[systemd-devel] resolved: does DNSSEC=allow-downgrade affect caching?
Ran Benita
ran234 at gmail.com
Wed Apr 13 13:43:27 UTC 2016
On Wed, Apr 13, 2016 at 01:04:17PM +0000, Zbigniew Jędrzejewski-Szmek wrote:
> On Wed, Apr 13, 2016 at 02:26:49PM +0300, Ran Benita wrote:
> > coredumpctl doesn't show the crash so can't say what it's about. Maybe
> > it's a distro problem (archlinux) or it's fixed in git.
>
> It's probably the bug that was fixed in https://github.com/systemd/systemd/pull/2702.
Thanks.
BTW, this brings up this thought: say I'm a system administrator and I
set DNSSEC=yes, and rely on it to fail any unauthenticated lookups. If
resolved crashes for some reason, the nss module will just start using
the fallback, which probably doesn't fail unauthenticated lookups. So
it's fail-open, IIUC. Maybe the nss module should look at the DNSSEC=
setting?
Ran
More information about the systemd-devel
mailing list