93158c77bc
This appears to be necessary for client software to ensure the reponse data is validated with DNSSEC. For example, `ssh -v -o VerifyHostKeyDNS=yes -o StrictHostKeyChecking=yes redpilllinpro01.ring.nlnog.net` fails if EDNS0 is not enabled. The debugging output reveals that the `SSHFP` records were found in DNS, but were considered insecure. Note that the patch intentionally does *not* enable EDNS0 in the `/run/systemd/resolve/resolv.conf` file (the one that contains `nameserver` entries for the upstream DNS servers), as it is impossible to know for certain that all the upstream DNS servers handles EDNS0 correctly.
19 lines
692 B
Plaintext
19 lines
692 B
Plaintext
# This file belongs to man:systemd-resolved(8). Do not edit.
|
|
#
|
|
# This is a static resolv.conf file for connecting local clients to the
|
|
# internal DNS stub resolver of systemd-resolved. This file lists no search
|
|
# domains.
|
|
#
|
|
# Run "resolvectl status" to see details about the uplink DNS servers
|
|
# currently in use.
|
|
#
|
|
# Third party programs must not access this file directly, but only through the
|
|
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
|
|
# replace this symlink by a static file or a different symlink.
|
|
#
|
|
# See man:systemd-resolved.service(8) for details about the supported modes of
|
|
# operation for /etc/resolv.conf.
|
|
|
|
nameserver 127.0.0.53
|
|
options edns0
|