** Description changed: I'm running Ubuntu 19.10 I'm on latest version available from repositories, systemd 242 I'm expecting upstream DNS server capabilities being detected correctly and DNSSEC to keep working. Alternatively I'd expect a method of disabling capability checks instead of DNSSEC. Currently instead resolved misdetect features suddenly, stops resolving all together (fails closed, which is somewhat good). Capability reset is a very temporary fix. + + A suggested fix could be (ordered based on how nice of a solution it + is): + + a. The capability detection is fixed + (https://github.com/systemd/systemd/issues/9384) + + b. Force-disabling capability detection exists + (https://github.com/systemd/systemd/issues/14435) + + c. Patch Ubuntu version not to allow such a foot gun, update + documentation + + d. Remove DNSSEC from resolved
** Description changed: I'm running Ubuntu 19.10 I'm on latest version available from repositories, systemd 242 I'm expecting upstream DNS server capabilities being detected correctly and DNSSEC to keep working. Alternatively I'd expect a method of disabling capability checks instead of DNSSEC. Currently instead resolved misdetect features suddenly, stops resolving all together (fails closed, which is somewhat good). Capability reset is a very temporary fix. A suggested fix could be (ordered based on how nice of a solution it is): a. The capability detection is fixed (https://github.com/systemd/systemd/issues/9384) - b. Force-disabling capability detection exists - (https://github.com/systemd/systemd/issues/14435) + b. Force-disabling capability detection exists (this is what I also + requested here: https://github.com/systemd/systemd/issues/14435) c. Patch Ubuntu version not to allow such a foot gun, update - documentation + documentation (this is theoretically what Ubuntu could do meanwhile) d. Remove DNSSEC from resolved -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1857639 Title: DNS server capability detection is broken and has critical consequences when DNSSEC is enabled To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1857639/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
