[dns-operations] Sad news today: systemd-resolved to be deployed in Ubuntu 16.10

Peter van Dijk peter.van.dijk at powerdns.com
Mon Jun 6 15:37:28 UTC 2016


On 5 Jun 2016, at 20:40, Paul Wouters wrote:

> Of course, this kind of systemd-resolvd bad practise is why security 
> aware
> applications (like libreswan) will want to do their own validation 
> because
> it simply cannot trust the AD bit from sources like systemd-resolved.
> Which is exactly what systemd-resolvd was supposed to solve....

Are you saying systemd-resolved will set an AD bit even when a downgrade 
has happened?

Kind regards,
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

More information about the dns-operations mailing list