The primary purpose of adding to resolv.conf is for client
software that wants to do DNS resolution by itself instead of using NSS
-- most notable example is Google Chrome, and third-party software which
is statically linked (e. g. Go).

However, other software like NetworkManager or isc-dhcp also calls
resolvconf and adds name servers picked up by them -- as they don't talk
to resolved directly, resolved reads their DNS servers *from*

But, software which does its own DNS lookups like the above have to do
their own DNSSEC validation too -- you can't both chose to *not* use NSS
*and* rely on NSS to do DNSSEC for you..

So, this is indeed a wart, but not easily fixed, and also not that
important IMHO. Not using NSS is already broken to some degree, as you
also ignore things like nss-{winbind,docker,ldap} etc.

** Changed in: systemd (Ubuntu)
       Status: New => Triaged

** Changed in: systemd (Ubuntu)
   Importance: Undecided => Low

You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

  systemd-resolved appends to resolv.conf alongside existing

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to