[dns-operations] systemd resolved ignores specified root
Derek Wilson
jderekwilson at gmail.com
Thu Sep 17 16:15:48 UTC 2020
> On a systemd box, `uz.` is not treated as an FQDN and if `uz` does not
> exist in a search domain, resolved will tell you SERVFAIL.
Sorry to reply to my own email but I need to correct this: I should
have said if the name `uz` does not exist in LLMNR, resolved will tell
you SERVFAIL.
It's not that uz is run through search domains - its just not treated
like it's a name in traditional DNS at all.
The security issue I feel like systemd resolved introduced is that
they have an override setting to allow names with no dots at all to be
sent to global DNS supposedly to address this issue. But without also
requiring a trailing dot this shouldn't be done... right?
More information about the dns-operations
mailing list