pinwheel: Disable resolved.dnssec
As it breaks tailscale <-> openvpn > At the time of September 2023, systemd upstream advise to disable DNSSEC > by default as the current code is not robust enough to deal with > “in the wild” non-compliant servers, which will usually give you a > broken bad experience in addition of insecure.
This commit is contained in:
Alexander Heldt
@@ -23,7 +23,7 @@ in
|
|||||||
|
|
||||||
services.resolved = {
|
services.resolved = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dnssec = "true";
|
dnssec = "false";
|
||||||
domains = [ "~." ];
|
domains = [ "~." ];
|
||||||
fallbackDns = [
|
fallbackDns = [
|
||||||
"1.1.1.1#one.one.one.one"
|
"1.1.1.1#one.one.one.one"
|
||||||
|
|||||||
Reference in New Issue
Block a user