Bug#959996: src:systemd: d/rules disables resolved DNSSEC on "stable Debian", but checks for stretch
Michael Biebl
biebl at debian.org
Fri May 8 11:09:39 BST 2020
Am 08.05.20 um 06:12 schrieb наб:
> Package: src:systemd
> Version: 245.5-2
> Severity: normal
>
> Dear Maintainer,
>
> Around line 88, d/rules says this (also present on Salsa @ b9498a5):
>
> -- >8 --
> # resolved's DNSSEC support is still not mature enough, don't enable it by
> # default on stable Debian or any Ubuntu releases
> CONFFLAGS += $(shell grep -qE 'stretch|ubuntu' /etc/os-release && echo -Ddefault-dnssec=no)
> -- >8 --
>
> I don't know if DNSSEC support matured and this isn't needed anymore
> anyway, but going by the comment this was probably overlooked
> at some point; but now I looked at it, and here we are.
Both Fedora and Ubuntu apparently disable DNSSEC by default, as it still
produces too many issues when used in the wild.
In Debian, we did not disable DNSSEC as resolved is not enabled by
default and we thought someone willing to enable resolved is probably
more likely able to deal with issues resulting from DNSSEC.
That said, I'm fine with disabling DNSSEC unconditionally for Debian as
well. This would mean one less small divergence from the Ubuntu package.
Does anyone feel strongly about keeping DNSSEC enabled by default?
Thoughts?
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20200508/7efe6f69/attachment-0001.sig>
More information about the Pkg-systemd-maintainers
mailing list