systemd-resolved fails to use non-dnssec caches

Bug #1676973 reported by Bruce Duncan
This bug report is a duplicate of:  Bug #1682499: Disable DNSSEC by default. Edit Remove
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

Upgraded to Kubuntu 17.10 beta 2 today.

On logging in I was unable to connect to any network services. I discovered that any DNS lookups returned SERVFAIL. It seems the caches being used in my university don't support DNSSEC yet and, despite the systemd-resolved man page saying that DNSSEC=allow-downgrade (the default) will allow me to use caches which don't support DNSSEC, I had to explicitly specify DNSSEC=off and restart systemd-resolved.

I can reproduce the bug trivially by changing the /etc/systemd/resolved.conf DNSSEC= setting back to the default and trying a DNS lookup.

:) bduncan@fry:~$ apt-cache policy systemd
  Installed: 232-19
  Candidate: 232-19
  Version table:
 *** 232-19 500
        500 zesty/main amd64 Packages
        100 /var/lib/dpkg/status
:) bduncan@fry:~$ lsb_release -rd
Description: Ubuntu Zesty Zapus (development branch)
Release: 17.04

Hope this helps,

Bruce Duncan (bwduncan)
no longer affects: libreoffice (Ubuntu)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.