Public bug reported: I have a MAAS server that uses a box running dnsmasq as a DNS forwarder.
With MAAS enabling dnssec by default, I get errors like these and DNS resolution from the MAAS provisioned machines doesn't work beyond what MAAS manages. Aug 21 01:29:17 maas-region-hkg named[1147]: error (no valid RRSIG) resolving 'mediawiki/DS/IN': <ipv4addr>#53 Aug 21 01:29:17 maas-region-hkg named[1147]: error (network unreachable) resolving 'mediawiki/DS/IN': <ipv6addr>#53 Aug 21 01:29:17 maas-region-hkg named[1147]: error (network unreachable) resolving 'mediawiki/DS/IN': <ipv6addr>#53 Aug 21 01:29:17 maas-region-hkg named[1147]: error (insecurity proof failed) resolving 'mediawiki/AAAA/IN': <ipv4addr>#53 Aug 21 01:29:17 maas-region-hkg named[1147]: error (insecurity proof failed) resolving 'mediawiki/A/IN': <ipv4addr>#53 /etc/bind/named.conf options contains this stanza: // // This file is managed by MAAS. Although MAAS attempts to preserve changes // made here, it is possible to create conflicts that MAAS can not resolve. // // DNS settings available in MAAS (for example, forwarders and // dnssec-validation) should be managed only in MAAS. I I disable dnssec, name resolution works, and I didn't find a place in the web UI where I can disable dnssec. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: maas 1.7.6+bzr3376-0ubuntu2~14.04.1 ProcVersionSignature: Ubuntu 3.19.0-25.26~14.04.1-generic 3.19.8-ckt2 Uname: Linux 3.19.0-25-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.11 Architecture: amd64 Date: Fri Aug 21 02:55:27 2015 InstallationDate: Installed on 2015-08-10 (10 days ago) InstallationMedia: Ubuntu-Server 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805) PackageArchitecture: all ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: maas UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: maas (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug trusty -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to maas in Ubuntu. https://bugs.launchpad.net/bugs/1487283 Title: DNS forwarding doesn't work because MAAS enables dnssec To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/maas/+bug/1487283/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs