Disable DNSSEC validation in systemd-resolved

author Tom Hughes <tom@compton.nu>

Sun, 9 Mar 2025 14:29:41 +0000 (14:29 +0000)

committer Tom Hughes <tom@compton.nu>

Sun, 9 Mar 2025 14:29:41 +0000 (14:29 +0000)
author Tom Hughes <tom@compton.nu>
Sun, 9 Mar 2025 14:29:41 +0000 (14:29 +0000)
committer Tom Hughes <tom@compton.nu>
Sun, 9 Mar 2025 14:29:41 +0000 (14:29 +0000)
diff --git a/cookbooks/networking/attributes/default.rb b/cookbooks/networking/attributes/default.rb

index 7ff93c36582b1b3f31df59c5a85218a0d5e8c4ff..06511d462f464e6925463629522b402f53c22611 100644 (file)
--- a/cookbooks/networking/attributes/default.rb
+++ b/cookbooks/networking/attributes/default.rb
@@ -9,7 +9,7 @@ default[:networking][:firewall][:allowlist] = []
  default[:networking][:interfaces] = {}
  default[:networking][:nameservers] = %w[8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844]
  default[:networking][:search] = []
-default[:networking][:dnssec] = "allow-downgrade"
+default[:networking][:dnssec] = "false"
  default[:networking][:hostname] = node.name
  default[:networking][:wireguard][:enabled] = true
  default[:networking][:wireguard][:keepalive] = 180
author	Tom Hughes <tom@compton.nu>
	Sun, 9 Mar 2025 14:29:41 +0000 (14:29 +0000)
committer	Tom Hughes <tom@compton.nu>
	Sun, 9 Mar 2025 14:29:41 +0000 (14:29 +0000)