I guess we should consider adding a custom drop-in config inside the strongswan
host-to-host containers, disabling DNSSEC, e.g.:
"""
[Resolve]
DNSSEC=no
"""
This would unblock the systemd migration.
Longer term, we should consider improvements to the LXD dnsmasq
configuration. Either having it properly sign its authoritative domains
properly, using DNSSEC, or disabling DNSSEC completely, so make the
"allow-downgrade" fallback kick in.
** Also affects: lxd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2119652
Title:
systemd-resolved-dnssec breaks name resolution on lxd domain
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2119652/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
