| 2020-09-13 01:29:15 |
Cameron Steel |
bug |
|
|
added bug |
| 2020-09-17 14:39:27 |
Dan Streetman |
nominated for series |
|
Ubuntu Focal |
|
| 2020-09-17 14:39:27 |
Dan Streetman |
bug task added |
|
systemd (Ubuntu Focal) |
|
| 2020-09-17 14:39:27 |
Dan Streetman |
nominated for series |
|
Ubuntu Groovy |
|
| 2020-09-17 14:39:27 |
Dan Streetman |
bug task added |
|
systemd (Ubuntu Groovy) |
|
| 2020-09-17 15:01:53 |
Dan Streetman |
bug |
|
|
added subscriber Dan Streetman |
| 2020-09-17 20:53:32 |
Dan Streetman |
systemd (Ubuntu Groovy): status |
New |
Fix Committed |
|
| 2020-09-17 21:13:31 |
Dan Streetman |
systemd (Ubuntu Focal): assignee |
|
Dan Streetman (ddstreet) |
|
| 2020-09-17 21:13:33 |
Dan Streetman |
systemd (Ubuntu Focal): importance |
Undecided |
Low |
|
| 2020-09-17 21:13:36 |
Dan Streetman |
systemd (Ubuntu Focal): status |
New |
In Progress |
|
| 2020-09-23 19:18:43 |
Dan Streetman |
description |
Back in December, the default for systemd-resolved caching in Ubuntu systemd was changed to "no-negative" from the upstream default "yes" [0]
In this change, the default value in the resolved.conf file was missed. As the defaults in this file are commented, the effective default is still "no-negative", however when viewing the config file, the commented default "yes" is at odds with the man page resolved.conf(5), which correctly states the default as "no-negative".
This was an issue for me as I set DNSSEC to "yes", and expected Caching to also be "yes". Running DNSSEC with the default "no-negative" Caching is detrimental to performance resolving unsigned zones, as the non-existence of DNSSEC RRs must be looked up every time.
The issue with the intersection of DNSSEC and Caching is for upstream, but the least that needs to be done here is updating the resolved.conf template with "Caching=no-negative" to match the man page and behaviour, and perhaps even adding a note to the "DNSSEC=" section of resolved.conf(5) that Caching should be enabled. Now that I'm looking at that man page, the default for DNSSEC is also listed as "allow-downgrade", whereas the default for Ubuntu is "no".
[0] https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b42658843a9496d6b6bb68ac159f2a9f0a8ba9db&h=ubuntu-focal |
[impact]
/etc/systemd/resolved.conf file indicates the default value for 'Cache=' is 'yes', but the actual default is 'no-negative'
[test case]
$ grep Cache /etc/systemd/resolved.conf
#Cache=yes
[regression potential]
any regression would likely result in a mismatch between the commented default value of the Cache parameter and the actual build-time default value, or possibly a problem while systemd-resolved is parsing the resolved.conf file.
[scope]
this is needed only in focal.
this was changed already in groovy as indicated in comment 1.
bionic and earlier still use 'yes' as the default value of Cache=, which matches the resolved.conf file.
[original description]
Back in December, the default for systemd-resolved caching in Ubuntu systemd was changed to "no-negative" from the upstream default "yes" [0]
In this change, the default value in the resolved.conf file was missed. As the defaults in this file are commented, the effective default is still "no-negative", however when viewing the config file, the commented default "yes" is at odds with the man page resolved.conf(5), which correctly states the default as "no-negative".
This was an issue for me as I set DNSSEC to "yes", and expected Caching to also be "yes". Running DNSSEC with the default "no-negative" Caching is detrimental to performance resolving unsigned zones, as the non-existence of DNSSEC RRs must be looked up every time.
The issue with the intersection of DNSSEC and Caching is for upstream, but the least that needs to be done here is updating the resolved.conf template with "Caching=no-negative" to match the man page and behaviour, and perhaps even adding a note to the "DNSSEC=" section of resolved.conf(5) that Caching should be enabled. Now that I'm looking at that man page, the default for DNSSEC is also listed as "allow-downgrade", whereas the default for Ubuntu is "no".
[0] https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b42658843a9496d6b6bb68ac159f2a9f0a8ba9db&h=ubuntu-focal |
|
| 2020-09-28 21:49:16 |
Launchpad Janitor |
systemd (Ubuntu Groovy): status |
Fix Committed |
Fix Released |
|
| 2020-10-27 17:06:57 |
Brian Murray |
description |
[impact]
/etc/systemd/resolved.conf file indicates the default value for 'Cache=' is 'yes', but the actual default is 'no-negative'
[test case]
$ grep Cache /etc/systemd/resolved.conf
#Cache=yes
[regression potential]
any regression would likely result in a mismatch between the commented default value of the Cache parameter and the actual build-time default value, or possibly a problem while systemd-resolved is parsing the resolved.conf file.
[scope]
this is needed only in focal.
this was changed already in groovy as indicated in comment 1.
bionic and earlier still use 'yes' as the default value of Cache=, which matches the resolved.conf file.
[original description]
Back in December, the default for systemd-resolved caching in Ubuntu systemd was changed to "no-negative" from the upstream default "yes" [0]
In this change, the default value in the resolved.conf file was missed. As the defaults in this file are commented, the effective default is still "no-negative", however when viewing the config file, the commented default "yes" is at odds with the man page resolved.conf(5), which correctly states the default as "no-negative".
This was an issue for me as I set DNSSEC to "yes", and expected Caching to also be "yes". Running DNSSEC with the default "no-negative" Caching is detrimental to performance resolving unsigned zones, as the non-existence of DNSSEC RRs must be looked up every time.
The issue with the intersection of DNSSEC and Caching is for upstream, but the least that needs to be done here is updating the resolved.conf template with "Caching=no-negative" to match the man page and behaviour, and perhaps even adding a note to the "DNSSEC=" section of resolved.conf(5) that Caching should be enabled. Now that I'm looking at that man page, the default for DNSSEC is also listed as "allow-downgrade", whereas the default for Ubuntu is "no".
[0] https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b42658843a9496d6b6bb68ac159f2a9f0a8ba9db&h=ubuntu-focal |
[impact]
/etc/systemd/resolved.conf file indicates the default value for 'Cache=' is 'yes', but the actual default is 'no-negative'
[test case]
$ grep Cache /etc/systemd/resolved.conf
#Cache=yes
With the version of the package from -proposed it'll be "#Cache=no-negative".
[regression potential]
any regression would likely result in a mismatch between the commented default value of the Cache parameter and the actual build-time default value, or possibly a problem while systemd-resolved is parsing the resolved.conf file.
[scope]
this is needed only in focal.
this was changed already in groovy as indicated in comment 1.
bionic and earlier still use 'yes' as the default value of Cache=, which matches the resolved.conf file.
[original description]
Back in December, the default for systemd-resolved caching in Ubuntu systemd was changed to "no-negative" from the upstream default "yes" [0]
In this change, the default value in the resolved.conf file was missed. As the defaults in this file are commented, the effective default is still "no-negative", however when viewing the config file, the commented default "yes" is at odds with the man page resolved.conf(5), which correctly states the default as "no-negative".
This was an issue for me as I set DNSSEC to "yes", and expected Caching to also be "yes". Running DNSSEC with the default "no-negative" Caching is detrimental to performance resolving unsigned zones, as the non-existence of DNSSEC RRs must be looked up every time.
The issue with the intersection of DNSSEC and Caching is for upstream, but the least that needs to be done here is updating the resolved.conf template with "Caching=no-negative" to match the man page and behaviour, and perhaps even adding a note to the "DNSSEC=" section of resolved.conf(5) that Caching should be enabled. Now that I'm looking at that man page, the default for DNSSEC is also listed as "allow-downgrade", whereas the default for Ubuntu is "no".
[0] https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b42658843a9496d6b6bb68ac159f2a9f0a8ba9db&h=ubuntu-focal |
|
| 2020-10-27 17:16:56 |
Brian Murray |
systemd (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2020-10-27 17:16:58 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2020-10-27 17:17:01 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2020-10-27 17:17:05 |
Brian Murray |
tags |
|
verification-needed verification-needed-focal |
|
| 2020-10-28 00:51:03 |
Cameron Steel |
tags |
verification-needed verification-needed-focal |
verification-done-focal verification-needed |
|
| 2020-11-03 23:36:42 |
Chris Halse Rogers |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2020-11-03 23:38:39 |
Launchpad Janitor |
systemd (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
