61ecb465b1
Let's make sure DNSSEC gets more testing, by defaulting DNSSEC to "allow-downgrade" mode. Since distros should probably not ship DNSSEC enabled by default add a configure switch to disable this again. DNSSEC in "allow-downgrade" mode should mostly work without affecting user experience. There's one exception: some captive portal systems rewrite DNS in order to redirect HTTP traffic to the captive portal. If these systems implement DNS servers that are otherwise DNSSEC-capable (which in fact is pretty unlikely, but still...), then this will result in the captive portal being inaccessible. To fix this support in NetworkManager (or any other network management solution that does captive portal detection) is required, which simply turns off DNSSEC during the captive portal detection, and resets it back to the default (i.e. on) after captive portal authentication is complete.
20 lines
585 B
Plaintext
20 lines
585 B
Plaintext
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Entries in this file show the compile time defaults.
|
|
# You can change settings by editing this file.
|
|
# Defaults can be restored by simply deleting this file.
|
|
#
|
|
# See resolved.conf(5) for details
|
|
|
|
[Resolve]
|
|
#DNS=
|
|
#FallbackDNS=@DNS_SERVERS@
|
|
#Domains=
|
|
#LLMNR=yes
|
|
#DNSSEC=@DEFAULT_DNSSEC_MODE@
|