shell-things/etc/systemd/resolved.conf.d/00-defaults.conf

10 lines
389 B
Plaintext

[Resolve]
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
#DNSSEC=allow-downgrade
# Regardless of the above DNS breaking issues when DNSSEC is
# enabled/opportunistic, it provides authentication which is important. TLS
# cannot be fully trusted. https://notes.valdikss.org.ru/jabber.ru-mitm/
DNSSEC=yes
DNSOverTLS=opportunistic
Cache=yes