DANE, Ubuntu 18.04 LTS, and systemd-resolved?

lst_hoe02 at kwsoft.de lst_hoe02 at kwsoft.de
Mon May 14 11:15:24 UTC 2018

Zitat von Alexander Traud via Unbound-users <unbound-users at unbound.net>:

> In my very own app, I followed the tutorial, part 6 for LibUnbound
> <https://www.unbound.net/documentation/libunbound-tutorial-6.html>. For
> years, this worked fine. Since Ubuntu 17.04, all my queries return
> bogus. Please, could someone comment/answer the following question:
> <https://github.com/systemd/systemd/issues/4621#issuecomment-264701140>

I have installed some 18.04 lately and played around with DNSSEC  
(Laptop System). The "native" DNSSEC of systemd-resolved seems far  
from reliable working, most of the DNSSEC secured sites where failing  
behind some consumer grade DSL router if systemd-resolved is used  
without additional resolver. That said installing "unbound" from  
repository put the Unbound address in /etc/resolv.conf and  
fixed at least the browser lookups. To my understandig of the  
systemd-resolved workings this should also set (unbound) as  
globaly used DNS resolver for systemd-resolved, but that would not  
prevent systemd-resolved from using additionaly per interface DNS  
resolvers configured by DHCP, which might not be able to fix the  
DNSSEC part missing in systemd-resolved.



More information about the Unbound-users mailing list