ops/nixos/common: disable DNSSEC in systemd-resolved
It's super broken. At the moment, resolving foss.heptapod.net breaks, because clever-cloud.com has DNSKEY records but there's no matching DS record at .com for it. There are also other reports: https://github.com/systemd/systemd/issues/12388 tl;dr: it just doesn't work, let's not use that.
This commit is contained in:
parent
506a584dea
commit
05be94e4d7
1 changed files with 1 additions and 0 deletions
|
@ -76,6 +76,7 @@ in
|
|||
services.resolved = {
|
||||
enable = true;
|
||||
llmnr = "false"; # LLMNR breaks search domains.
|
||||
dnssec = "false"; # DNSSEC support in systemd-resolved is just broken.
|
||||
domains = config.networking.search;
|
||||
extraConfig = ''
|
||||
# For global search domains to work, we also need global DNS servers.
|
||||
|
|
Loading…
Reference in a new issue