Unfortunately the DNS interface of current systemd-resolved strips DNSSEC, so applications that do DANE validation still have to target the upstreams directly. I have filed a bug about this: https://github.com/systemd/systemd/issues/4621
Unfortunately the DNS interface of current systemd-resolved strips DNSSEC, so applications that do DANE validation still have to target the upstreams directly. /github. com/systemd/ systemd/ issues/ 4621
I have filed a bug about this: https:/