[dns-operations] which breakage is this? FreeBSD.org / systemd-resolved

Jeroen Massar jeroen at massar.ch
Fri Oct 30 10:19:37 UTC 2020

> On 20201030, at 05:29, Paul Vixie <paul at redbarn.org> wrote:
> On Thu, Oct 29, 2020 at 09:43:28PM -0400, Viktor Dukhovni wrote:
>> On Thu, Oct 29, 2020 at 09:21:56PM -0400, Phil Pennock wrote:
>>> ...
>>> systemd-resolved is on as a host-local resolver, so the
>>> details of transport to it are pretty irrelevant: this is systemd
>>> rejecting answers which two other implementations of validating
>>> resolvers, on the local network, accept just fine.
>> There are many such defects in systemd-resolved, get in line...
> systemd is pretty configurable. there should be some way to turn this
> DNS-like but not-actually-DNS listener off, and then either run a real
> DNS listener (unbound, bind9, powerdns, knot, etc) there. bind9 in
> particular will do the right thing even with /dev/null as a config file,
> but that may be true of some of the others also.
> several of my vm's are suse linux, which has systemd, so i'd be very
> thankful to anyone with a HOWTO or URI on getting systemd out of my
> DNS resolution path. yes, i manage the resolv.conf files, but the
> risk of some local client ignoring that and sending to
> and thus talking to systemd-resolved is too high

Disabling the service will likely do the trick:


systemctl disable --now systemd-resolved.service

But as per https://manpages.debian.org/stretch/systemd/systemd-resolved.service.8.en.html

seems systemd really wants to lock tools into their thing, as they even have a special API over dbus for doing this.
funnily that mentions "for example, properly returns DNSSEC validation status" :)

bye bye getaddrinfo, thou art not welcome anymore...


More information about the dns-operations mailing list