[dns-operations] DNSSEC disabling on systemd/Ubuntu required?

Florian Weimer fw at deneb.enyo.de
Sat Apr 22 10:52:11 UTC 2017


* Robert Edmonds:

> It looks like the Debian/Ubuntu systemd package maintainers decided not
> to risk enabling DNSSEC by default in the upcoming releases. (Note the
> systemd version in Ubuntu "zesty" is currently 232-21ubuntu2 so this fix
> hasn't propagated yet.)
>
> systemd (232-22) unstable; urgency=medium
>
>   [ Martin Pitt ]
>   * resolved: Disable DNSSEC by default on stretch and zesty.
>     Both Debian stretch and Ubuntu zesty are close to releasing, switch to
>     DNSSEC=off by default for those. Users can still turn it back on with
>     DNSSEC=allow-downgrade (or even "yes").

Is systemd-resolved used as the default caching resolver?



More information about the dns-operations mailing list