dumpyourvms: fix DNSSEC issue, use correct IPv6

syntax for systemd-resolved conf
This commit is contained in:
teutat3s 2022-08-02 15:30:22 +02:00
parent f3ac27ac71
commit a7fa725d62
Signed by untrusted user: teutat3s
GPG key ID: 4FA1D3FA524F22C1

View file

@ -38,9 +38,11 @@ in
services.resolved = {
enable = true;
# DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS
# when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579
extraConfig = ''
DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 94.130.110.185#ns1.dnsprivacy.at 145.100.185.15#dnsovertls.sinodun.com 145.100.185.16#dnsovertls1.sinodun.com 185.49.141.37#getdnsapi.net [2001:678:e68:f000::]#dot.ffmuc.net [2001:678:ed0:f000::]#dot.ffmuc.net [2a01:4f8:251:554::2]#dns3.digitalcourage.de [2a01:3a0:53:53::0]#unicast.censurfridns.dk [2a01:4f8:c0c:3c03::2]#ns1.dnsprivacy.at [2a01:4f8:c0c:3bfc::2]#ns2.dnsprivacy.at [2001:610:1:40ba:145:100:185:15]#dnsovertls.sinodun.com [2001:610:1:40ba:145:100:185:16]#dnsovertls1.sinodun.com [2a04:b900:0:100::38]#getdnsapi.net
FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net [2620:fe::fe]#dns.quad9.net [2620:fe::9]#dns.quad9.net
DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 94.130.110.185#ns1.dnsprivacy.at 145.100.185.15#dnsovertls.sinodun.com 145.100.185.16#dnsovertls1.sinodun.com 185.49.141.37#getdnsapi.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net 2a01:4f8:251:554::2#dns3.digitalcourage.de 2a01:3a0:53:53::0#unicast.censurfridns.dk 2a01:4f8:c0c:3c03::2#ns1.dnsprivacy.at 2a01:4f8:c0c:3bfc::2#ns2.dnsprivacy.at 2001:610:1:40ba:145:100:185:15#dnsovertls.sinodun.com 2001:610:1:40ba:145:100:185:16#dnsovertls1.sinodun.com 2a04:b900:0:100::38#getdnsapi.net
FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
Domains=~.
DNSOverTLS=yes
DNSSEC=false