[systemd-devel] negative trust anchors not working with non TLD domain names

Lennart Poettering lennart at poettering.net
Fri Apr 21 09:04:57 UTC 2017


On Thu, 20.04.17 17:10, Sean Dague (sean at dague.net) wrote:

> On 04/20/2017 07:05 AM, Lennart Poettering wrote:
> > On Wed, 19.04.17 07:12, Sean Dague (sean at dague.net) wrote:
> > 
> >> I just upgraded to Ubuntu 17.04 (systemd 232) where systemd-resolved is
> >> turned on by default, which means DNSSEC validation on by default.
> > 
> > The DNSSEC code got substantially updated in 233. Any chance you can
> > retest with something more current?
> > 
> > Lennart
> 
> I rebuilt systemd 233 out of debian experimental on a VM, and after
> installing that in a fresh 17.04 environment, the local lookup case
> seems to be working fine. I'll go report that to the distro. Are there
> specific patches that they should be looking at here to fix this
> behavior, or is it extensive enough that the answer is just that it's
> going to need a full version bump?

There are a variety of resolved/DNSSEC fixes in the new release, hence
yes, I'd suggest to update the full thing.

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list