[systemd-devel] negative trust anchors not working with non TLD domain names
Lennart Poettering
lennart at poettering.net
Fri Apr 21 09:04:57 UTC 2017
On Thu, 20.04.17 17:10, Sean Dague (sean at dague.net) wrote:
> On 04/20/2017 07:05 AM, Lennart Poettering wrote:
> > On Wed, 19.04.17 07:12, Sean Dague (sean at dague.net) wrote:
> >
> >> I just upgraded to Ubuntu 17.04 (systemd 232) where systemd-resolved is
> >> turned on by default, which means DNSSEC validation on by default.
> >
> > The DNSSEC code got substantially updated in 233. Any chance you can
> > retest with something more current?
> >
> > Lennart
>
> I rebuilt systemd 233 out of debian experimental on a VM, and after
> installing that in a fresh 17.04 environment, the local lookup case
> seems to be working fine. I'll go report that to the distro. Are there
> specific patches that they should be looking at here to fix this
> behavior, or is it extensive enough that the answer is just that it's
> going to need a full version bump?
There are a variety of resolved/DNSSEC fixes in the new release, hence
yes, I'd suggest to update the full thing.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list