DANE, Ubuntu 18.04 LTS, and systemd-resolved?
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Mon May 14 11:15:24 UTC 2018
Zitat von Alexander Traud via Unbound-users <unbound-users at unbound.net>:
> In my very own app, I followed the tutorial, part 6 for LibUnbound
> <https://www.unbound.net/documentation/libunbound-tutorial-6.html>. For
> years, this worked fine. Since Ubuntu 17.04, all my queries return
> bogus. Please, could someone comment/answer the following question:
> <https://github.com/systemd/systemd/issues/4621#issuecomment-264701140>
I have installed some 18.04 lately and played around with DNSSEC
(Laptop System). The "native" DNSSEC of systemd-resolved seems far
from reliable working, most of the DNSSEC secured sites where failing
behind some consumer grade DSL router if systemd-resolved is used
without additional resolver. That said installing "unbound" from
repository put the Unbound 127.0.0.1 address in /etc/resolv.conf and
fixed at least the browser lookups. To my understandig of the
systemd-resolved workings this should also set 127.0.0.1 (unbound) as
globaly used DNS resolver for systemd-resolved, but that would not
prevent systemd-resolved from using additionaly per interface DNS
resolvers configured by DHCP, which might not be able to fix the
DNSSEC part missing in systemd-resolved.
Regards
Andi
More information about the Unbound-users
mailing list