This particular issue is now closed. Please open a new bug report
requesting a cherrypick.
We really should not use one bug report for all the past and future defects
:-)
We need a new bug number for SRU tracking purposes.
Regards,
Dimitri.
On 2 May 2017 5:01 pm, "allfox_wy" <email address hidden> wrote:
Greetings, everyone.
I'm on Ubuntu GNOME 17.04
I see that DNSSEC is now off by default, however, in my log, I would see
something like:
4 May 2 23:29:31 lavender systemd-resolved[1129]: Grace period over,
resuming full feature set (UDP+EDNS0+DO+LARGE) for DNS server 10.2.5.7.
5 May 2 23:29:31 lavender systemd-resolved[1129]: Using degraded feature
set (UDP) for DNS server 10.2.5.7.
And during that, it seems the systemd-resolved would act just like
DNSSEC enabled, and Web would fail some time like before.
I don't quite get what is going on. I have dnsmasq run in my network to
provide DNS cache, it's the 10.2.5.7 . My upstream server do not
support DNSSEC, so the validation would fail certainly.
What I observed is during this feature set test, dnsmasq cache would
receive TCP connection from Ubuntu GNOME 17.04 . And take some time, the
test fail.
I know this feature test would fail, as I know the upstream server do
not support DNSSEC. I don't know what is EDNS0 or LARGE. But the problem
here is that even DNSSEC is now off by default, this feature set test
would still do the "DO" test, which stands for DNSSEC OK. It would
surely fail, and it can not be turned off via configuration, and it
would cut the Web for some time.
This particular issue is now closed. Please open a new bug report
requesting a cherrypick.
We really should not use one bug report for all the past and future defects
:-)
We need a new bug number for SRU tracking purposes.
Regards,
Dimitri.
On 2 May 2017 5:01 pm, "allfox_wy" <email address hidden> wrote:
Greetings, everyone.
I'm on Ubuntu GNOME 17.04
I see that DNSSEC is now off by default, however, in my log, I would see resolved[ 1129]: Grace period over, DO+LARGE) for DNS server 10.2.5.7. resolved[ 1129]: Using degraded feature
something like:
4 May 2 23:29:31 lavender systemd-
resuming full feature set (UDP+EDNS0+
5 May 2 23:29:31 lavender systemd-
set (UDP) for DNS server 10.2.5.7.
And during that, it seems the systemd-resolved would act just like
DNSSEC enabled, and Web would fail some time like before.
I don't quite get what is going on. I have dnsmasq run in my network to
provide DNS cache, it's the 10.2.5.7 . My upstream server do not
support DNSSEC, so the validation would fail certainly.
What I observed is during this feature set test, dnsmasq cache would
receive TCP connection from Ubuntu GNOME 17.04 . And take some time, the
test fail.
I know this feature test would fail, as I know the upstream server do
not support DNSSEC. I don't know what is EDNS0 or LARGE. But the problem
here is that even DNSSEC is now off by default, this feature set test
would still do the "DO" test, which stands for DNSSEC OK. It would
surely fail, and it can not be turned off via configuration, and it
would cut the Web for some time.
There is a patch for this: /github. com/systemd/ systemd/ issues/ 5352
https:/
Is it possible to cherry pick it please ?
** Bug watch added: github. com/systemd/ systemd/ issues #5352 /github. com/systemd/ systemd/ issues/ 5352
https:/
-- /bugs.launchpad .net/bugs/ 1682499
You received this bug notification because you are subscribed to the bug
report.
https:/
Title:
disable dnssec
To manage notifications about this bug go to: /bugs.launchpad .net/ubuntu/ +source/ systemd/ +bug/ +subscriptions
https:/
1682499/