Setting in manpage of resolved.conf does not apply

Bug #1895528 reported by Daniel von Obernitz on 2020-09-14
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Undecided
Unassigned

Bug Description

Hi,

it looks like there is an error in the manpage of resolved.conf.

Ubuntu 20.04.1 LTS

systemd 245.4-4ubuntu3.2

The manpage of resolved.conf says:

DNSSEC=
   ...
   Defaults to "allow-downgrade"

So when I leave the resolved.conf un-edited, the value is

[Resolve]
...
#DNSSEC=no
...

so the default "allow-downgrade" should apply.

But instead DNSSEC is not used at all.

dig sshfp dnsprivacy.org +dnssec

; <<>> DiG 9.16.1-Ubuntu <<>> sshfp dnsprivacy.org +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24171
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

When I set the value hard-coded to "allow-downgrade"

[Resolve]
...
DNSSEC=allow-downgrade
...

the ad flag is shown.

dig sshfp dnsprivacy.org +dnssec

; <<>> DiG 9.16.1-Ubuntu <<>> sshfp dnsprivacy.org +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41701
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

Best regards
Daniel

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers