systemd

systemd-resolved fails to use non-dnssec caches

Bug #1676973 reported by Bruce Duncan on 2017-03-28

This bug report is a duplicate of: Bug #1682499: Disable DNSSEC by default. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	systemd	New	Undecided	Unassigned

Bug Description

Upgraded to Kubuntu 17.10 beta 2 today.

On logging in I was unable to connect to any network services. I discovered that any DNS lookups returned SERVFAIL. It seems the caches being used in my university don't support DNSSEC yet and, despite the systemd-resolved man page saying that DNSSEC=allow-downgrade (the default) will allow me to use caches which don't support DNSSEC, I had to explicitly specify DNSSEC=off and restart systemd-resolved.

I can reproduce the bug trivially by changing the /etc/systemd/resolved.conf DNSSEC= setting back to the default and trying a DNS lookup.

:) bduncan@fry:~$ apt-cache policy systemd
systemd:
  Installed: 232-19
  Candidate: 232-19
  Version table:
*** 232-19 500
        500 http://gb.archive.ubuntu.com/ubuntu zesty/main amd64 Packages
        100 /var/lib/dpkg/status
:) bduncan@fry:~$ lsb_release -rd
Description: Ubuntu Zesty Zapus (development branch)
Release: 17.04

Hope this helps,
Bruce

Bruce Duncan (bwduncan) on 2017-04-03

no longer affects:

libreoffice (Ubuntu)

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1682499 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.