[Resolve] # Don't trust upstream to verify DNSSEC, even if was encrypted. # https://notes.valdikss.org.ru/jabber.ru-mitm/ # BREAKAGE WARNING for everything else than DNSSEC=false ! # https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867 # PRIVACY WARNING! systemd-networkd/links may override this. DNSSEC=true # Take the risk of downgrade attacks. Web browser policies enforce # DNS-over-HTTPS anyway due to Encrypted Client Hello (ECH) still requiring # it. DNSOverTLS=opportunistic Cache=true # Consider local DNS servers if they exist. Empty should erase previous values. DNS= DNS=127.0.0.1 DNS=::1 Domains=~. # .local domains MulticastDNS=true # Microsoft Windows compatibility? LLMNR=true # vim: filetype=systemd