From 3e9b420e919fa468c40614bea243f51036f0c0e2 Mon Sep 17 00:00:00 2001
From: Price Hiller <price@orion-technologies.io>
Date: Wed, 6 Sep 2023 21:54:58 -0500
Subject: [PATCH] refactor(arch): properly handle dns over tls with dnssec

---
 roles/arch-post-setup/files/default-resolve.conf | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/roles/arch-post-setup/files/default-resolve.conf b/roles/arch-post-setup/files/default-resolve.conf
index 362ac11..5876bf6 100644
--- a/roles/arch-post-setup/files/default-resolve.conf
+++ b/roles/arch-post-setup/files/default-resolve.conf
@@ -1,9 +1,10 @@
 ; vim: ft=systemd
 [Resolve]
-DNS=198.180.150.12#rgnet-iad.anycast.uncensoreddns.org 2001:418:8006::12#rgnet-iad.anycast.uncensoreddns.org 194.242.2.2#dns.mullvad.net 2a07:e340::2#dns.mullvad.net
-FallbackDNS=
+DNS=198.180.150.12:853#rgnet-iad.anycast.uncensoreddns.org 2001:418:8006::12:853#rgnet-iad.anycast.uncensoreddns.org 194.242.2.2:853#dns.mullvad.net 2a07:e340::2:853#dns.mullvad.net
+FallbackDNS=198.180.150.12:853#rgnet-iad.anycast.uncensoreddns.org 2001:418:8006::12:853#rgnet-iad.anycast.uncensoreddns.org 194.242.2.2:853#dns.mullvad.net 2a07:e340::2:853#dns.mullvad.net
 Cache=yes
-DNSSEC=no
+CacheFromLocalhost=no
+DNSSEC=yes
 DNSOverTLS=yes
 Domains=~.
 MulticastDNS=yes