DANE, Ubuntu 18.04 LTS, and systemd-resolved?
Alexander Traud
pabstraud at compuserve.com
Wed May 16 08:07:04 UTC 2018
> installing "unbound" from repository put the Unbound 127.0.0.1 address
> in /etc/resolv.conf and fixed at least the browser lookups.
Yes, using Unbound instead is a good idea. Actually, that was my default
setup previously. However in Ubuntu 18.04 LTS, /etc/resolv.conf is auto-
generated and any added DNS entry vanishes sooner or later. At least in
my tests. Therefore, my workaround was to change the symbolic link
/etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
/etc/resolv.conf -> ../run/systemd/resolve/resolv.conf
which is mentioned in
$ man systemd-resolved.service
In that non-stub configuration file, after installing Unbound, any
previously set server is overwritten with "127.0.0.1". However, changing
a symbolic link manually (although documented in a
man page) is a workaround for me and not the way it should work.
Anyway, I searched a bit more in the man pages, and
$ sudo apt install resolvconf
seems to do the trick because it changes the symbolic link
/etc/resolv.conf -> ../run/resolvconf/resolv.conf
automatically and therefore avoids systemd-resolved, too.
I have to test that on the long term. Looks promising. However, that
means, every executable which needs RRSIG has to declare a dependency
on the package resolvconf nowadays. That should be reported to Debian.
More information about the Unbound-users
mailing list