Loading nixos/modules/system/boot/resolved.nix +7 −1 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ in }; services.resolved.dnssec = mkOption { default = "allow-downgrade"; default = "false"; example = "true"; type = types.enum [ "true" "allow-downgrade" "false" ]; description = lib.mdDoc '' Loading @@ -85,6 +85,12 @@ in synthesizing a DNS response that suggests DNSSEC was not supported. - `"false"`: DNS lookups are not DNSSEC validated. At the time of September 2023, systemd upstream advise to disable DNSSEC by default as the current code is not robust enough to deal with "in the wild" non-compliant servers, which will usually give you a broken bad experience in addition of insecure. ''; }; Loading Loading
nixos/modules/system/boot/resolved.nix +7 −1 Original line number Diff line number Diff line Loading @@ -66,7 +66,7 @@ in }; services.resolved.dnssec = mkOption { default = "allow-downgrade"; default = "false"; example = "true"; type = types.enum [ "true" "allow-downgrade" "false" ]; description = lib.mdDoc '' Loading @@ -85,6 +85,12 @@ in synthesizing a DNS response that suggests DNSSEC was not supported. - `"false"`: DNS lookups are not DNSSEC validated. At the time of September 2023, systemd upstream advise to disable DNSSEC by default as the current code is not robust enough to deal with "in the wild" non-compliant servers, which will usually give you a broken bad experience in addition of insecure. ''; }; Loading
