diff options
| author |  sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-29 11:18:16 +0100 |
|---|---|---|
| committer | sommerfeld <sommerfeld@sommerfeld.dev> | 2026-05-29 11:18:16 +0100 |
| commit | fdba57c9c05f321d3a75ae8f2e46e4053193744f (patch) | |
| tree | d0d80c670138d31c5d071df6be0b750c1327f044 /etc/systemd/resolved.conf.d | |
| parent | be3c6fda881bc11d5123d6b3a09ce9d250199b32 (diff) | |
| download | dotfiles-fdba57c9c05f321d3a75ae8f2e46e4053193744f.tar.gz dotfiles-fdba57c9c05f321d3a75ae8f2e46e4053193744f.tar.bz2 dotfiles-fdba57c9c05f321d3a75ae8f2e46e4053193744f.zip | |
feat(etc/resolved): forward single-label queries upstream
Enables ResolveUnicastSingleLabel=yes so non-FQDN names like
'sw-jenkins01' get sent to the configured DNS server instead of
being dropped to LLMNR/mDNS. Needed for corp shortname resolution
via Pi-hole CNAME records that point at *.xsight.ent (resolved by
unbound's forward-zone over the new WireGuard bridge).
Diffstat (limited to 'etc/systemd/resolved.conf.d')
| -rw-r--r-- | etc/systemd/resolved.conf.d/10-single-label.conf | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/etc/systemd/resolved.conf.d/10-single-label.conf b/etc/systemd/resolved.conf.d/10-single-label.conf new file mode 100644 index 0000000..b2b1e9a --- /dev/null +++ b/etc/systemd/resolved.conf.d/10-single-label.conf @@ -0,0 +1,8 @@ +[Resolve] +# Forward single-label (non-FQDN) queries upstream instead of dropping +# them to LLMNR/mDNS. Needed so corp shortnames like `sw-jenkins01` +# (CNAME'd to `*.xsight.ent` on Pi-hole) resolve via the xsight WG bridge. +# Trade-off: single-label queries now leak to whatever DNS the active +# link provides — acceptable on a home/work-managed laptop, less so on +# public wifi. See `man resolved.conf` → ResolveUnicastSingleLabel=. +ResolveUnicastSingleLabel=yes |