Am 19.03.23 um 12:53 schrieb Bastian Blank:
Upstream changed the default for the DNSSEC option to "allow-downgrade" and that is whats everywhere is documented. Debian overrides it to "no".
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959996Both, Ubuntu and Fedora, which use resolved more extensively, have disabled DNSSEC by default, since it caused too many issues.
If the situation has significantly nowadays, I can't tell, but it would probably be a good idea to get input from those downstreams.
Michael
OpenPGP_signature.asc
Description: OpenPGP digital signature
