Public bug reported:

Hi,

it looks like there is an error in the manpage of resolved.conf.

Ubuntu 20.04.1 LTS

systemd 245.4-4ubuntu3.2


The manpage of resolved.conf says:

DNSSEC=
   ...
   Defaults to "allow-downgrade"

So when I leave the resolved.conf un-edited, the value is

[Resolve]
...
#DNSSEC=no
...

so the default "allow-downgrade" should apply.


But instead DNSSEC is not used at all.

dig sshfp dnsprivacy.org +dnssec

; <<>> DiG 9.16.1-Ubuntu <<>> sshfp dnsprivacy.org +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24171
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1


When I set the value hard-coded to "allow-downgrade"

[Resolve]
...
DNSSEC=allow-downgrade
...

the ad flag is shown.

dig sshfp dnsprivacy.org +dnssec

; <<>> DiG 9.16.1-Ubuntu <<>> sshfp dnsprivacy.org +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41701
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1


Best regards
Daniel

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1895528

Title:
  Setting in manpage of resolved.conf does not apply

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1895528/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to