** Description changed: - because pitti says so + [Impact] - cherrypick from debian + * dnssec functionality in systemd-resolved prevents network access in + certain intra and extra net cases, due to failure to correctly validate + dnssec entries. As a work-around we should disable dnssec by default. + + [Test Case] + + * Validate systemd-resolved is compiled with --with-default-dnssec=no + * Validate that systemd-resolve --status says that DNSSEC setting is no + + [Regression Potential] + + * People who expect DNSSEC to be available by default will need to re- + enable it by modifying systemd-resolve configuration file + + [Other Info] + + * See duplicate bugs and other bug reports in systemd for scenarios of DNS resolution failures when DNSSEC is enabled.
** Description changed: [Impact] - * dnssec functionality in systemd-resolved prevents network access in + * dnssec functionality in systemd-resolved prevents network access in certain intra and extra net cases, due to failure to correctly validate dnssec entries. As a work-around we should disable dnssec by default. [Test Case] - * Validate systemd-resolved is compiled with --with-default-dnssec=no - * Validate that systemd-resolve --status says that DNSSEC setting is no + * Validate systemd-resolved is compiled with --with-default-dnssec=no + * Validate that systemd-resolve --status says that DNSSEC setting is no + + $ systemd-resolve --status + + good output: + ... + DNSSEC setting: no + DNSSEC supported: no + ... + + bad output: + ... + DNSSEC setting: allow-downgrade + DNSSEC supported: yes + ... [Regression Potential] - * People who expect DNSSEC to be available by default will need to re- + * People who expect DNSSEC to be available by default will need to re- enable it by modifying systemd-resolve configuration file [Other Info] - - * See duplicate bugs and other bug reports in systemd for scenarios of DNS resolution failures when DNSSEC is enabled. + + * See duplicate bugs and other bug reports in systemd for scenarios of + DNS resolution failures when DNSSEC is enabled. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1682499 Title: disable dnssec Status in systemd package in Ubuntu: Confirmed Status in systemd source package in Zesty: Confirmed Bug description: [Impact] * dnssec functionality in systemd-resolved prevents network access in certain intra and extra net cases, due to failure to correctly validate dnssec entries. As a work-around we should disable dnssec by default. [Test Case] * Validate systemd-resolved is compiled with --with-default-dnssec=no * Validate that systemd-resolve --status says that DNSSEC setting is no $ systemd-resolve --status good output: ... DNSSEC setting: no DNSSEC supported: no ... bad output: ... DNSSEC setting: allow-downgrade DNSSEC supported: yes ... [Regression Potential] * People who expect DNSSEC to be available by default will need to re-enable it by modifying systemd-resolve configuration file [Other Info] * See duplicate bugs and other bug reports in systemd for scenarios of DNS resolution failures when DNSSEC is enabled. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp