[Bug 1682499] Re: disable dnssec

Adam Conrad adconrad at 0c3.net
Tue Apr 18 18:07:33 UTC 2017 

Hello Dimitri, or anyone else affected,

Accepted systemd into zesty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/systemd/232-21ubuntu3
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: systemd (Ubuntu Zesty)
       Status: Confirmed => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1682499

Title:
  disable dnssec

Status in systemd package in Ubuntu:
  Fix Committed
Status in systemd source package in Zesty:
  Fix Committed

Bug description:
  [Impact]

   * dnssec functionality in systemd-resolved prevents network access in
  certain intra and extra net cases, due to failure to correctly
  validate dnssec entries. As a work-around we should disable dnssec by
  default.

  [Test Case]

   * Validate systemd-resolved is compiled with --with-default-dnssec=no
   * Validate that systemd-resolve --status says that DNSSEC setting is no

  $ systemd-resolve --status

  good output:
  ...
    DNSSEC setting: no
  DNSSEC supported: no
  ...

  bad output:
  ...
    DNSSEC setting: allow-downgrade
  DNSSEC supported: yes
  ...

  [Regression Potential]

   * People who expect DNSSEC to be available by default will need to
  re-enable it by modifying systemd-resolve configuration file

  [Other Info]

   * See duplicate bugs and other bug reports in systemd for scenarios
  of DNS resolution failures when DNSSEC is enabled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499/+subscriptions

More information about the foundations-bugs mailing list