Compare commits
5 Commits
ba55b2c9e9
...
32c5da4422
Author | SHA1 | Date |
---|---|---|
Aminda Suomalainen | 32c5da4422 | |
Aminda Suomalainen | 9b01bc5260 | |
Aminda Suomalainen | c00f750d96 | |
Aminda Suomalainen | fa9da0901d | |
Aminda Suomalainen | b36ba70a70 |
|
@ -8,7 +8,8 @@ This file is DNS before DNS and legacy remain which is still used.
|
|||
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
|
||||
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
|
||||
|
||||
- [dns](#dns)
|
||||
- [`blocklist`](#blocklist)
|
||||
- [`dns`](#dns)
|
||||
- [`hosts.fedora`](#hostsfedora)
|
||||
- [`hosts.debian`](#hostsdebian)
|
||||
|
||||
|
@ -17,7 +18,11 @@ This file is DNS before DNS and legacy remain which is still used.
|
|||
<!-- prettier-ignore-end -->
|
||||
<!-- editorconfig-checker-enable -->
|
||||
|
||||
## dns
|
||||
## `blocklist`
|
||||
|
||||
Hosts that I dislike enough to mention in my `hosts` file.
|
||||
|
||||
## `dns`
|
||||
|
||||
This began from question why should I have DNS to have DNS, but having it
|
||||
on DNS resolver level broke DNSSEC due to my weird mixing of systemd-resolved
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
##### BEGIN AMINDA BLOCKLIST #####
|
||||
|
||||
# Facebook API that a lot of things call, will break things for Facebook
|
||||
# users, so don't apply on hosts those use
|
||||
:: graph.facebook.com
|
||||
0.0.0.0 graph.facebook.com
|
||||
|
||||
# Unnecessary service for Matrix rooms. I was dared to block it.
|
||||
:: matrix.to www.matrix.to
|
||||
0.0.0.0 matrix.to www.matrix.to
|
||||
|
||||
##### END AMINDA BLOCKLIST #####
|
|
@ -0,0 +1,31 @@
|
|||
#!/usr/bin/env bash
|
||||
set -x
|
||||
|
||||
# Require root or exit
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo "This script requires root." 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# In case I am behind the /etc/resolv.conf, it's immutable and read-only,
|
||||
# which won't allow it to be rewritten.
|
||||
chattr -V -i /etc/resolv.conf
|
||||
chmod -v +w /etc/resolv.conf
|
||||
# Or it's a symlink to e.g. /run/systemd/resolve/stub-resolv.conf
|
||||
rm -v /etc/resolv.conf
|
||||
|
||||
# Actual resolv.conf creation. OK, this could read resolv.conf in this
|
||||
# directory, but I like this being self-contained.
|
||||
# tee -p = operate in a more appropriate MODE with pipes.
|
||||
printf 'nameserver ::1\nnameserver 127.0.0.1\nnameserver 127.0.0.53\noptions edns0 trust-ad timeout:1 attempts:5\nsearch .\n' | tee -p /etc/resolv.conf
|
||||
|
||||
# Remove all other permissions than everyone reading resolv.conf
|
||||
chmod -v a=r /etc/resolv.conf
|
||||
# Make resolv.conf immutable again so it's pretty sure nothing else edits it.
|
||||
chattr -V +i /etc/resolv.conf
|
||||
|
||||
# Let's just see it's ok
|
||||
ls -l /etc/resolv.conf
|
||||
cat /etc/resolv.conf
|
||||
|
||||
set +x
|
|
@ -0,0 +1,10 @@
|
|||
# Unlike everything else(?), this can actually be placed to
|
||||
# /etc/systemd/system/service.d if /etc/resolv.conf cannot be modified
|
||||
# for some reason and specify the search and options options.
|
||||
# I would just edit /etc/resolv.conf directly though, but this is just a
|
||||
# note that this is possible.
|
||||
[Service]
|
||||
Environment=LOCALDOMAIN=.
|
||||
Environment=RES_OPTIONS="edns0 trust-ad timeout:1 attempts:5"
|
||||
|
||||
# vim: filetype=systemd
|
Loading…
Reference in New Issue