pinwheel: Disable resolved.dnssec

As it breaks tailscale <-> openvpn > At the time of September 2023, systemd upstream advise to disable DNSSEC > by default as the current code is not robust enough to deal with > “in the wild” non-compliant servers, which will usually give you a > broken bad experience in addition of insecure.
2025-10-19 14:39:05 +02:00
parent cefd4a966c
commit 67134682d9
1 changed files with 1 additions and 1 deletions
--- a/hosts/pinwheel/modules/openvpn/default.nix
+++ b/hosts/pinwheel/modules/openvpn/default.nix
@@ -23,7 +23,7 @@ in

    services.resolved = {
      enable = true;
-      dnssec = "true";
+      dnssec = "false";
      domains = [ "~." ];
      fallbackDns = [
        "1.1.1.1#one.one.one.one"