93ef034a5c
Replace Google DNS fallback with Quad9 (9.9.9.9, 149.112.112.112) for better privacy consistency. Users choosing Cloudflare likely value privacy, so Quad9 is a more appropriate fallback than Google. As discussed in #752 and approved by @dhh in #1043.
90 lines
2.4 KiB
Bash
Executable File
90 lines
2.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
if [[ -z $1 ]]; then
|
|
dns=$(gum choose --height 5 --header "Select DNS provider" Cloudflare DHCP Custom)
|
|
else
|
|
dns=$1
|
|
fi
|
|
|
|
case "$dns" in
|
|
Cloudflare)
|
|
sudo tee /etc/systemd/resolved.conf >/dev/null <<'EOF'
|
|
[Resolve]
|
|
DNS=1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com
|
|
FallbackDNS=9.9.9.9 149.112.112.112
|
|
DNSOverTLS=opportunistic
|
|
EOF
|
|
|
|
# Ensure network interfaces don't override our DNS settings
|
|
for file in /etc/systemd/network/*.network; do
|
|
[[ -f "$file" ]] || continue
|
|
if ! grep -q "^\[DHCPv4\]" "$file"; then continue; fi
|
|
|
|
# Add UseDNS=no to DHCPv4 section if not present
|
|
if ! sed -n '/^\[DHCPv4\]/,/^\[/p' "$file" | grep -q "^UseDNS="; then
|
|
sudo sed -i '/^\[DHCPv4\]/a UseDNS=no' "$file"
|
|
fi
|
|
|
|
# Add UseDNS=no to IPv6AcceptRA section if present
|
|
if grep -q "^\[IPv6AcceptRA\]" "$file" && ! sed -n '/^\[IPv6AcceptRA\]/,/^\[/p' "$file" | grep -q "^UseDNS="; then
|
|
sudo sed -i '/^\[IPv6AcceptRA\]/a UseDNS=no' "$file"
|
|
fi
|
|
done
|
|
|
|
sudo systemctl restart systemd-networkd systemd-resolved
|
|
;;
|
|
|
|
DHCP)
|
|
sudo tee /etc/systemd/resolved.conf >/dev/null <<'EOF'
|
|
[Resolve]
|
|
DNS=
|
|
FallbackDNS=
|
|
DNSOverTLS=no
|
|
EOF
|
|
|
|
# Allow network interfaces to use DHCP DNS
|
|
for file in /etc/systemd/network/*.network; do
|
|
[[ -f "$file" ]] || continue
|
|
sudo sed -i '/^UseDNS=no/d' "$file"
|
|
done
|
|
|
|
sudo systemctl restart systemd-networkd systemd-resolved
|
|
;;
|
|
|
|
Custom)
|
|
echo "Enter your DNS servers (space-separated, e.g. '192.168.1.1 1.1.1.1'):"
|
|
read -r dns_servers
|
|
|
|
if [[ -z "$dns_servers" ]]; then
|
|
echo "Error: No DNS servers provided."
|
|
exit 1
|
|
fi
|
|
|
|
sudo tee /etc/systemd/resolved.conf >/dev/null <<EOF
|
|
[Resolve]
|
|
DNS=$dns_servers
|
|
FallbackDNS=9.9.9.9 149.112.112.112
|
|
EOF
|
|
|
|
# Ensure network interfaces don't override our DNS settings
|
|
for file in /etc/systemd/network/*.network; do
|
|
[[ -f "$file" ]] || continue
|
|
if ! grep -q "^\[DHCPv4\]" "$file"; then continue; fi
|
|
|
|
# Add UseDNS=no to DHCPv4 section if not present
|
|
if ! sed -n '/^\[DHCPv4\]/,/^\[/p' "$file" | grep -q "^UseDNS="; then
|
|
sudo sed -i '/^\[DHCPv4\]/a UseDNS=no' "$file"
|
|
fi
|
|
|
|
# Add UseDNS=no to IPv6AcceptRA section if present
|
|
if grep -q "^\[IPv6AcceptRA\]" "$file" && ! sed -n '/^\[IPv6AcceptRA\]/,/^\[/p' "$file" | grep -q "^UseDNS="; then
|
|
sudo sed -i '/^\[IPv6AcceptRA\]/a UseDNS=no' "$file"
|
|
fi
|
|
done
|
|
|
|
sudo systemctl restart systemd-networkd systemd-resolved
|
|
|
|
;;
|
|
esac
|
|
|