I've been running with /etc/resolv.conf for a few years now, generated 
from the ISP info from ipconfig and lists of public DNS servers and 
suffixes.

The attached postinstall script 0p_l_etc_resolv_conf.dash generates a 
new resolv.conf and replaces the current if different every update.
It is also run at cron startup and that covers system startup.

The AWK script collects names and addresses from ipconfig ouput and adds 
lists of public DNS servers and public suffixes in the proper order.

How this works with other ISPs or in other network environments is not 
anything I ever thought of testing externally.
Feel feel to try it and change it if curious or interested.


I'be been shuffling my keyservers since keyserver public key certificate 
poisoning started; currently I have the following formerly "safe" 
servers configured in ~/gnupg/dirmngr.conf:

#keyserver hkp://pool.sks-keyservers.net
#keyserver hkps://hkps.pool.sks-keyservers.net
#keyserver hkp://keys.gnupg.net
keyserver hkps://keyserver.ubuntu.com
keyserver hkps://keys.openpgp.org
keyserver hkp://pgp.mit.edu
keyserver hkp://pgp.surf.nl

also in ~/.gnupg/gpg.conf:

#keyserver hkp://pool.sks-keyservers.net
#keyserver hkps://hkps.pool.sks-keyservers.net
#keyserver hkp://keys.gnupg.net
keyserver hkp://keyserver.ubuntu.com
keyserver hkps://keys.openpgp.org
keyserver hkp://pgp.mit.edu
keyserver hkp://pgp.surf.nl
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net
#keyserver ldap://keyserver.pgp.com

I've also installed US DoD (for USNO data) and LE root CA certs and sub 
CA certs to extend access where not provided in Windows and/or Cygwin.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]