[dns-operations] Sad news today: systemd-resolved to be deployed in Ubuntu 16.10
Peter van Dijk
peter.van.dijk at powerdns.com
Mon Jun 6 15:37:28 UTC 2016
Paul,
On 5 Jun 2016, at 20:40, Paul Wouters wrote:
> Of course, this kind of systemd-resolvd bad practise is why security
> aware
> applications (like libreswan) will want to do their own validation
> because
> it simply cannot trust the AD bit from sources like systemd-resolved.
> Which is exactly what systemd-resolvd was supposed to solve....
Are you saying systemd-resolved will set an AD bit even when a downgrade
has happened?
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the dns-operations
mailing list