DigitalCourage encrypted DNS (DoT) via TLS systemd-resolved without censorship

2022-12-04 17:11:52 +01:00 · 2022-12-04 17:11:52 +01:00 · 6059046738
commit 6059046738
parent 872efb6f4f
1 changed files with 15 additions and 0 deletions
--- a/basics.yml
+++ b/basics.yml
@ -165,6 +165,21 @@
        state: present
      notify: localectl

+    - name: DigitalCourage encrypted DNS (DoT) via TLS systemd-resolved without censorship
+      blockinfile:
+        path: /etc/systemd/resolved.conf.d/digitalcourage-dot.conf
+        mode: "0444"
+        owner: root
+        group: root
+        create: yes
+        insertbefore: BOF # Beginning of the file
+        marker: "# {mark} ANSIBLE MANAGED BLOCK"
+        block: |
+          [Resolve]
+          DNS=5.9.164.112#dns3.digitalcourage.de 2a01:4f8:251:554::2#dns3.digitalcourage.de
+          DNSOverTLS=opportunistic
+        backup: yes
+      
    - name: SSHD hardening
      blockinfile:
        path: /etc/ssh/sshd_config.d/hardening.conf