[systemd-devel] resolved and dnssec

Ellis contact at xogium.me
Wed May 15 08:28:52 UTC 2019

I have the following setup:

* home made router that I configured all on my own including 
compilation, running dnsmasq to provide everything from dhcp to slaac 
and dns.
* said dnsmasq has no dnssec support. It is neither compiled in the 
binary nor set up in the dnsmasq.conf file.
* systemd-resolved runs on my laptop connected to the router, and 
believes dnssec to be supported while it is not supported at all, 
leading to random and very annoying dnssec failures.
* if I disable resolved and create a manual /etc/resolved.conf, I have 
no such problems, which would tend to show that resolved wrongly thinks 
dnssec is supported.

The only workaround I've found is to intentionally add 'DNSSEC=false' to 
my .network files and also on new installation because timesyncd will 
silently fail syncing time with the dnssec failures. How can I debug 
this further ?

More information about the systemd-devel mailing list