Bug#1033192: Acknowledgement (systemd-resolved - stub resolver does not provide AD by default)
Michael Biebl
biebl at debian.org
Tue Aug 22 10:04:22 BST 2023
Am 19.03.23 um 12:53 schrieb Bastian Blank:
> Upstream changed the default for the DNSSEC option to "allow-downgrade"
> and that is whats everywhere is documented. Debian overrides it to
> "no".
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959996
Both, Ubuntu and Fedora, which use resolved more extensively, have
disabled DNSSEC by default, since it caused too many issues.
If the situation has significantly nowadays, I can't tell, but it would
probably be a good idea to get input from those downstreams.
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20230822/ab2b4bc3/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list