I grabbed the top 500 hosts in an Eaon LXD container with DNS=1.1.1.1 wget -O top500.csv https://moz.com/top-500/download/?table=top500Domains cut -d, -f2 < top500.csv | cut -d\" -f2 > top500
I ran this script twice (with and without dnssec=yes): while read p; do sleep 1 echo "$p" resolvectl query $p > with_dnssec/$p done <top500 The following domains failed only with DNSSEC=yes (and all failures included DVE- notices in journal). people.com.cn search.yahoo.com news.yahoo.com (oddly engadget wasn't on the list.. There may be a difference between netword/network-manager?) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796501 Title: systemd-resolved tries to mitigate DVE-2018-0001 even if DNSSEC=yes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796501/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs