[Dnssec-trigger] Problems on Ubuntu 16.04

Stephane Bortzmeyer bortzmeyer at nic.fr
Sun Jul 17 10:10:44 UTC 2016

I run the official Ubuntu package 0.13~svn685-4 on Ubuntu 16.04 LTS.

At startup, it fails to configure the resolver:

% dnssec-trigger-control status
at (no probe performed)
no cache: no DNS servers have been supplied via DHCP
state: auth secure

If, after logging in, I run reprobe, it works:

% dnssec-trigger-control reprobe

% dnssec-trigger-control status 
at 2016-07-17 11:53:43
authority OK 
no cache: no DNS servers have been supplied via DHCP
state: auth secure

I'm also puzzled by the message "no DNS servers have been supplied via
DHCP" (without dnssec-trigger, the network does give me resolvers)

Also, the icon does not show in the Unity panel. But the daemon runs:

stephane  1923  0.0  0.3 635268 25052 ?        Sl   11:53   0:00 /usr/bin/dnssec-trigger-panel

% lsb-info 
Ubuntu 16.04 (xenial)

% dpkg -s dnssec-trigger 
Package: dnssec-trigger
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 405
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Architecture: amd64
Version: 0.13~svn685-4
Depends: libc6 (>= 2.15), libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.31.8), libgtk2.0-0 (>= 2.18.0), libldns1 (>= 1.6.5), libssl1.0.0 (>= 1.0.0), init-system-helpers (>= 1.18~), python, python-gi, python-lockfile, gir1.2-networkmanager-1.0, unbound
Breaks: resolvconf
 /etc/NetworkManager/dispatcher.d/01-dnssec-trigger f5a1b1f0b18984659ed145f0b39564f0
 /etc/default/dnssec-triggerd 7b7de8d185ea3a37ae9f19c5561af18a
 /etc/dnssec-trigger/dnssec-trigger.conf 6e1df81a721bd50d2b882798d4a17fb5
 /etc/dnssec-trigger/dnssec.conf 725d746bd60cfe638a1c1ed5655d86f2
 /etc/init.d/dnssec-triggerd 60a1fd0d19b8bd148ce607f774b7df68
 /etc/xdg/autostart/dnssec-trigger-panel.desktop dfcb054de101b36ce113818b4516bbe9
Description: reconfiguration tool to make DNSSEC work
 Dnssec-trigger reconfigures the local unbound DNS server. This unbound
 DNS server performs DNSSEC validation, but dnssec-trigger will signal
 it to use the DHCP obtained forwarders if possible, and fallback to
 doing its own AUTH queries if that fails, and if that fails prompt the
 user via dnssec-trigger-applet the option to go with insecure DNS
Original-Maintainer: Ondřej Surý <ondrej at debian.org>
Homepage: http://www.nlnetlabs.nl/projects/dnssec-trigger/

More information about the dnssec-trigger mailing list