[Touch-packages] [Bug 1624320] Re: systemd-resolved appends 127.0.0.53 to resolv.conf alongside existing entries

Au contraire, I argue to not fix this issue and keep the other upstream resolvers alongside 127.0.0.53 in /etc/resolv.conf, because 127.0.0.53 will break applications that need to do DNSSEC validation themselves (for example for DANE). Once systemd-resolved has been fixed to provide the DNSSEC da

[Touch-packages] [Bug 1624320] Re: systemd-resolved appends 127.0.0.53 to resolv.conf alongside existing entries

Unfortunately the DNS interface of current systemd-resolved strips DNSSEC, so applications that do DANE validation still have to target the upstreams directly. I have filed a bug about this: https://github.com/systemd/systemd/issues/4621 ** Bug watch added: github.com/systemd/systemd/issues #462