mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-12-23 19:22:46 +01:00
25 lines
779 B
Plaintext
25 lines
779 B
Plaintext
[Resolve]
|
|
# Don't trust upstream to verify DNSSEC, even if was encrypted.
|
|
# https://notes.valdikss.org.ru/jabber.ru-mitm/
|
|
# BREAKAGE WARNING for everything else than DNSSEC=false !
|
|
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
|
|
# PRIVACY WARNING! systemd-networkd/links may override this.
|
|
DNSSEC=true
|
|
# Take the risk of downgrade attacks. Web browser policies enforce
|
|
# DNS-over-HTTPS anyway due to Encrypted Client Hello (ECH) still requiring
|
|
# it.
|
|
#DNSOverTLS=opportunistic
|
|
DNSOverTLS=true
|
|
Cache=true
|
|
# Consider local DNS servers if they exist. Empty should erase previous values.
|
|
DNS=
|
|
DNS=127.0.0.1
|
|
DNS=::1
|
|
Domains=~.
|
|
# .local domains
|
|
MulticastDNS=true
|
|
# Microsoft Windows compatibility?
|
|
LLMNR=true
|
|
|
|
# vim: filetype=systemd
|