This bug was fixed in the package systemd - 232-21ubuntu3
---------------
systemd (232-21ubuntu3) zesty; urgency=medium
[ Martin Pitt ]
* resolved: Disable DNSSEC by default on stretch and zesty.
Both Debian stretch and Ubuntu zesty are close to releasing, switch to
DNSSEC=off by default for those. Users can still turn it back on with
DNSSEC=allow-downgrade (or even "yes"). (LP: #1682499)
[ Michael Biebl ]
* journal: fix up syslog facility when forwarding native messages.
Native journal messages (_TRANSPORT=journal) typically don't have a
syslog facility attached to it. As a result when forwarding the
messages to syslog they ended up with facility 0 (LOG_KERN).
Apply syslog_fixup_facility() so we use LOG_USER instead. (Closes: #837893)
(LP: #1682484)
[ Dimitri John Ledkov ]
* networkd: cherry-pick support for setting bridge port's priority.
This is a useful feature/bugfix to improve feature parity of networkd with
ifupdown. This matches netplan's expectations to be able to set bridge
port's
priorities via networked. This featue is to be used by
netplan/MAAS/OpenStack.
(LP: #1668347)
* TEST-12: cherry-pick upstream fix for compat with new netcat-openbsd.
(LP: #1672542)
* udev.postinst: preserve virtio interfaces names on upgrades, on s390x.
New udev generates stable interface names on s390x kvm instances, however,
upon
upgrades existing ethX names should be preserved to prevent breaking
networking
and software configurations. (Closes: #860246) (LP: #1682437)
-- Dimitri John Ledkov <x...@ubuntu.com> Thu, 13 Apr 2017 18:10:33
+0100
** Changed in: systemd (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1682499
Title:
disable dnssec
Status in systemd package in Ubuntu:
Fix Released
Status in systemd source package in Zesty:
Fix Released
Bug description:
[Impact]
* dnssec functionality in systemd-resolved prevents network access in
certain intra and extra net cases, due to failure to correctly
validate dnssec entries. As a work-around we should disable dnssec by
default.
[Test Case]
* Validate systemd-resolved is compiled with --with-default-dnssec=no
* Validate that systemd-resolve --status says that DNSSEC setting is no
$ systemd-resolve --status
good output:
...
DNSSEC setting: no
DNSSEC supported: no
...
bad output:
...
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
...
[Regression Potential]
* People who expect DNSSEC to be available by default will need to
re-enable it by modifying systemd-resolve configuration file
[Other Info]
* See duplicate bugs and other bug reports in systemd for scenarios
of DNS resolution failures when DNSSEC is enabled.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
