This bug was fixed in the package systemd - 232-21ubuntu3 --------------- systemd (232-21ubuntu3) zesty; urgency=medium
[ Martin Pitt ] * resolved: Disable DNSSEC by default on stretch and zesty. Both Debian stretch and Ubuntu zesty are close to releasing, switch to DNSSEC=off by default for those. Users can still turn it back on with DNSSEC=allow-downgrade (or even "yes"). (LP: #1682499) [ Michael Biebl ] * journal: fix up syslog facility when forwarding native messages. Native journal messages (_TRANSPORT=journal) typically don't have a syslog facility attached to it. As a result when forwarding the messages to syslog they ended up with facility 0 (LOG_KERN). Apply syslog_fixup_facility() so we use LOG_USER instead. (Closes: #837893) (LP: #1682484) [ Dimitri John Ledkov ] * networkd: cherry-pick support for setting bridge port's priority. This is a useful feature/bugfix to improve feature parity of networkd with ifupdown. This matches netplan's expectations to be able to set bridge port's priorities via networked. This featue is to be used by netplan/MAAS/OpenStack. (LP: #1668347) * TEST-12: cherry-pick upstream fix for compat with new netcat-openbsd. (LP: #1672542) * udev.postinst: preserve virtio interfaces names on upgrades, on s390x. New udev generates stable interface names on s390x kvm instances, however, upon upgrades existing ethX names should be preserved to prevent breaking networking and software configurations. (Closes: #860246) (LP: #1682437) -- Dimitri John Ledkov <x...@ubuntu.com> Thu, 13 Apr 2017 18:10:33 +0100 ** Changed in: systemd (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1682499 Title: disable dnssec Status in systemd package in Ubuntu: Fix Committed Status in systemd source package in Zesty: Fix Released Bug description: [Impact] * dnssec functionality in systemd-resolved prevents network access in certain intra and extra net cases, due to failure to correctly validate dnssec entries. As a work-around we should disable dnssec by default. [Test Case] * Validate systemd-resolved is compiled with --with-default-dnssec=no * Validate that systemd-resolve --status says that DNSSEC setting is no $ systemd-resolve --status good output: ... DNSSEC setting: no DNSSEC supported: no ... bad output: ... DNSSEC setting: allow-downgrade DNSSEC supported: yes ... [Regression Potential] * People who expect DNSSEC to be available by default will need to re-enable it by modifying systemd-resolve configuration file [Other Info] * See duplicate bugs and other bug reports in systemd for scenarios of DNS resolution failures when DNSSEC is enabled. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp