aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorLibravatar sommerfeld <sommerfeld@sommerfeld.dev>2026-05-29 11:18:16 +0100
committerLibravatar sommerfeld <sommerfeld@sommerfeld.dev>2026-05-29 11:18:16 +0100
commitfdba57c9c05f321d3a75ae8f2e46e4053193744f (patch)
treed0d80c670138d31c5d071df6be0b750c1327f044
parentbe3c6fda881bc11d5123d6b3a09ce9d250199b32 (diff)
downloaddotfiles-fdba57c9c05f321d3a75ae8f2e46e4053193744f.tar.gz
dotfiles-fdba57c9c05f321d3a75ae8f2e46e4053193744f.tar.bz2
dotfiles-fdba57c9c05f321d3a75ae8f2e46e4053193744f.zip
feat(etc/resolved): forward single-label queries upstream
Enables ResolveUnicastSingleLabel=yes so non-FQDN names like 'sw-jenkins01' get sent to the configured DNS server instead of being dropped to LLMNR/mDNS. Needed for corp shortname resolution via Pi-hole CNAME records that point at *.xsight.ent (resolved by unbound's forward-zone over the new WireGuard bridge).
Diffstat
-rw-r--r--etc/systemd/resolved.conf.d/10-single-label.conf8
1 files changed, 8 insertions, 0 deletions
diff --git a/etc/systemd/resolved.conf.d/10-single-label.conf b/etc/systemd/resolved.conf.d/10-single-label.conf
new file mode 100644
index 0000000..b2b1e9a
--- /dev/null
+++ b/etc/systemd/resolved.conf.d/10-single-label.conf
@@ -0,0 +1,8 @@
+[Resolve]
+# Forward single-label (non-FQDN) queries upstream instead of dropping
+# them to LLMNR/mDNS. Needed so corp shortnames like `sw-jenkins01`
+# (CNAME'd to `*.xsight.ent` on Pi-hole) resolve via the xsight WG bridge.
+# Trade-off: single-label queries now leak to whatever DNS the active
+# link provides — acceptable on a home/work-managed laptop, less so on
+# public wifi. See `man resolved.conf` → ResolveUnicastSingleLabel=.
+ResolveUnicastSingleLabel=yes
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-31 18:57:53 +0000