[Bug 1682499] Re: disable dnssec
Sudeep Duggal
duggalsudeep at gmail.com
Thu Apr 20 09:46:43 UTC 2017
systemd version 232-21ubuntu3: verified OK.
How do I correctly enable DNSSEC as default ?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1682499
Title:
disable dnssec
Status in systemd package in Ubuntu:
Fix Committed
Status in systemd source package in Zesty:
Fix Committed
Bug description:
[Impact]
* dnssec functionality in systemd-resolved prevents network access in
certain intra and extra net cases, due to failure to correctly
validate dnssec entries. As a work-around we should disable dnssec by
default.
[Test Case]
* Validate systemd-resolved is compiled with --with-default-dnssec=no
* Validate that systemd-resolve --status says that DNSSEC setting is no
$ systemd-resolve --status
good output:
...
DNSSEC setting: no
DNSSEC supported: no
...
bad output:
...
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
...
[Regression Potential]
* People who expect DNSSEC to be available by default will need to
re-enable it by modifying systemd-resolve configuration file
[Other Info]
* See duplicate bugs and other bug reports in systemd for scenarios
of DNS resolution failures when DNSSEC is enabled.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499/+subscriptions
More information about the foundations-bugs
mailing list