[Bug 1624320] [NEW] systemd-resolved appends 127.0.0.53 to resolv.conf alongside existing entries
Anders Kaseorg
andersk at mit.edu
Fri Sep 16 10:47:10 UTC 2016
Public bug reported:
systemd-resolved, or more precisely the hook script /lib/systemd/system
/systemd-resolved.service.d/resolvconf.conf, causes resolvconf to add
127.0.0.53 to the set of nameservers in /etc/resolv.conf alongside the
other nameservers. That makes no sense because systemd-resolved sets up
127.0.0.53 as a proxy for those other nameservers. The effect is
similar to bug 1624071 but for applications doing their own DNS lookups.
It breaks any DNSSEC validation that systemd-resolved tries to do;
applications will failover to the other nameservers, bypassing
validation failures. And it makes failing queries take twice as long.
/etc/resolv.conf should have only 127.0.0.53 when systemd-resolved is
active.
** Affects: systemd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1624320
Title:
systemd-resolved appends 127.0.0.53 to resolv.conf alongside existing
entries
Status in systemd package in Ubuntu:
New
Bug description:
systemd-resolved, or more precisely the hook script
/lib/systemd/system/systemd-resolved.service.d/resolvconf.conf, causes
resolvconf to add 127.0.0.53 to the set of nameservers in
/etc/resolv.conf alongside the other nameservers. That makes no sense
because systemd-resolved sets up 127.0.0.53 as a proxy for those other
nameservers. The effect is similar to bug 1624071 but for
applications doing their own DNS lookups. It breaks any DNSSEC
validation that systemd-resolved tries to do; applications will
failover to the other nameservers, bypassing validation failures. And
it makes failing queries take twice as long.
/etc/resolv.conf should have only 127.0.0.53 when systemd-resolved is
active.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624320/+subscriptions
More information about the foundations-bugs
mailing list