[Bug 1682499] Re: disable dnssec
Paul Natsuo Kishimoto
account+launchpad at paul.kishimoto.name
Thu Apr 20 14:45:48 UTC 2017
Bug #1650877 and the others linked there (see comment #7) appear to be
duplicates.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1682499
Title:
disable dnssec
Status in systemd package in Ubuntu:
Fix Committed
Status in systemd source package in Zesty:
Fix Committed
Bug description:
[Impact]
* dnssec functionality in systemd-resolved prevents network access in
certain intra and extra net cases, due to failure to correctly
validate dnssec entries. As a work-around we should disable dnssec by
default.
[Test Case]
* Validate systemd-resolved is compiled with --with-default-dnssec=no
* Validate that systemd-resolve --status says that DNSSEC setting is no
$ systemd-resolve --status
good output:
...
DNSSEC setting: no
DNSSEC supported: no
...
bad output:
...
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
...
[Regression Potential]
* People who expect DNSSEC to be available by default will need to
re-enable it by modifying systemd-resolve configuration file
[Other Info]
* See duplicate bugs and other bug reports in systemd for scenarios
of DNS resolution failures when DNSSEC is enabled.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499/+subscriptions
More information about the foundations-bugs
mailing list