clarify debian resolver configuration

openziti · Nov 12, 2024 · 1e0e1ac · 1e0e1ac
1 parent 5b9383c
commit 1e0e1ac
Showing 1 changed file with 43 additions and 25 deletions.
diff --git a/docusaurus/docs/reference/tunnelers/60-linux/10-debian-package.mdx b/docusaurus/docs/reference/tunnelers/60-linux/10-debian-package.mdx
@@ -45,38 +45,56 @@ curl -sSLf https://get.openziti.io/tun/scripts/install-ubuntu.bash | bash
 
 #### Debian GNU/Linux
 
-| Debian      | Ubuntu       | Archs         |
+| Debian      | UBUNTU_LTS   | Archs         |
 |-------------|--------------|---------------|
-| 12 Bookworm | Jammy 22.04  | x86_64, arm64 |
-| 11 Bullseye | Focal 20.04  | x86_64, arm64 |
-| 10 Buster   | Bionic 18.04 | x86_64        |
-|  9 Stretch  | Xenial 16.04 | x86_64        |
+| 13 Trixie   | jammy        | x86_64, arm64 |
+| 12 Bookworm | jammy        | x86_64, arm64 |
+| 11 Bullseye | focal        | x86_64, arm64 |
+| 10 Buster   | bionic       | x86_64        |
+|  9 Stretch  | xenial       | x86_64        |
 
-Refer to the table to find the Ubuntu release name that is the contemporary of the Debian release. Substitute the Ubuntu
-release name for `focal` in the `/etc/apt/sources.list.d/openziti.list` file.
+1. Refer to the table to find the Ubuntu release name that is the contemporary of the Debian release. Substitute the Ubuntu release name for `jammy` in the `/etc/apt/sources.list.d/openziti.list` file.
 
-```text
-UBUNTU_LTS=focal
-```
+    ```text
+    UBUNTU_LTS=jammy
+    ```
 
-```text
-curl -sSLf https://get.openziti.io/tun/package-repos.gpg \
-| sudo gpg --dearmor --output /usr/share/keyrings/openziti.gpg
-```
+1. Subscribe the system to the OpenZiti package repository for the UBUNTU_LTS specified above.
 
-```text
-sudo chmod -c +r /usr/share/keyrings/openziti.gpg
-```
+    ```text
+    echo "deb [signed-by=/usr/share/keyrings/openziti.gpg] https://packages.openziti.org/zitipax-openziti-deb-stable $UBUNTU_LTS main" \
+    | sudo tee /etc/apt/sources.list.d/openziti.list >/dev/null
+    ```
 
-```text
-echo "deb [signed-by=/usr/share/keyrings/openziti.gpg] https://packages.openziti.org/zitipax-openziti-deb-stable $UBUNTU_LTS main" \
-| sudo tee /etc/apt/sources.list.d/openziti.list >/dev/null
-```
+1. Install the package signing pubkey.
 
-```text
-sudo apt update
-sudo apt install ziti-edge-tunnel
-```
+    ```text
+    curl -sSLf https://get.openziti.io/tun/package-repos.gpg \
+    | sudo gpg --dearmor --output /usr/share/keyrings/openziti.gpg
+    ```
+
+1. Ensure the pubkey is readable by all.
+
+    ```text
+    sudo chmod -c +r /usr/share/keyrings/openziti.gpg
+    ```
+
+1. Refresh the package list and install ziti-edge-tunnel.
+
+    ```text
+    sudo apt update
+    sudo apt install ziti-edge-tunnel
+    ```
+
+1. Replace resolveconf with systemd-resolved and delegate management of `/etc/resolv.conf` to systemd-resolved.
+
+    Debian ships without systemd-resolved, which is the only resolver that can be automatically configured by the tunnel service. You must choose between installing and enabling systemd-resolved (preferred for security and performance) or run the tunneler as root to enable legacy resolver configurations, e.g., resolveconf.
+
+    ```text
+    sudo apt install systemd-resolved
+    ```
+
+1. Reboot to ensure the new resolver configuration is in full effect.
 
 </TabItem>
 </Tabs>