Systemd/resolved: Difference between revisions
add section for workarounds |
m Typo 'fallbackdns' should be 'fallbackDns'. (with capital D) |
||
| (4 intermediate revisions by 3 users not shown) | |||
| Line 8: | Line 8: | ||
In that case, use <code>networkctl status ${wlan interface}</code> to show the default DNS provided by the network, and temporarily change nameserver inside <code>/etc/resolv.conf</code> from <code>127.0.0.53</code> to the provided one. | In that case, use <code>networkctl status ${wlan interface}</code> to show the default DNS provided by the network, and temporarily change nameserver inside <code>/etc/resolv.conf</code> from <code>127.0.0.53</code> to the provided one. | ||
Alternatively, if you have Chromium installed, you can use the <code> | Alternatively, if you have Chromium installed, you can use the <code>programs.captive-browser.enable</code> Chromium wrapper, which is "Dedicated Chrome instance to log into captive portals without messing with DNS settings". | ||
= Configuration Example: Enforce secure DNS = | = Configuration Example: Enforce secure DNS = | ||
See also [[Encrypted DNS]]. | |||
The following configuration configures resolved daemon to use the public DNS resolver provided by [https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/ Cloudflare]. DNSSEC and DNS-over-TLS is enabled for authenticity and encryption. | The following configuration configures resolved daemon to use the public DNS resolver provided by [https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/ Cloudflare]. DNSSEC and DNS-over-TLS is enabled for authenticity and encryption. | ||
| Line 26: | Line 28: | ||
dnssec = "true"; | dnssec = "true"; | ||
domains = [ "~." ]; | domains = [ "~." ]; | ||
dnsovertls = "true"; | |||
fallbackDns = [ | fallbackDns = [ | ||
"1.1.1.1" | "1.1.1.1" | ||
"1.0.0.1" | "1.0.0.1" | ||
]; | ]; | ||
}; | }; | ||
</syntaxhighlight> | </syntaxhighlight> | ||