Entering DoH\DoT
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 0s
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 0s
This commit is contained in:
hogweed1
@@ -8,44 +8,28 @@
|
|||||||
name:
|
name:
|
||||||
- systemd-resolved
|
- systemd-resolved
|
||||||
state: present
|
state: present
|
||||||
|
- name: Ensure system CA certificates are up to date
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: ca-certificates
|
||||||
|
state: latest
|
||||||
- name: Make small file
|
- name: Make small file
|
||||||
register: systemd_resolved_conf
|
register: systemd_resolved_conf
|
||||||
copy:
|
copy:
|
||||||
dest: "/etc/systemd/resolved.conf"
|
dest: "/etc/systemd/resolved.conf"
|
||||||
content: |
|
content: |
|
||||||
# This file is part of systemd.
|
|
||||||
#
|
|
||||||
# systemd is free software; you can redistribute it and/or modify it under the
|
|
||||||
# terms of the GNU Lesser General Public License as published by the Free
|
|
||||||
# Software Foundation; either version 2.1 of the License, or (at your option)
|
|
||||||
# any later version.
|
|
||||||
#
|
|
||||||
# Entries in this file show the compile time defaults. Local configuration
|
|
||||||
# should be created by either modifying this file, or by creating "drop-ins" in
|
|
||||||
# the resolved.conf.d/ subdirectory. The latter is generally recommended.
|
|
||||||
# Defaults can be restored by simply deleting this file and all drop-ins.
|
|
||||||
#
|
|
||||||
# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
|
|
||||||
# See resolved.conf(5) for details.
|
|
||||||
|
|
||||||
[Resolve]
|
[Resolve]
|
||||||
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
|
# Направляем основной трафик на VIP keepalived и привязываем к домену серта
|
||||||
# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
|
DNS=192.168.0.88#buenos-dias.guaranteedstruggle.host
|
||||||
# Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
|
|
||||||
# Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
|
# В фолбэки шлём прямые IP нод ns1 и ns2 на случай, если сам keepalived моргнёт
|
||||||
DNS=192.168.0.88
|
FallbackDNS=192.168.0.86#buenos-dias.guaranteedstruggle.host 192.168.0.87#buenos-dias.guaranteedstruggle.host 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google
|
||||||
FallbackDNS=192.168.0.1
|
|
||||||
|
# Ваши локальные домены (БЕЗ ЗАПЯТЫХ! Строго через пробел)
|
||||||
Domains=guaranteedstruggle.host just-for-me.internal
|
Domains=guaranteedstruggle.host just-for-me.internal
|
||||||
#DNSSEC=no
|
|
||||||
#DNSOverTLS=no
|
# Включаем DoT в строгом (strict) режиме для защиты от утечек
|
||||||
#MulticastDNS=yes
|
DNSOverTLS=strict
|
||||||
#LLMNR=yes
|
|
||||||
#Cache=yes
|
|
||||||
#CacheFromLocalhost=no
|
|
||||||
DNSStubListener=yes
|
DNSStubListener=yes
|
||||||
#DNSStubListenerExtra=
|
|
||||||
#ReadEtcHosts=yes
|
|
||||||
#ResolveUnicastSingleLabel=no
|
|
||||||
|
|
||||||
|
|
||||||
- name: Make fix for resolv-conf rewriting
|
- name: Make fix for resolv-conf rewriting
|
||||||
|
|||||||
Reference in New Issue
Block a user