fix(networking): allow fallback to non-TLS DNS servers

2025-06-20 21:24:34 +02:00 · 2025-06-20 21:24:34 +02:00 · 9dab2d9f49
commit 9dab2d9f49
parent 232da86da0
1 changed files with 2 additions and 1 deletions
--- a/system/networking.nix
+++ b/system/networking.nix
@ -70,7 +70,8 @@ in
  services.dnsmasq.enable = false;
  services.resolved = {
    enable = true;
-    dnsovertls = if isAdguardHost then "opportunistic" else "true";
+    # HINT with "true" even fallback or interface-specific DNS servers won't work if they don't support TLS
+    dnsovertls = "opportunistic";
    fallbackDns = [
      "194.242.2.2#dns.mullvad.net"
      "194.242.2.4#base.dns.mullvad.net"