Bug#1069994: systemd-resolved: resolvectl dnssec failed for unsigned domains
Adrien CLERC
bugs-debian at antipoul.fr
Sun Apr 28 10:53:17 BST 2024
Package: systemd-resolved
Version: 255.5-1
Severity: important
Dear Maintainer,
Since 255.5-1, resolvectl produces the following:
❯ resolvectl query --validate=yes www.youtube.com
www.youtube.com: resolve call failed: DNSSEC validation failed: no-signature
The domain is unsigned. It worked in 255.4-1+b1, but I'm unable to rollback,
since it depends on libsystemd which makes a lot of package unhappy with
dependencies.
Did I miss something?
In the meantime, I'll use "DNSSEC=no", but that's not a definitive answer.
Have a nice day,
Adrien
-- System Information:
Debian Release: trixie/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.7.12-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages systemd-resolved depends on:
ii dbus [default-dbus-system-bus] 1.14.10-4+b1
ii libc6 2.37-18
ii libssl3t64 3.2.1-3
ii libsystemd-shared 255.5-1
ii systemd 255.5-1
Versions of packages systemd-resolved recommends:
pn libnss-myhostname <none>
ii libnss-resolve 255.5-1
Versions of packages systemd-resolved suggests:
ii polkitd 124-2
-- Configuration Files:
/etc/systemd/resolved.conf changed:
[Resolve]
Domains=home.antipoul.fr
DNSSEC=no
-- no debconf information
More information about the Pkg-systemd-maintainers
mailing list