Public bug reported: Back in December, the default for systemd-resolved caching in Ubuntu systemd was changed to "no-negative" from the upstream default "yes" [0]
In this change, the default value in the resolved.conf file was missed. As the defaults in this file are commented, the effective default is still "no-negative", however when viewing the config file, the commented default "yes" is at odds with the man page resolved.conf(5), which correctly states the default as "no-negative". This was an issue for me as I set DNSSEC to "yes", and expected Caching to also be "yes". Running DNSSEC with the default "no-negative" Caching is detrimental to performance resolving unsigned zones, as the non- existence of DNSSEC RRs must be looked up every time. The issue with the intersection of DNSSEC and Caching is for upstream, but the least that needs to be done here is updating the resolved.conf template with "Caching=no-negative" to match the man page and behaviour, and perhaps even adding a note to the "DNSSEC=" section of resolved.conf(5) that Caching should be enabled. Now that I'm looking at that man page, the default for DNSSEC is also listed as "allow- downgrade", whereas the default for Ubuntu is "no". [0] https://git.launchpad.net/~ubuntu-core- dev/ubuntu/+source/systemd/commit/?id=b42658843a9496d6b6bb68ac159f2a9f0a8ba9db&h =ubuntu-focal ** Affects: systemd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1895418 Title: systemd-resolved default config for Caching is still "yes" Status in systemd package in Ubuntu: New Bug description: Back in December, the default for systemd-resolved caching in Ubuntu systemd was changed to "no-negative" from the upstream default "yes" [0] In this change, the default value in the resolved.conf file was missed. As the defaults in this file are commented, the effective default is still "no-negative", however when viewing the config file, the commented default "yes" is at odds with the man page resolved.conf(5), which correctly states the default as "no-negative". This was an issue for me as I set DNSSEC to "yes", and expected Caching to also be "yes". Running DNSSEC with the default "no- negative" Caching is detrimental to performance resolving unsigned zones, as the non-existence of DNSSEC RRs must be looked up every time. The issue with the intersection of DNSSEC and Caching is for upstream, but the least that needs to be done here is updating the resolved.conf template with "Caching=no-negative" to match the man page and behaviour, and perhaps even adding a note to the "DNSSEC=" section of resolved.conf(5) that Caching should be enabled. Now that I'm looking at that man page, the default for DNSSEC is also listed as "allow- downgrade", whereas the default for Ubuntu is "no". [0] https://git.launchpad.net/~ubuntu-core- dev/ubuntu/+source/systemd/commit/?id=b42658843a9496d6b6bb68ac159f2a9f0a8ba9db&h =ubuntu-focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1895418/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp