Setting in manpage of resolved.conf does not apply
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| systemd (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Bug Description
Hi,
it looks like there is an error in the manpage of resolved.conf.
Ubuntu 20.04.1 LTS
systemd 245.4-4ubuntu3.2
The manpage of resolved.conf says:
DNSSEC=
...
Defaults to "allow-downgrade"
So when I leave the resolved.conf un-edited, the value is
[Resolve]
...
#DNSSEC=no
...
so the default "allow-downgrade" should apply.
But instead DNSSEC is not used at all.
dig sshfp dnsprivacy.org +dnssec
; <<>> DiG 9.16.1-Ubuntu <<>> sshfp dnsprivacy.org +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24171
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
When I set the value hard-coded to "allow-downgrade"
[Resolve]
...
DNSSEC=
...
the ad flag is shown.
dig sshfp dnsprivacy.org +dnssec
; <<>> DiG 9.16.1-Ubuntu <<>> sshfp dnsprivacy.org +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41701
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
Best regards
Daniel
| Dan Streetman (ddstreet) wrote | #1 |
| Changed in systemd (Ubuntu): | |
| importance: | Undecided → Low |
| Daniel von Obernitz (itzonban) wrote | #2 |
| Changed in systemd (Ubuntu): | |
| status: | New → Fix Released |
opened Debian MR
https:/