[dns-operations] Possibly (yet another) DNSSEC bug in systemd when resolving .it domains
Phil Regnauld
regnauld at nsrc.org
Thu Nov 23 22:18:58 UTC 2017
"Bogus DNSSEC error reported when mode is allow-downgrade"
https://github.com/systemd/systemd/issues/7421
Just tested this on an Ubuntu system - in /etc/systemd/resolved.conf,
change
DNSSEC=no
to
DNSSEC=allow-downgrade
Reload systemd-resolve, then attempting to resolve anything under .it
fails
$ systemd-resolve i.redd.it
i.redd.it: resolve call failed: DNSSEC validation failed: failed-auxiliary
$ systemd-resolve google.it
google.it: resolve call failed: DNSSEC validation failed: failed-auxiliary
... unless there's something borked with .IT ?
Cheers,
Phil
More information about the dns-operations
mailing list