[systemd-devel] systemd-resolved : How to change permanently to 127.0.0.54
Kevin P. Fleming
lists.systemd-devel at kevin.km6g.us
Mon Dec 23 14:00:58 UTC 2024
On Mon, Dec 23, 2024, at 08:37, Laura Smith wrote:
> Sent with Proton Mail secure email.
>
> On Monday, 23 December 2024 at 12:23, Adam Nielsen
> <a.nielsen at shikadi.net> wrote:
>
>> But what's the underlying issue? Maybe there's a different fix?
>
> Its been a while so I can't remember the exact details, but I know its
> to do with Postfix.
>
> Postfix creates a copy (not symlink) of /etc/resolv.conf in its
> /var/spool/postfix jail.
>
> If the jail file contains 127.0.0.53 email is broken. If changed to
> 127.0.0.54 email works.
>
> As I said, its been a long time, but IIRC the underlying reason is
> something to do with DNNSEC validation and systemd-resolved breaks it
> with the 127.0.0.53 proxy.
It's probably DANE validation failing when systemd-resolved doesn't handle DNSSEC in the way that Postfix expects.
The simplest fix is to set "DNSSEC=no" in /etc/systemd/resolved.conf.
More information about the systemd-devel
mailing list