From 74e3aa02b921734a6f0d9476d56ce7028fdcae3b Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sat, 13 May 2023 21:22:26 +0000
Subject: [PATCH] servo: disable DNSSEC to fix connectivity problems

---
 hosts/by-name/servo/net.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/hosts/by-name/servo/net.nix b/hosts/by-name/servo/net.nix
index 3358f247..9905e900 100644
--- a/hosts/by-name/servo/net.nix
+++ b/hosts/by-name/servo/net.nix
@@ -33,6 +33,14 @@
   # - getent ahostsv4 www.google.com
   # - try fix: <https://serverfault.com/questions/765989/connect-to-3rd-party-vpn-server-but-dont-use-it-as-the-default-route/766290#766290>
   services.resolved.enable = true;
+  # without DNSSEC:
+  # - dig matrix.org => works
+  # - curl https://matrix.org => works
+  # with default DNSSEC:
+  # - dig matrix.org => works
+  # - curl https://matrix.org => fails
+  # i don't know why. this might somehow be interfering with the DNS run on this device (trust-dns)
+  services.resolved.dnssec = "false";
   networking.nameservers = [
     # use systemd-resolved resolver
     # full resolver (which understands /etc/hosts) lives on 127.0.0.53