[systemd-devel] negative trust anchors not working with non TLD domain names

Sean Dague sean at dague.net
Thu Apr 20 21:10:32 UTC 2017


On 04/20/2017 07:05 AM, Lennart Poettering wrote:
> On Wed, 19.04.17 07:12, Sean Dague (sean at dague.net) wrote:
> 
>> I just upgraded to Ubuntu 17.04 (systemd 232) where systemd-resolved is
>> turned on by default, which means DNSSEC validation on by default.
> 
> The DNSSEC code got substantially updated in 233. Any chance you can
> retest with something more current?
> 
> Lennart

I rebuilt systemd 233 out of debian experimental on a VM, and after
installing that in a fresh 17.04 environment, the local lookup case
seems to be working fine. I'll go report that to the distro. Are there
specific patches that they should be looking at here to fix this
behavior, or is it extensive enough that the answer is just that it's
going to need a full version bump?

	-Sean

-- 
Sean Dague
http://dague.net


More information about the systemd-devel mailing list