Comment 13 for bug 1682499

Greetings, everyone.

I'm on Ubuntu GNOME 17.04

I see that DNSSEC is now off by default, however, in my log, I would see something like:
  4 May 2 23:29:31 lavender systemd-resolved[1129]: Grace period over, resuming full feature set (UDP+EDNS0+DO+LARGE) for DNS server 10.2.5.7.
  5 May 2 23:29:31 lavender systemd-resolved[1129]: Using degraded feature set (UDP) for DNS server 10.2.5.7.

And during that, it seems the systemd-resolved would act just like DNSSEC enabled, and Web would fail some time like before.

I don't quite get what is going on. I have dnsmasq run in my network to provide DNS cache, it's the 10.2.5.7 . My upstream server do not support DNSSEC, so the validation would fail certainly.

What I observed is during this feature set test, dnsmasq cache would receive TCP connection from Ubuntu GNOME 17.04 . And take some time, the test fail.

I know this feature test would fail, as I know the upstream server do not support DNSSEC. I don't know what is EDNS0 or LARGE. But the problem here is that even DNSSEC is now off by default, this feature set test would still do the "DO" test, which stands for DNSSEC OK. It would surely fail, and it can not be turned off via configuration, and it would cut the Web for some time.

There is a patch for this: https://github.com/systemd/systemd/issues/5352

Is it possible to cherry pick it please ?