ops/nixos/common: disable DNSSEC in systemd-resolved
It's super broken. At the moment, resolving foss.heptapod.net breaks, because clever-cloud.com has DNSKEY records but there's no matching DS record at .com for it. There are also other reports: https://github.com/systemd/systemd/issues/12388 tl;dr: it just doesn't work, let's not use that.
This commit is contained in:
parent
506a584dea
commit
05be94e4d7
1 changed files with 1 additions and 0 deletions
|
@ -76,6 +76,7 @@ in
|
||||||
services.resolved = {
|
services.resolved = {
|
||||||
enable = true;
|
enable = true;
|
||||||
llmnr = "false"; # LLMNR breaks search domains.
|
llmnr = "false"; # LLMNR breaks search domains.
|
||||||
|
dnssec = "false"; # DNSSEC support in systemd-resolved is just broken.
|
||||||
domains = config.networking.search;
|
domains = config.networking.search;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
# For global search domains to work, we also need global DNS servers.
|
# For global search domains to work, we also need global DNS servers.
|
||||||
|
|
Loading…
Reference in a new issue