[Resolve] # https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867 #DNSSEC=allow-downgrade # Regardless of the above DNS breaking issues when DNSSEC is # enabled/opportunistic, it provides authentication which is important. TLS # cannot be fully trusted. https://notes.valdikss.org.ru/jabber.ru-mitm/ DNSSEC=yes DNSOverTLS=opportunistic Cache=yes # Local resolver should always be considered if it exists DNS=127.0.0.1 DNS=::1