Hello, dig will do dns lookups itself, it doesn't rely on the host resolver configuration. Does your host resolver configuration support dnssec? It might be worth using tcpdump or tshark or wireshark to see if the queries are properly formed, and if the replies are correct.
Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1898590 Title: Verify DNS fingerprints not working Status in openssh package in Ubuntu: New Bug description: When setting in /etc/ssh/ssh_config VerifyHostKeyDNS to yes the fingerprints are fetched, but the result is always: debug1: found n insecure fingerprints in DNS With dig +dnssec -tsshfp hostname the result is ok: ad flg is set. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1898590/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp