust-ad DNSSEC answers
-#options rotate edns0 trust-ad
-options edns0 trust-ad
+# trust-ad = trust DNSSEC authenticated data
+# timeout:1 = nameserver timeout 1 s (default 5, max 30), then next
+# attempts:5 = if all nameservers fail, attempt again 5 times (def 2, max 5)
+options edns0 trust-ad timeout:1 attempts:5

 # no sending local domain to upstream whenever NXDOMAIN happens
 search .
--- a/rc/bashrc
+++ b/rc/bashrc
@ -254,6 +254,12 @@ export LSCOLORS=gxBxhxDxfxhxhxhxhxcxcx
 # znc uses this variable for figuring out hostname
 #export HOSTNAME=$(hostname --fqdn)

+# Ensure not leaking queries to upstream nameservers (resolv.conf)
+export LOCALDOMAIN=.
+# Secureish resolv.conf options (except trust-ad, but systemd also sets it
+# regardless of whether DNSSEC=true or not.
+export RES_OPTIONS="edns0 trust-ad timeout:1 attempts:5"
+
 #####	Aliases						RJ706I	#####

 # To get sudo work with aliases.
--- a/rc/zshrc
+++ b/rc/zshrc
@ -213,6 +213,12 @@ export LSCOLORS=gxBxhxDxfxhxhxhxhxcxcx
 # znc uses this variable for figuring out hostname
 #export HOSTNAME=$(hostname --fqdn)

+# Ensure not leaking queries to upstream nameservers (resolv.conf)
+export LOCALDOMAIN=.
+# Secureish resolv.conf options (except trust-ad, but systemd also sets it
+# regardless of whether DNSSEC=true or not.
+export RES_OPTIONS="edns0 trust-ad timeout:1 attempts:5"
+
 #####	Aliases						RJ706I	#####

 # To get sudo work with aliases.
Author	SHA1	Message	Date
Aminda Suomalainen	ba55b2c9e9	{bash,zsh}rc: specify LOCALDOMAIN & RES_OPTIONS	2024-04-23 19:26:33 +03:00
Aminda Suomalainen	c48bd12974	sway/autostart-utilities.conf: start KDE6 policykit	2024-04-23 19:21:08 +03:00
Aminda Suomalainen	bdcd7249c3	etc/resolv.conf: fix comment	2024-04-23 16:47:03 +03:00
Aminda Suomalainen	95e17d0a49	resolv.conf: remove rotate comments, attempt to explain the logic behind timeout & attempts	2024-04-23 16:23:36 +03:00
Aminda Suomalainen	425af3eabf	etc/resolv.conf: specify timeout 1 and attempts 5	2024-04-23 16:03:49 +03:00