As I recall resolved is also enabled by default in Ubuntu Server 16.10 (though not on Desktop), so this is a critical issue there as well. Dimitri, could you please have a look at this backport?
Could someone who's seeing the DNSSEC problem please also file a separate bug report, so we can track that problem separately? ** Also affects: network-manager (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Yakkety) Importance: Undecided Status: New ** Changed in: systemd (Ubuntu Yakkety) Importance: Undecided => Critical ** Changed in: systemd (Ubuntu Yakkety) Status: New => Triaged ** Changed in: systemd (Ubuntu Yakkety) Milestone: None => yakkety-updates ** Changed in: systemd (Ubuntu Yakkety) Assignee: (unassigned) => Dimitri John Ledkov (xnox) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1647031 Title: systemd-resolved’s 127.0.0.53 server does not follow CNAME records Status in systemd: New Status in network-manager package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Fix Released Status in network-manager source package in Yakkety: New Status in systemd source package in Yakkety: Triaged Bug description: $ systemd-resolve www.freedesktop.org www.freedesktop.org: 131.252.210.176 2610:10:20:722:a800:ff:feda:470f (annarchy.freedesktop.org) -- Information acquired via protocol DNS in 673.6ms. -- Data is authenticated: no $ ping www.freedesktop.org ping: www.freedesktop.org: Name or service not known $ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 127.0.0.53 $ dig +no{cmd,comments,stats} www.freedesktop.org @127.0.0.53 ;www.freedesktop.org. IN A www.freedesktop.org. 7146 IN CNAME annarchy.freedesktop.org. $ dig +no{cmd,comments,stats} www.freedesktop.org @8.8.8.8 ;www.freedesktop.org. IN A www.freedesktop.org. 14399 IN CNAME annarchy.freedesktop.org. annarchy.freedesktop.org. 14399 IN A 131.252.210.176 I trust it needn’t be explained why this makes the internet almost completely useless in zesty. To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1647031/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp