# Don't do this, just run this instead: # sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf # Or look at the other scripts in this directory such as # resolv.conf-generate.bash - creates simpler version of this file without # the comments # systemd-resolv.conf-generate.bash - same as the above, but only users # 127.0.0.53 as a nameserver # systemd-resolv.conf-restore.bash - restores/creates the symlink of line 2 # Problem: unbound is slow to start and everything complains of failing DNS, # and systemd-resolved often gets itself stuck with DNSSEC. # https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867 # Solution that I dislike: use both unbound & systemd-resolved! When one # breaks, maybe the other still works! Funnily /etc/resolv.conf is still # restricted to three nameservers. However this may cause slowness unless # the options timeout is specified and I increase attempts to further prefer # unbound (which is listed twice). # unbound or other local resolver nameserver ::1 nameserver 127.0.0.1 # systemd-resolved. WARNING: May cause DNS leaks. nameserver 127.0.0.53 # systemd-resolved DNS proxy (to upstream). No DNSSEC, no LLMNR, no mDNS! #nameserver 127.0.0.54 # edns0 = extended DNS # trust-ad = trust DNSSEC authenticated data # timeout:2 = nameserver timeout 2 s (default 5, max 30), then next # attempts:2 = if all nameservers fail, attempt again 2 times (def 2, max 5) # rotate = instead of trying the nameservers in the order specified, randomize # the order in round-robin fashion. They are all theoretically the same, # except that NordVPN disables IPv6 so ::1 will fail and occassionally only # systemd-resolved works and I am under impression that some apps are aware of # systemd-resolved and will use it directly bypassing resolv.conf options edns0 trust-ad timeout:2 attempts:2 rotate # AMINDA! Remember, you are specifying these here, a couple of bash scripts # in this directory, see the comment on top, ../rc/{bash,zsh}rc # ($RES_OPTIONS) and systemd/system/service.d/resolv.conf ! # no sending local domain to upstream whenever NXDOMAIN happens search . # PS. Remove empty lines and comments if this ends up in /etc/resolv.conf # PPS. The traditional spell is: # sudo chattr -i /etc/resolv.conf;sudo nvim /etc/resolv.conf;sudo chattr +i /etc/resolv.conf