update-systemd-resolved icon indicating copy to clipboard operation
update-systemd-resolved copied to clipboard

Published 20 hours ago verified publisher icon jonathanio

Add DNS-OVER-TLS option

Open dancek opened this issue 4 years ago • 5 comments

When using DNSOverTLS=yes in resolved.conf all DNS queries over VPN fail if the private DNS server doesn't support DoT. This option makes disabling DoT for the link easy while keeping the global option enabled.

dancek avatar Mar 09 '21 16:03 dancek

@jonathanio how about this?

dancek avatar Mar 26 '21 12:03 dancek

ping

dancek avatar Aug 08 '21 08:08 dancek

I also had the same problem with VPN and DNSOverTLS being globally enabled. I think this is a nice solution (I myself just patched update-systemd-resolved to always call SetLinkDNSOverTLS(idx, off)).

I suppose the name of the option string is nonstandard and "local" to update-systemd-resolved, just like DNSSEC, right?

WGH- avatar Aug 18 '21 19:08 WGH-

I suppose the name of the option string is nonstandard and "local" to update-systemd-resolved, just like DNSSEC, right?

Yes. I didn't even realize that some of the options were standard.

dancek avatar Aug 18 '21 19:08 dancek

Looks good. I'll need to prepare some tests to add to ensure that the busctl is being called as expected. I'll do that shortly, ready for the merge.

jonathanio avatar Apr 08 '22 09:04 jonathanio

@dancek and @WGH- -- PR #110 adds support for the DNSOverTLS option, plus a number of additional systemd-resolved options. I'd be much obliged if you could try testing the code in that PR.

tomeon avatar Jul 13 '23 15:07 tomeon

Superseded by the recently-merged #110.

tomeon avatar Aug 04 '23 18:08 tomeon