shell-things/etc/resolv.conf

41 lines
1.7 KiB
Plaintext

# Don't do this, just run this instead:
# sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
# Or look at the other scripts in this directory such as
# resolv.conf-generate.bash - creates simpler version of this file without
# the comments
# systemd-resolv.conf-generate.bash - same as the above, but only users
# 127.0.0.53 as a nameserver
# systemd-resolv.conf-restore.bash - restores/creates the symlink of line 2
# Problem: unbound is slow to start and everything complains of failing DNS,
# and systemd-resolved often gets itself stuck with DNSSEC.
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
# Solution that I dislike: use both unbound & systemd-resolved! When one
# breaks, maybe the other still works! Funnily /etc/resolv.conf is still
# restricted to three nameservers. However this may cause slowness unless
# the options timeout is specified and I increase attempts to further prefer
# unbound (which is listed twice).
# unbound or other local resolver
nameserver ::1
nameserver 127.0.0.1
# systemd-resolved. WARNING: May cause DNS leaks.
nameserver 127.0.0.53
# systemd-resolved DNS proxy (to upstream). No DNSSEC, no LLMNR, no mDNS!
#nameserver 127.0.0.54
# edns0 = extended DNS
# trust-ad = trust DNSSEC authenticated data
# timeout:1 = nameserver timeout 1 s (default 5, max 30), then next
# attempts:5 = if all nameservers fail, attempt again 5 times (def 2, max 5)
options edns0 trust-ad timeout:1 attempts:5
# no sending local domain to upstream whenever NXDOMAIN happens
search .
# PS. Remove empty lines and comments if this ends up in /etc/resolv.conf
# PPS. The traditional spell is:
# sudo chattr -i /etc/resolv.conf;sudo nvim /etc/resolv.conf;sudo chattr +i /etc/resolv.conf