** Summary changed:

- DNS server capability detection is broken and has critical consequences when 
DNSSEC is enabled
+ DNS server capability detection is broken and has fatal consequences to 
resolving when DNSSEC is enabled

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1857639

Title:
  DNS server capability detection is broken and has fatal consequences
  to resolving when DNSSEC is enabled

Status in systemd package in Ubuntu:
  Confirmed

Bug description:
  I'm running Ubuntu 19.10

  I'm on latest version available from repositories, systemd 242

  I'm expecting upstream DNS server capabilities being detected
  correctly and DNSSEC to keep working. Alternatively I'd expect a
  method of disabling capability checks instead of DNSSEC.

  Currently instead resolved misdetect features suddenly, stops
  resolving all together (fails closed, which is somewhat good).
  Capability reset is a very temporary fix.

  A suggested fix could be (ordered based on how nice of a solution it
  is):

  a. The capability detection is fixed
  (https://github.com/systemd/systemd/issues/9384)

  b. Force-disabling capability detection exists (this is what I also
  requested here: https://github.com/systemd/systemd/issues/14435)

  c. Patch Ubuntu version not to allow such a foot gun, update
  documentation (this is theoretically what Ubuntu could do meanwhile)

  d. Remove DNSSEC from resolved

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1857639/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to