mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-12-01 15:59:22 +01:00
54 lines
2.7 KiB
Plaintext
54 lines
2.7 KiB
Plaintext
# Don't do this, just run this instead:
|
|
# sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
|
|
# Or look at the other scripts in this directory such as
|
|
# resolv.conf-generate.bash - creates simpler version of this file without
|
|
# the comments
|
|
# systemd-resolv.conf-generate.bash - same as the above, but only users
|
|
# 127.0.0.53 as a nameserver
|
|
# systemd-resolv.conf-restore.bash - restores/creates the symlink of line 2
|
|
|
|
|
|
# Problem: unbound is slow to start and everything complains of failing DNS,
|
|
# and systemd-resolved often gets itself stuck with DNSSEC.
|
|
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
|
|
# Solution that I dislike: use both unbound & systemd-resolved! When one
|
|
# breaks, maybe the other still works! Funnily /etc/resolv.conf is still
|
|
# restricted to three nameservers. However this may cause slowness unless
|
|
# the options timeout is specified and I increase attempts to further prefer
|
|
# unbound (which is listed twice).
|
|
|
|
# unbound or other local resolver
|
|
nameserver ::1
|
|
nameserver 127.0.0.1
|
|
|
|
# systemd-resolved. WARNING: May cause DNS leaks.
|
|
nameserver 127.0.0.53
|
|
# systemd-resolved DNS proxy (to upstream). No DNSSEC, no LLMNR, no mDNS!
|
|
#nameserver 127.0.0.54
|
|
|
|
# no sending local domain to upstream whenever NXDOMAIN happens
|
|
search .
|
|
|
|
# timeout:2 = nameserver timeout 2 s (default 5, max 30), then next
|
|
# attempts:2 = if all nameservers fail, attempt again 2 times (def 2, max 5)
|
|
# rotate = For long running processes that perform more than one query (so not
|
|
# dig/host), use the first resolver for the first query, second resolver for
|
|
# the second query, third resolver for the third query and repeat.
|
|
# They are all theoretically the same, except that NordVPN disables IPv6 so
|
|
# ::1 will fail and occassionally only systemd-resolved works and I am
|
|
# under the impression that some apps are aware of systemd-resolved and will
|
|
# use it directly bypassing resolv.conf. In other words while everything
|
|
# works, this affects nothing, and when unbound is down (before it's started
|
|
# on desktop?), every second query will be faster with every third reaching
|
|
# systemd-resolved instantly without the timeout of two seconds.
|
|
# edns0 = extended DNS
|
|
# trust-ad = trust DNSSEC authenticated data
|
|
options timeout:2 attempts:2 rotate edns0 trust-ad
|
|
# AMINDA! Remember, you are specifying these here, a couple of bash scripts
|
|
# in this directory, see the comment on top, ../rc/{bash,zsh}rc
|
|
# ($RES_OPTIONS) and systemd/system/service.d/resolv.conf !
|
|
|
|
# PS. Remove empty lines and comments if this ends up in /etc/resolv.conf
|
|
# PPS. The traditional spell is:
|
|
# sudo chattr -i /etc/resolv.conf;sudo nvim /etc/resolv.conf;sudo chattr +i /etc/resolv.conf
|