The primary purpose of adding 127.0.0.53 to resolv.conf is for client
software that wants to do DNS resolution by itself instead of using NSS
-- most notable example is Google Chrome, and third-party software which
is statically linked (e. g. Go).

However, other software like NetworkManager or isc-dhcp also calls
resolvconf and adds name servers picked up by them -- as they don't talk
to resolved directly, resolved reads their DNS servers *from*
resolv.conf.

But, software which does its own DNS lookups like the above have to do
their own DNSSEC validation too -- you can't both chose to *not* use NSS
*and* rely on NSS to do DNSSEC for you..

So, this is indeed a wart, but not easily fixed, and also not that
important IMHO. Not using NSS is already broken to some degree, as you
also ignore things like nss-{winbind,docker,ldap} etc.

** Changed in: systemd (Ubuntu)
       Status: New => Triaged

** Changed in: systemd (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1624320

Title:
  systemd-resolved appends 127.0.0.53 to resolv.conf alongside existing
  entries

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624320/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to