Removing the systemd-resolved package breaks DNSSEC validation
Bug #2056153 reported by
Dominic
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd (Ubuntu) |
Confirmed
|
Low
|
Unassigned |
Bug Description
Removing the systemd-resolved package breaks glibc DNSSEC validation, because it removes an existing line from the new /etc/resolv.conf file.
This line should be retained so that packages like Exim can continue to use the AD bit after systemd-resolved is removed.
ubuntu@instance:~$ grep -v '^#' /etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search vcn.oraclevcn.com
ubuntu@instance:~$ sudo apt remove systemd-resolved
ubuntu@instance:~$ grep -v '^#' /etc/resolv.conf
nameserver 169.254.169.254
search vcn.oraclevcn.com
To post a comment you must log in.
Yeah, this looks like a bug. The systemd- resolved. postrm is copying /run/systemd/ resolve/ resolv. conf to /etc/resolv.conf, rather then copying /run/systemd/ resolve/ stub-resolv. conf (which is where /etc/resolv.conf is symlinked to prior to removal).