[Bug 1895528] [NEW] Setting in manpage of resolved.conf does not apply

Daniel von Obernitz 1895528 at bugs.launchpad.net
Mon Sep 14 12:33:00 UTC 2020 

Public bug reported:

Hi,

it looks like there is an error in the manpage of resolved.conf.

Ubuntu 20.04.1 LTS

systemd 245.4-4ubuntu3.2


The manpage of resolved.conf says:

DNSSEC=
   ...
   Defaults to "allow-downgrade"

So when I leave the resolved.conf un-edited, the value is

[Resolve]
...
#DNSSEC=no
...

so the default "allow-downgrade" should apply.


But instead DNSSEC is not used at all.

dig sshfp dnsprivacy.org +dnssec

; <<>> DiG 9.16.1-Ubuntu <<>> sshfp dnsprivacy.org +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24171
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1


When I set the value hard-coded to "allow-downgrade"

[Resolve]
...
DNSSEC=allow-downgrade
...

the ad flag is shown.

dig sshfp dnsprivacy.org +dnssec

; <<>> DiG 9.16.1-Ubuntu <<>> sshfp dnsprivacy.org +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41701
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1


Best regards
Daniel

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1895528

Title:
  Setting in manpage of resolved.conf does not apply

Status in systemd package in Ubuntu:
  New

Bug description:
  Hi,

  it looks like there is an error in the manpage of resolved.conf.

  Ubuntu 20.04.1 LTS

  systemd 245.4-4ubuntu3.2


  The manpage of resolved.conf says:

  DNSSEC=
     ...
     Defaults to "allow-downgrade"

  So when I leave the resolved.conf un-edited, the value is

  [Resolve]
  ...
  #DNSSEC=no
  ...

  so the default "allow-downgrade" should apply.


  But instead DNSSEC is not used at all.

  dig sshfp dnsprivacy.org +dnssec

  ; <<>> DiG 9.16.1-Ubuntu <<>> sshfp dnsprivacy.org +dnssec
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24171
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  
  When I set the value hard-coded to "allow-downgrade"

  [Resolve]
  ...
  DNSSEC=allow-downgrade
  ...

  the ad flag is shown.

  dig sshfp dnsprivacy.org +dnssec

  ; <<>> DiG 9.16.1-Ubuntu <<>> sshfp dnsprivacy.org +dnssec
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41701
  ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  
  Best regards
  Daniel

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1895528/+subscriptions

More information about the foundations-bugs mailing list