V8.13.536.2025.12.04
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m10s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m10s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -51,6 +51,13 @@ are aligned with the `CISS.debian.installer` baseline, ensuring a unified crypto
|
|||||||
an installed system. For an overview of the entire build process, see:
|
an installed system. For an overview of the entire build process, see:
|
||||||
**[MAN_CISS_ISO_BOOT_CHAIN.md](docs/MAN_CISS_ISO_BOOT_CHAIN.md)**
|
**[MAN_CISS_ISO_BOOT_CHAIN.md](docs/MAN_CISS_ISO_BOOT_CHAIN.md)**
|
||||||
|
|
||||||
|
When built with the ``--dhcp-centurion`` profile, the live system ships with a strict network and resolver policy:
|
||||||
|
``systemd-networkd`` and ``systemd-resolved`` are pre-configured to use ``DNS-over-TLS (DoT)`` exclusively against the
|
||||||
|
**CenturionDNS** resolver infrastructure; plain DNS is not used and connectivity failures are treated as hard errors. DNSSEC
|
||||||
|
validation is enforced in a fail-closed manner: zones with invalid or broken signatures result in ``SERVFAIL`` and are not
|
||||||
|
silently downgraded. Multicast name resolution via ``mDNS`` and ``LLMNR`` is disabled globally to avoid unintended name leakage
|
||||||
|
and spoofing surfaces.
|
||||||
|
|
||||||
Check out more leading world-class services powered by Centurion Intelligence Consulting Agency:
|
Check out more leading world-class services powered by Centurion Intelligence Consulting Agency:
|
||||||
* [CenturionDNS Resolver](https://eddns.eu/)
|
* [CenturionDNS Resolver](https://eddns.eu/)
|
||||||
* [CenturionDNS Blocklist](https://dns.eddns.eu/blocklists/centurion_titanium_ultimate.txt)
|
* [CenturionDNS Blocklist](https://dns.eddns.eu/blocklists/centurion_titanium_ultimate.txt)
|
||||||
|
|||||||
Reference in New Issue
Block a user