openssh relies on RRSIG records to verify the remote key using DNSSEC and SSHFP resource records. See VerifyHostKeyDNS under ssh_config. systemd-resolve breaks this.
Here is a detailed blog article that covers the issue in depth:
https://moss.sh/name-resolution-issue-systemd-resolved/
openssh relies on RRSIG records to verify the remote key using DNSSEC and SSHFP resource records. See VerifyHostKeyDNS under ssh_config. systemd-resolve breaks this.
Here is a detailed blog article that covers the issue in depth:
https:/ /moss.sh/ name-resolution -issue- systemd- resolved/