> What makes you say it's "correct" in this case? Are you testing with a dnsmasq server that doesn't know about DNSSEC? As we have already discussed, "unsigned records" != "lacks DNSSEC support".
Right, sd-resolved seems to query for the DO flag (= DNSSEC OK) from the EDNS0 protocol extension and is then falling back to legacy UDP, without DNSSEC support. – I still need to dig deeper how this detection is working in detail. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2119652 Title: systemd-resolved-dnssec breaks name resolution on lxd domain To manage notifications about this bug go to: https://bugs.launchpad.net/lxd/+bug/2119652/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
