[Bug 1682499] Re: disable dnssec
Dimitri John Ledkov
launchpad at surgut.co.uk
Tue Apr 18 17:02:41 UTC 2017
** Description changed:
- because pitti says so
+ [Impact]
- cherrypick from debian
+ * dnssec functionality in systemd-resolved prevents network access in
+ certain intra and extra net cases, due to failure to correctly validate
+ dnssec entries. As a work-around we should disable dnssec by default.
+
+ [Test Case]
+
+ * Validate systemd-resolved is compiled with --with-default-dnssec=no
+ * Validate that systemd-resolve --status says that DNSSEC setting is no
+
+ [Regression Potential]
+
+ * People who expect DNSSEC to be available by default will need to re-
+ enable it by modifying systemd-resolve configuration file
+
+ [Other Info]
+
+ * See duplicate bugs and other bug reports in systemd for scenarios of DNS resolution failures when DNSSEC is enabled.
** Description changed:
[Impact]
- * dnssec functionality in systemd-resolved prevents network access in
+ * dnssec functionality in systemd-resolved prevents network access in
certain intra and extra net cases, due to failure to correctly validate
dnssec entries. As a work-around we should disable dnssec by default.
[Test Case]
- * Validate systemd-resolved is compiled with --with-default-dnssec=no
- * Validate that systemd-resolve --status says that DNSSEC setting is no
+ * Validate systemd-resolved is compiled with --with-default-dnssec=no
+ * Validate that systemd-resolve --status says that DNSSEC setting is no
+
+ $ systemd-resolve --status
+
+ good output:
+ ...
+ DNSSEC setting: no
+ DNSSEC supported: no
+ ...
+
+ bad output:
+ ...
+ DNSSEC setting: allow-downgrade
+ DNSSEC supported: yes
+ ...
[Regression Potential]
- * People who expect DNSSEC to be available by default will need to re-
+ * People who expect DNSSEC to be available by default will need to re-
enable it by modifying systemd-resolve configuration file
[Other Info]
-
- * See duplicate bugs and other bug reports in systemd for scenarios of DNS resolution failures when DNSSEC is enabled.
+
+ * See duplicate bugs and other bug reports in systemd for scenarios of
+ DNS resolution failures when DNSSEC is enabled.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1682499
Title:
disable dnssec
Status in systemd package in Ubuntu:
Confirmed
Status in systemd source package in Zesty:
Confirmed
Bug description:
[Impact]
* dnssec functionality in systemd-resolved prevents network access in
certain intra and extra net cases, due to failure to correctly
validate dnssec entries. As a work-around we should disable dnssec by
default.
[Test Case]
* Validate systemd-resolved is compiled with --with-default-dnssec=no
* Validate that systemd-resolve --status says that DNSSEC setting is no
$ systemd-resolve --status
good output:
...
DNSSEC setting: no
DNSSEC supported: no
...
bad output:
...
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
...
[Regression Potential]
* People who expect DNSSEC to be available by default will need to
re-enable it by modifying systemd-resolve configuration file
[Other Info]
* See duplicate bugs and other bug reports in systemd for scenarios
of DNS resolution failures when DNSSEC is enabled.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499/+subscriptions
More information about the foundations-bugs
mailing list