*** This bug is a duplicate of bug 1897744 *** https://bugs.launchpad.net/bugs/1897744
@Dan - now I saw your update - that might have shortened my dnssec trip :-) It indeed is a duplicate of that - marking as such. ** This bug has been marked a duplicate of bug 1897744 VerifyHostKeyDNS not working due to missing trust-ad flag -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1898590 Title: Verify DNS fingerprints not working Status in systemd: Unknown Status in glibc package in Ubuntu: Invalid Status in openssh package in Ubuntu: Invalid Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Focal: New Status in openssh package in Debian: Unknown Bug description: When setting in /etc/ssh/ssh_config VerifyHostKeyDNS to yes the fingerprints are fetched, but the result is always: debug1: found n insecure fingerprints in DNS With dig +dnssec -tsshfp hostname the result is ok: ad flg is set. To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1898590/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp