From 04cc838b9e2ec01e5a6beed90f749f390c458441 Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Fri, 23 Dec 2022 07:45:10 +0100
Subject: debvm-create: extend negative dnssec trust anchors

systemd turns on dnssec validation since buster and that makes local
domain resolution break unless having a negative trust anchor. The
standards settled on .home.arpa, but this is only listed since bullseye.
In order to have this domain work on buster, it must be listed
explicitly. It is a noop on later releases.
---
 debvm-create | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debvm-create b/debvm-create
index ae9d65e..e574ee1 100755
--- a/debvm-create
+++ b/debvm-create
@@ -157,7 +157,7 @@ set -- '--customize-hook=chroot "$1" passwd --delete root' "$@"
 # dhcp on all network interfaces
 set -- \
 	'--customize-hook=chroot "$1" systemctl enable systemd-networkd.service' \
-	"--customize-hook=printf '"'[Match]\nName=en*\nName=eth*\n[Network]\nDHCP=yes\n[DHCP]\nUseDomains=yes\n'"'"' > "$1/etc/systemd/network/20-wired.network"' \
+	"--customize-hook=printf '"'[Match]\nName=en*\nName=eth*\n[Network]\nDHCP=yes\nDNSSECNegativeTrustAnchors=home.arpa\n[DHCP]\nUseDomains=yes\n'"'"' > "$1/etc/systemd/network/20-wired.network"' \
 	"$@"
 
 # add ssh key for root
-- 
cgit v1.2.3