Bug#1017128: systemd: systemd-resolved split breaks existing setup

Luca Boccassi bluca at debian.org
Tue Aug 16 21:55:28 BST 2022


Control: severity -1 wishlist
Control: tags -1 wontfix

On Mon, 15 Aug 2022 06:15:01 +0000 andu232 <andu232 at proton.me> wrote:
> On Sunday, August 14th, 2022 at 8:50 PM, Michael Biebl
biebl at debian.org wrote:
> 
> > How does this setup look like? Appears quite exotic so it helps if
you
> > could explain it in more details how your system is configured.
> 
> Before explaining how does it look like, I think it would be better
to
> make clear the reason for having another resolver.
> 
> DNS over TLS and DNSSEC can be a good friend to someone who wants
enhances
> privacy and security, and always use DoT first, only falling back on
failure
> should be an ideal option, that systemd-resolved is not adequate for.
> 
> If one would like to have DoT, DNSSEC, and fallback works with
systemd-resolved,
> he might want to append DoT upstreams to systemd-resolved with DHCP
DNS
> untouched, then switch on DNSSEC. Unfortunately, this won't work as
expected,
> the reasons are listed below.

Sorry, but such an exotic setup is really not something we want to
support. The idea is to have a simple, robust and trivial setup, and
the current approach provides that. If there are missing features in
resolved, I recommend to provide PRs to implement them, or simply stick
to whatever alternative works for you.

-- 
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20220816/664c681a/attachment.sig>


More information about the Pkg-systemd-maintainers mailing list