Au contraire,
I argue to not fix this issue and keep the other upstream resolvers
alongside 127.0.0.53 in /etc/resolv.conf, because 127.0.0.53 will break
applications that need to do DNSSEC validation themselves (for example
for DANE).
Once systemd-resolved has been fixed to provide the DNSSEC da
Unfortunately the DNS interface of current systemd-resolved strips DNSSEC, so
applications that do DANE validation still have to target the upstreams
directly.
I have filed a bug about this: https://github.com/systemd/systemd/issues/4621
** Bug watch added: github.com/systemd/systemd/issues #462
2 matches
Mail list logo