** Description changed: - because pitti says so + [Impact] - cherrypick from debian + * dnssec functionality in systemd-resolved prevents network access in + certain intra and extra net cases, due to failure to correctly validate + dnssec entries. As a work-around we should disable dnssec by default. + + [Test Case] + + * Validate systemd-resolved is compiled with --with-default-dnssec=no + * Validate that systemd-resolve --status says that DNSSEC setting is no + + [Regression Potential] + + * People who expect DNSSEC to be available by default will need to re- + enable it by modifying systemd-resolve configuration file + + [Other Info] + + * See duplicate bugs and other bug reports in systemd for scenarios of DNS resolution failures when DNSSEC is enabled.
** Description changed: [Impact] - * dnssec functionality in systemd-resolved prevents network access in + * dnssec functionality in systemd-resolved prevents network access in certain intra and extra net cases, due to failure to correctly validate dnssec entries. As a work-around we should disable dnssec by default. [Test Case] - * Validate systemd-resolved is compiled with --with-default-dnssec=no - * Validate that systemd-resolve --status says that DNSSEC setting is no + * Validate systemd-resolved is compiled with --with-default-dnssec=no + * Validate that systemd-resolve --status says that DNSSEC setting is no + + $ systemd-resolve --status + + good output: + ... + DNSSEC setting: no + DNSSEC supported: no + ... + + bad output: + ... + DNSSEC setting: allow-downgrade + DNSSEC supported: yes + ... [Regression Potential] - * People who expect DNSSEC to be available by default will need to re- + * People who expect DNSSEC to be available by default will need to re- enable it by modifying systemd-resolve configuration file [Other Info] - - * See duplicate bugs and other bug reports in systemd for scenarios of DNS resolution failures when DNSSEC is enabled. + + * See duplicate bugs and other bug reports in systemd for scenarios of + DNS resolution failures when DNSSEC is enabled. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1682499 Title: disable dnssec To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs