debvm-create: extend negative dnssec trust anchors

systemd turns on dnssec validation since buster and that makes local domain resolution break unless having a negative trust anchor. The standards settled on .home.arpa, but this is only listed since bullseye. In order to have this domain work on buster, it must be listed explicitly. It is a noop on later releases.
author: Helmut Grohne <helmut@subdivi.de> 2022-12-23 07:45:10 +0100
committer: Helmut Grohne <helmut@subdivi.de> 2022-12-23 07:45:10 +0100
commit: 04cc838b9e2ec01e5a6beed90f749f390c458441 (patch)
tree: 76bc3d7da88603ac330a0981f455193849194011 /debvm-create
parent: 1bc6070756dc40fd7ce3380aff5b476d52ea0e4d (diff)
download: debvm-04cc838b9e2ec01e5a6beed90f749f390c458441.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/debvm-create b/debvm-create
index ae9d65e..e574ee1 100755
--- a/debvm-create
+++ b/debvm-create
@@ -157,7 +157,7 @@ set -- '--customize-hook=chroot "$1" passwd --delete root' "$@"
 # dhcp on all network interfaces
 set -- \
 	'--customize-hook=chroot "$1" systemctl enable systemd-networkd.service' \
-	"--customize-hook=printf '"'[Match]\nName=en*\nName=eth*\n[Network]\nDHCP=yes\n[DHCP]\nUseDomains=yes\n'"'"' > "$1/etc/systemd/network/20-wired.network"' \
+	"--customize-hook=printf '"'[Match]\nName=en*\nName=eth*\n[Network]\nDHCP=yes\nDNSSECNegativeTrustAnchors=home.arpa\n[DHCP]\nUseDomains=yes\n'"'"' > "$1/etc/systemd/network/20-wired.network"' \
 	"$@"
 
 # add ssh key for root
author	Helmut Grohne <helmut@subdivi.de>	2022-12-23 07:45:10 +0100
committer	Helmut Grohne <helmut@subdivi.de>	2022-12-23 07:45:10 +0100
commit	04cc838b9e2ec01e5a6beed90f749f390c458441 (patch)
tree	76bc3d7da88603ac330a0981f455193849194011 /debvm-create
parent	1bc6070756dc40fd7ce3380aff5b476d52ea0e4d (diff)
download	debvm-04cc838b9e2ec01e5a6beed90f749f390c458441.tar.gz