Please sign in to comment.
Prevent resolvconf from updating /etc/resolv.conf. As Jakob Schlyter
pointed out, having additional nameservers listed in /etc/resolv.conf can break DNSSEC verification by providing a false positive if unbound returns SERVFAIL due to an invalid signature. The downside is that the domain / search path won't get updated either, but we can live with that. Approved by: re (blanket)
- Loading branch information...
Showing with 3 additions and 5 deletions.