The correct way, afaik, to change the systemd resolved config is this:
cp resolved.conf /resolved.conf.d/override1.conf
and then edit that override. But my idea is this:
- Insecure default profile. This is necessary for using Captive portals
- Secure profile, that uses DNSSec and a secure DoT DNS provider
To make the Captive portal experience on Linux better, this would need to be switched. You could rename one conf file to deactivate it, and rename the other to “*.conf”. Using pkexec this could be GUI-possible.
But is there a better way of doing this? Having that integrated into the KDE networkmanager applet for example would be really great.
Example to make insecure
# insecure DNS enable
pkexec sudo mv /etc/systemd/resolved.conf.d/hardened.conf /etc/systemd/resolved.conf.d/hardened.disabled &&\
pkexec sudo mv /etc/systemd/resolved.conf.d/default-resolved.disabled /etc/systemd/resolved.conf.d/default-resolved.conf &&\
pkexec sudo systemctl restart systemd-resolved.service &&\
notify-send -a "systemd resolved" "DNS is now insecure"