From 5a26ebf03cb3a3a2f16b2dc182c65424554870ba Mon Sep 17 00:00:00 2001
From: Kenny Ballou <kb@devnulllabs.io>
Date: Fri, 23 Jul 2021 11:36:49 -0600
Subject: configure systemd-resolved with DoT

Disable networkmanager from writing `/etc/resolv.conf` and use
configured DNS servers with DNS over TLS.

Prune down list of nameservers as Level3 and OpenDNS do not currently
support DoT.

Signed-off-by: Kenny Ballou <kb@devnulllabs.io>
---
 daeva/nftables-rules.nft | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'daeva/nftables-rules.nft')

diff --git a/daeva/nftables-rules.nft b/daeva/nftables-rules.nft
index 43234cd..0bc9d54 100644
--- a/daeva/nftables-rules.nft
+++ b/daeva/nftables-rules.nft
@@ -30,6 +30,8 @@ table inet filter {
         icmp type echo-request counter accept
         icmp type echo-reply counter accept
         udp dport domain counter accept
+        tcp dport domain-s counter accept
+        udp dport domain-s counter accept
         tcp dport http counter accept
         tcp dport https counter accept
         udp dport https counter accept
-- 
cgit v1.2.1