Activity log for bug #1628778

Date Who What changed Old value New value Message
2016-09-29 06:06:44 Anders Kaseorg bug added bug
2016-09-29 06:20:50 Anders Kaseorg description On the MIT network (which runs some ancient version of BIND 9), systemd-resolved stops resolving anything that isn’t DNSSEC-signed after I disconnect and reconnect the network. Signed zones continue to resolve. This happens with either DNSSEC=yes or the default DNSSEC=allow-downgrade. $ systemd-resolve github.com github.com: 192.30.253.113 -- Information acquired via protocol DNS in 15.6ms. -- Data is authenticated: no $ # (disconnect and reconnect wifi) $ systemd-resolve github.com github.com: resolve call failed: DNSSEC validation failed: no-signature More debug information is available in my upstream report (https://github.com/systemd/systemd/issues/4175), which has gotten no response in the last week and a half. I’m refiling this here because I believe that this regression and others (bug 1588230, bug 1624071, bug 1624317, bug 1449001) indicate that systemd-resolved is not ready for production, and with final freeze just a week away, leaving systemd-resolved enabled for the yakkety release would be reckless. On the MIT network (which runs some ancient version of BIND 9), systemd-resolved stops resolving anything that isn’t DNSSEC-signed after I disconnect and reconnect the network. Signed zones continue to resolve. This happens with either DNSSEC=yes or the default DNSSEC=allow-downgrade. $ systemd-resolve github.com github.com: 192.30.253.113 -- Information acquired via protocol DNS in 15.6ms. -- Data is authenticated: no $ # (disconnect and reconnect wifi) $ systemd-resolve github.com github.com: resolve call failed: DNSSEC validation failed: no-signature More debug information is available in my upstream report (https://github.com/systemd/systemd/issues/4175), which has gotten no response in the last week and a half. I’m refiling this here because I believe that this regression and others (bug 1588230, bug 1624071, bug 1624317, bug 1449001) indicate that systemd-resolved is not ready for production, and with final freeze just a week away, leaving systemd-resolved enabled for the yakkety release would be reckless. [Edit: Oh, I see that conclusion was already reached yesterday.]
2016-09-29 06:21:23 Anders Kaseorg tags regression-release yakkety yakkety
2016-10-06 05:59:43 Martin Pitt bug watch added https://github.com/systemd/systemd/issues/4175
2016-10-06 05:59:43 Martin Pitt bug task added systemd
2016-10-06 06:00:42 Martin Pitt systemd (Ubuntu): importance Undecided Medium
2016-12-07 10:00:42 Martin Pitt tags yakkety dnssec resolved yakkety
2017-02-10 00:58:07 Launchpad Janitor systemd (Ubuntu): status New Confirmed
2019-05-17 05:15:12 Bug Watch Updater systemd: status Unknown New