From dfa3b61db0e5c4ab5d35af1bf06af1fb27ba659a Mon Sep 17 00:00:00 2001
From: azahi <azat@bahawi.net>
Date: Mon, 28 Oct 2024 02:41:15 +0300
Subject: 2024-10-28

---
 modules/common/networking.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'modules/common/networking.nix')

diff --git a/modules/common/networking.nix b/modules/common/networking.nix
index b0dd282..f681deb 100644
--- a/modules/common/networking.nix
+++ b/modules/common/networking.nix
@@ -32,9 +32,18 @@ in
           "::1" = mkForce [ ];
         };
 
+        # There's no way[1] to configure DNS server priority in
+        # systemd-resolved. The only solution for dealing with a broken VPN
+        # connection is to delete /etc/systemd/resolved.conf and restart the
+        # systemd-resolved service. Otherwise I'll just end up with a random
+        # server from the list most of the time because systemd-resolved
+        # "conveniently" will manage server priority for me...
+        #
+        # [1]: https://askubuntu.com/questions/1116732/how-do-i-list-dns-server-order-in-systemd-resolve
+        # [2]: https://github.com/systemd/systemd/issues/6076
         nameservers = with my.configurations.manwe.wireguard; [
-          ipv4.address
           ipv6.address
+          ipv4.address
         ];
 
         useDHCP = false;
@@ -111,6 +120,7 @@ in
     services.resolved = {
       llmnr = "false";
       dnsovertls = "opportunistic";
+      dnssec = "allow-downgrade";
       fallbackDns = dns.mkDoT dns.const.quad9.ecs;
     };
 
-- 
cgit 1.4.1