[Bug 1703640] Re: nplan and libnss-resolve should be in same dependency

Dimitri John Ledkov launchpad at surgut.co.uk
Mon Jul 24 19:24:36 UTC 2017 

about nplan/libnss-resolve dependency. This issue has been resolved in
systemd, it appears that resolved has not been started from systemd
package at all, when it should have been since yakkety.

systemd (234-1ubuntu2) artful; urgency=medium

  * Set UseDomains to true, by default, on Ubuntu.
    On Ubuntu, fallback DNS servers are disabled, therefore we do not leak queries
    to a preset 3rd party by default. In resolved, dnssec is also disabled by
    default, as too much of the internet is broken and using Ubuntu users to debug
    the internet is not very productive - most of the time the end-user cannot fix
    or know how to notify the site owners about the dnssec mistakes. Inherintally
    the DHCP acquired DNS servers are therefore trusted, and are free to spoof
    records. Not trusting DNS search domains, in such scenario, provides limited
    security or privacy benefits. From user point of view, this also appears to be
    a regression from previous Ubuntu releases which do trust DHCP acquired search
    domains by default.
    Therefore we are enabling UseDomains by default on Ubuntu.
    Users may override this setting in the .network files by specifying
    [DHCP|IPv6AcceptRA] UseDomains=no|route options.
  * resolved: create private stub resolve file for integration with resolvconf.
    The stub-resolve.conf file points at resolved stub resolver, but also lists the
    available search domains. This is required to correctly resolve domains without
    using resolve nss module.
  * Enable systemd-resolved by default
  * Create /etc/resolv.conf at postinst, pointing at the stub resolver.
    The stub resolver file is dynamically managed by systemd-resolved. It points at
    the stub resolver as the nameserver, however it also dynamically updates the
    search stanza, thus non-nss dns tools work correctly with unqualified names and
    correctly use the DHCP acquired search domains.
  * libnss-resolve: do not disable and stop systemd-resolved
    resolved is always used by default on ubuntu via stub resolver, therefore it
    should continue to operate without libnss-resolve module installed.

 -- Dimitri John Ledkov <xnox at ubuntu.com>  Fri, 21 Jul 2017 17:07:17
+0100

** No longer affects: dbus (Ubuntu)

** Changed in: systemd (Ubuntu)
       Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1703640

Title:
  nplan and libnss-resolve should be in same dependency

Status in systemd package in Ubuntu:
  Fix Committed

Bug description:
  I am filing this under nplan because I don't know what better anchor
  to use. I discovered for systems which I bring up by using debootstrap
  and then extend that installation to be bootable, I end up with nplan
  installed but not libnss-resolve. This results in broken DNS
  resolution when starting to use nplan.

  It looks like nplan is a dependency of ubuntu-minimal but libnss-
  resolve is only in ubuntu-standard. But it is also required when using
  networkd as renderer for netplan.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1703640/+subscriptions

More information about the foundations-bugs mailing list