📝 Made note of custom dns resolver
This commit is contained in:
z3rOR0ne
parent
c9654a54cd
commit
18851473c2
2 changed files with 59 additions and 0 deletions
|
|
@ -44,3 +44,32 @@ Now load simple defaults:
|
|||
doas apparmor_parser /usr/share/apparmor/extra-profiles/
|
||||
|
||||
And reboot again, you should have some sane security defaults now.
|
||||
|
||||
Setup Device Level DNS Resolver:
|
||||
|
||||
Install stubby:
|
||||
doas pacman -S stubby stubby-runit
|
||||
doas ln -s /etc/runit/sv/stubby /run/runit/service/
|
||||
|
||||
Adjust stubby init script to:
|
||||
exec chpst -U stubby stubby
|
||||
|
||||
Adjust stubby config file:
|
||||
doas nvim /etc/stubby/stubby.yml
|
||||
Comment out all DEFAULT UPSTREAM and add Mullvad upstream_recursive_servers:
|
||||
- address_data: 194.242.2.4
|
||||
tls_auth_name: "base.dns.mullvad.net"
|
||||
- address_data: 2a07:e340::4
|
||||
tls_auth_name: "base.dns.mullvad.net"
|
||||
Be aware of yaml's needs for proper indentation (copy and paste from DEFAULT UPSTREAM to be sure)
|
||||
|
||||
Edit /etc/resolv.conf to have the following:
|
||||
nameserver ::1
|
||||
nameserver 127.0.0.1
|
||||
options trust-ad
|
||||
|
||||
And make resolv.conf immutable:
|
||||
doas chattr +i /etc/resolv.conf
|
||||
|
||||
Start stubby and test, visit (with browser with no DNS on):
|
||||
https://mullvad.net/en/check
|
||||
|
|
|
|||
30
updates.txt
30
updates.txt
|
|
@ -788,3 +788,33 @@ Reinstall eza until Artix package is fixed:
|
|||
doas pacman -Rs eza && cargo install eza --force --features vendored-libgit2
|
||||
Install transmission-cli
|
||||
doas pacman -S transmission-cli
|
||||
|
||||
06/23/2025
|
||||
Setup Device Level DNS Resolver:
|
||||
|
||||
Install stubby:
|
||||
doas pacman -S stubby stubby-runit
|
||||
doas ln -s /etc/runit/sv/stubby /run/runit/service/
|
||||
|
||||
Adjust stubby init script to:
|
||||
exec chpst -U stubby stubby
|
||||
|
||||
Adjust stubby config file:
|
||||
doas nvim /etc/stubby/stubby.yml
|
||||
Comment out all DEFAULT UPSTREAM and add Mullvad upstream_recursive_servers:
|
||||
- address_data: 194.242.2.4
|
||||
tls_auth_name: "base.dns.mullvad.net"
|
||||
- address_data: 2a07:e340::4
|
||||
tls_auth_name: "base.dns.mullvad.net"
|
||||
Be aware of yaml's needs for proper indentation (copy and paste from DEFAULT UPSTREAM to be sure)
|
||||
|
||||
Edit /etc/resolv.conf to have the following:
|
||||
nameserver ::1
|
||||
nameserver 127.0.0.1
|
||||
options trust-ad
|
||||
|
||||
And make resolv.conf immutable:
|
||||
doas chattr +i /etc/resolv.conf
|
||||
|
||||
Start stubby and test, visit (with browser with no DNS on):
|
||||
https://mullvad.net/en/check
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue