From fdba57c9c05f321d3a75ae8f2e46e4053193744f Mon Sep 17 00:00:00 2001 From: sommerfeld Date: Fri, 29 May 2026 11:18:16 +0100 Subject: feat(etc/resolved): forward single-label queries upstream Enables ResolveUnicastSingleLabel=yes so non-FQDN names like 'sw-jenkins01' get sent to the configured DNS server instead of being dropped to LLMNR/mDNS. Needed for corp shortname resolution via Pi-hole CNAME records that point at *.xsight.ent (resolved by unbound's forward-zone over the new WireGuard bridge). --- etc/systemd/resolved.conf.d/10-single-label.conf | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 etc/systemd/resolved.conf.d/10-single-label.conf diff --git a/etc/systemd/resolved.conf.d/10-single-label.conf b/etc/systemd/resolved.conf.d/10-single-label.conf new file mode 100644 index 0000000..b2b1e9a --- /dev/null +++ b/etc/systemd/resolved.conf.d/10-single-label.conf @@ -0,0 +1,8 @@ +[Resolve] +# Forward single-label (non-FQDN) queries upstream instead of dropping +# them to LLMNR/mDNS. Needed so corp shortnames like `sw-jenkins01` +# (CNAME'd to `*.xsight.ent` on Pi-hole) resolve via the xsight WG bridge. +# Trade-off: single-label queries now leak to whatever DNS the active +# link provides — acceptable on a home/work-managed laptop, less so on +# public wifi. See `man resolved.conf` → ResolveUnicastSingleLabel=. +ResolveUnicastSingleLabel=yes -- cgit v1.3.1