[Bug 1857639] Re: DNS server capability detection is broken and has critical consequences when DNSSEC is enabled
Avamander
avamander at gmail.com
Tue Jan 7 18:21:13 UTC 2020
Removed the link to a separate issue.
** No longer affects: systemd
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1857639
Title:
DNS server capability detection is broken and has critical
consequences when DNSSEC is enabled
Status in systemd package in Ubuntu:
Incomplete
Bug description:
I'm running Ubuntu 19.10
I'm on latest version available from repositories, systemd 242
I'm expecting upstream DNS server capabilities being detected
correctly and DNSSEC to keep working. Alternatively I'd expect a
method of disabling capability checks instead of DNSSEC.
Currently instead resolved misdetect features suddenly, stops
resolving all together (fails closed, which is somewhat good).
Capability reset is a very temporary fix.
A suggested fix could be (ordered based on how nice of a solution it
is):
a. The capability detection is fixed
(https://github.com/systemd/systemd/issues/9384)
b. Force-disabling capability detection exists (this is what I also
requested here: https://github.com/systemd/systemd/issues/14435)
c. Patch Ubuntu version not to allow such a foot gun, update
documentation (this is theoretically what Ubuntu could do meanwhile)
d. Remove DNSSEC from resolved
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1857639/+subscriptions
More information about the foundations-bugs
mailing list