[dns-operations] DNSSEC disabling on systemd/Ubuntu required?

Robert Edmonds edmonds at mycre.ws
Fri Apr 21 15:45:00 UTC 2017

Stephane Bortzmeyer wrote:
> I have no information about this bug, and the suggested
> workaround. Anyone can share details?
> https://twitter.com/machms/status/855134897102622725
> Internet doesn't work anymore after upgrading #ubuntu to 17.04 #zesty version? Add
> 'DNSSEC=off' to /etc/systemd/resolved.conf and reboot.

It looks like the Debian/Ubuntu systemd package maintainers decided not
to risk enabling DNSSEC by default in the upcoming releases. (Note the
systemd version in Ubuntu "zesty" is currently 232-21ubuntu2 so this fix
hasn't propagated yet.)

systemd (232-22) unstable; urgency=medium

  [ Martin Pitt ]
  * resolved: Disable DNSSEC by default on stretch and zesty.
    Both Debian stretch and Ubuntu zesty are close to releasing, switch to
    DNSSEC=off by default for those. Users can still turn it back on with
    DNSSEC=allow-downgrade (or even "yes").

  [ … ]

 -- Michael Biebl <biebl at debian.org>  Tue, 28 Mar 2017 21:23:30 +0200

Robert Edmonds

More information about the dns-operations mailing list