From 4d004de686f532d3a9a0b89b83d57a8f82d9e77d Mon Sep 17 00:00:00 2001
From: teutat3s <teutates@mailbox.org>
Date: Wed, 6 Mar 2024 18:55:45 +0100
Subject: [PATCH] dumpyourvms: re-enable DNSSEC

---
 hosts/dumpyourvms/dumpyourvms.nix | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/hosts/dumpyourvms/dumpyourvms.nix b/hosts/dumpyourvms/dumpyourvms.nix
index 3f6271e4..d842cb67 100644
--- a/hosts/dumpyourvms/dumpyourvms.nix
+++ b/hosts/dumpyourvms/dumpyourvms.nix
@@ -49,14 +49,11 @@ in {
 
   services.resolved = {
     enable = true;
-    # DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS
-    # when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579
     extraConfig = ''
       DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 185.49.141.37#getdnsapi.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net 2a01:4f8:251:554::2#dns3.digitalcourage.de 2a01:3a0:53:53::0#unicast.censurfridns.dk 2a04:b900:0:100::38#getdnsapi.net
       FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
       Domains=~.
       DNSOverTLS=yes
-      DNSSEC=false
     '';
   };
   services.tailscale.enable = true;