From be337c6a33b64687c23c227038a1d45ad86469f3 Mon Sep 17 00:00:00 2001
From: Florian Preinstorfer <site-github@nblock.org>
Date: Tue, 19 Aug 2025 11:20:04 +0200
Subject: [PATCH 1/2] Enable derp.server.verify_clients by default

This setting is already enabled in example-config.yaml but would default
to false if no key is set.
---
 hscontrol/types/config.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hscontrol/types/config.go b/hscontrol/types/config.go
index 44773a55..be0bce81 100644
--- a/hscontrol/types/config.go
+++ b/hscontrol/types/config.go
@@ -297,6 +297,7 @@ func LoadConfig(path string, isFile bool) error {
 	viper.SetDefault("dns.search_domains", []string{})
 
 	viper.SetDefault("derp.server.enabled", false)
+	viper.SetDefault("derp.server.verify_clients", true)
 	viper.SetDefault("derp.server.stun.enabled", true)
 	viper.SetDefault("derp.server.automatically_add_embedded_derp_region", true)
 

From 51c6367bb13c63112cb5836c98906add127638e1 Mon Sep 17 00:00:00 2001
From: dotlambda <github@dotlambda.de>
Date: Sun, 1 Jun 2025 15:40:03 -0700
Subject: [PATCH 2/2] Correctly document the default for dns.override_local_dns

---
 config-example.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config-example.yaml b/config-example.yaml
index 43dbd056..8748b560 100644
--- a/config-example.yaml
+++ b/config-example.yaml
@@ -275,9 +275,9 @@ dns:
   # `hostname.base_domain` (e.g., _myhost.example.com_).
   base_domain: example.com
 
-  # Whether to use the local DNS settings of a node (default) or override the
-  # local DNS settings and force the use of Headscale's DNS configuration.
-  override_local_dns: false
+  # Whether to use the local DNS settings of a node or override the local DNS 
+  # settings (default) and force the use of Headscale's DNS configuration.
+  override_local_dns: true
 
   # List of DNS servers to expose to clients.
   nameservers: