DNSSEC exceptions must be made by the client/resolver requesting the validation. We cannot configure LXD's DNS server such that DNSSEC- enabled clients like systemd-resolved will start accepting it's unsigned records as "validated".
The dnsmasq and bind9 options you specify above, IIUC, refer to queries made *by* dnsmasq and bind9 themselves when requesting DNSSEC validation from upstream servers. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2119652 Title: systemd-resolved-dnssec breaks name resolution on lxd domain To manage notifications about this bug go to: https://bugs.launchpad.net/lxd/+bug/2119652/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
