Ubuntu
systemd package

Removing the systemd-resolved package breaks DNSSEC validation

Bug #2056153 reported by Dominic
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

Removing the systemd-resolved package breaks glibc DNSSEC validation, because it removes an existing line from the new /etc/resolv.conf file.

This line should be retained so that packages like Exim can continue to use the AD bit after systemd-resolved is removed.

ubuntu@instance:~$ grep -v '^#' /etc/resolv.conf

nameserver 127.0.0.53
options edns0 trust-ad
search vcn.oraclevcn.com

ubuntu@instance:~$ sudo apt remove systemd-resolved

ubuntu@instance:~$ grep -v '^#' /etc/resolv.conf

nameserver 169.254.169.254
search vcn.oraclevcn.com

Revision history for this message
Nick Rosbrook (enr0n) wrote :

Yeah, this looks like a bug. The systemd-resolved.postrm is copying /run/systemd/resolve/resolv.conf to /etc/resolv.conf, rather then copying /run/systemd/resolve/stub-resolv.conf (which is where /etc/resolv.conf is symlinked to prior to removal).

Changed in systemd (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Revision history for this message
Nick Rosbrook (enr0n) wrote :

Or, actually, not exactly. We don't want the stub-resolv.conf since systemd-resolved is leaving, but we probably do want the options.

Revision history for this message
Dominic (triatic) wrote :

This bug continues into Noble. I continue to add "options edns0 trust-ad" to /etc/resolv.conf after removing systemd-resolved, but it would be nice not having to do so.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.