*** This bug is a duplicate of bug 1897744 *** https://bugs.launchpad.net/bugs/1897744
TL;DR: one affected by this upgrade triggered behavior change needs to set options edns0 trust-ad in /etc/resolv.conf to fix the issue. And as usual, once you already know what things are about - then (but only then :-/ ) you find the important related issues - reported by Laney \o/ Subscribing him to the bug FYI Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960023 I'll add a bug link to Debian. Discussed and declared to be systed issue and asked to file upstream. Which led to ... Systemd https://github.com/systemd/systemd/issues/15767 This is fixed in newer systemd and will set trust-ad I'll add a systemd task to consider backporting this to Focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1898590 Title: Verify DNS fingerprints not working Status in systemd: Unknown Status in glibc package in Ubuntu: Invalid Status in openssh package in Ubuntu: Invalid Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Focal: New Status in openssh package in Debian: Unknown Bug description: When setting in /etc/ssh/ssh_config VerifyHostKeyDNS to yes the fingerprints are fetched, but the result is always: debug1: found n insecure fingerprints in DNS With dig +dnssec -tsshfp hostname the result is ok: ad flg is set. To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1898590/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp