@duggalsudeep This is not a regression, we are intentionally disabling DNSSEC by default; and yes you do need to change /etc/systemd/resolved.conf to enable DNSSEC - just like in yakkety. It was a mistake that we enabled it for zesty.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1682499 Title: disable dnssec Status in systemd package in Ubuntu: Fix Committed Status in systemd source package in Zesty: Fix Committed Bug description: [Impact] * dnssec functionality in systemd-resolved prevents network access in certain intra and extra net cases, due to failure to correctly validate dnssec entries. As a work-around we should disable dnssec by default. [Test Case] * Validate systemd-resolved is compiled with --with-default-dnssec=no * Validate that systemd-resolve --status says that DNSSEC setting is no $ systemd-resolve --status good output: ... DNSSEC setting: no DNSSEC supported: no ... bad output: ... DNSSEC setting: allow-downgrade DNSSEC supported: yes ... [Regression Potential] * People who expect DNSSEC to be available by default will need to re-enable it by modifying systemd-resolve configuration file [Other Info] * See duplicate bugs and other bug reports in systemd for scenarios of DNS resolution failures when DNSSEC is enabled. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
