[Bug 1682499] Re: disable dnssec

Launchpad Bug Tracker 1682499 at bugs.launchpad.net
Thu Apr 20 20:11:08 UTC 2017 

This bug was fixed in the package systemd - 232-21ubuntu3

---------------
systemd (232-21ubuntu3) zesty; urgency=medium

  [ Martin Pitt ]
  * resolved: Disable DNSSEC by default on stretch and zesty.
    Both Debian stretch and Ubuntu zesty are close to releasing, switch to
    DNSSEC=off by default for those. Users can still turn it back on with
    DNSSEC=allow-downgrade (or even "yes"). (LP: #1682499)

  [ Michael Biebl ]
  * journal: fix up syslog facility when forwarding native messages.
    Native journal messages (_TRANSPORT=journal) typically don't have a
    syslog facility attached to it. As a result when forwarding the
    messages to syslog they ended up with facility 0 (LOG_KERN).
    Apply syslog_fixup_facility() so we use LOG_USER instead. (Closes: #837893)
    (LP: #1682484)

  [ Dimitri John Ledkov ]
  * networkd: cherry-pick support for setting bridge port's priority.
    This is a useful feature/bugfix to improve feature parity of networkd with
    ifupdown. This matches netplan's expectations to be able to set bridge port's
    priorities via networked. This featue is to be used by netplan/MAAS/OpenStack.
    (LP: #1668347)
  * TEST-12: cherry-pick upstream fix for compat with new netcat-openbsd.
    (LP: #1672542)
  * udev.postinst: preserve virtio interfaces names on upgrades, on s390x.
    New udev generates stable interface names on s390x kvm instances, however, upon
    upgrades existing ethX names should be preserved to prevent breaking networking
    and software configurations. (Closes: #860246) (LP: #1682437)

 -- Dimitri John Ledkov <xnox at ubuntu.com>  Thu, 13 Apr 2017 18:10:33
+0100

** Changed in: systemd (Ubuntu Zesty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1682499

Title:
  disable dnssec

Status in systemd package in Ubuntu:
  Fix Committed
Status in systemd source package in Zesty:
  Fix Released

Bug description:
  [Impact]

   * dnssec functionality in systemd-resolved prevents network access in
  certain intra and extra net cases, due to failure to correctly
  validate dnssec entries. As a work-around we should disable dnssec by
  default.

  [Test Case]

   * Validate systemd-resolved is compiled with --with-default-dnssec=no
   * Validate that systemd-resolve --status says that DNSSEC setting is no

  $ systemd-resolve --status

  good output:
  ...
    DNSSEC setting: no
  DNSSEC supported: no
  ...

  bad output:
  ...
    DNSSEC setting: allow-downgrade
  DNSSEC supported: yes
  ...

  [Regression Potential]

   * People who expect DNSSEC to be available by default will need to
  re-enable it by modifying systemd-resolve configuration file

  [Other Info]

   * See duplicate bugs and other bug reports in systemd for scenarios
  of DNS resolution failures when DNSSEC is enabled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499/+subscriptions

More information about the foundations-bugs mailing list