On Mon, Dec 23, 2024, at 09:09, Laura Smith wrote: > Sent with Proton Mail secure email. > > On Monday, 23 December 2024 at 14:00, Kevin P. Fleming > <lists.systemd-devel@xxxxxxxxxxxxx> wrote: > >> The simplest fix is to set "DNSSEC=no" > > That seems to me to be a bit of a "sledgehammer to crack a nut". > > The man page for resolved.conf says: > > "It is recommended to set DNSSEC= to true on systems where it is known > that the DNS server supports DNSSEC correctly " > > I know that my DNS servers do, since they are all modern > implementations which have no issues with DNSSEC support. > > Also DNSSEC=no would also kill DANE which is not a desirable outcome ? Yes, it would. The statement you read above is based on an assumption by the authors of systemd-resolved that it will never interfere with DNSSEC validation, but there is ample evidence that that statement is not true (although it has gotten quite a bit better in the most recent releases, but unless you are using a bleeding-edge distribution you won't have those releases). If you are only going to use systemd-resolved in proxy mode, with a fixed set of upstream resolvers, then I think the best solution is to just remove systemd-resolved from the path completely and put those upstream resolvers directly into /etc/resolv.conf. It's not going to provide you much, if any, value, if it's not doing caching or DNSSEC validation.
Re: systemd-resolved : How to change permanently to 127.0.0.54
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: systemd-resolved : How to change permanently to 127.0.0.54
- From: "Kevin P. Fleming" <lists.systemd-devel@xxxxxxxxxxxxx>
- Date: Mon, 23 Dec 2024 09:21:17 -0500
- Cc: "Adam Nielsen" <a.nielsen@xxxxxxxxxxx>, systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- Feedback-id: i1309466e:Fastmail
- In-reply-to: <F9Hq5qN0rvsiFVJTVevVYWEypsMobXkJmmUDdpeLarENR9lEXWvWtU0ootBzj-oXd_eKgvUJaoMfSO54Eyvjhyd2jtOSLIpCadTrzhP__7U=@protonmail.ch>
- References: <y6N5LSpN845uw2s2ipGEwlHBWfuyr5IBQT2ImSAMXf-F3ucGqvScTYksFjSaxtWh2Nb5fwpVygIQGir8k39JvPSmYEn_k1LRiJFS5bk0j_M=@protonmail.ch> <548245ee-07d2-4dee-bdff-813d3840f387@app.fastmail.com> <XKCnegasXRXgpadnAO9XXBnfVWtluJ8PJXXFVznbLaqL_2LGfL8GkkoBcOXPfAceOWIvIBqRfmzJyEspaapU15AIdgmMaZmBVCRHBB5kB-E=@protonmail.ch> <18SXOS.9SVI1ZK7SGCA@amesite.me> <s1DXngEHAgH0EghprFGTIf8JtM0pNIClM7FO0tG_fSu9anY7RxZtVM2b1Qfu_GAIcOgy-u_XsT81wsLop5AabYtIb0yB9pgo3oC07Y95xJg=@protonmail.ch> <20241223222307.63ddea9d@gnosticus> <HhflGFooQ3Jbt8AeFxDlwywLOcb66CFwUONKPgMwYMrGzgjrHSEBeerG9FPZy8-q9dlJBcbPBtvkmUwJTFdIT6wBQ-MMZJ05bLvVbCTBSKY=@protonmail.ch> <65c82a8b-fb36-4f8d-84de-d809d053d8da@app.fastmail.com> <F9Hq5qN0rvsiFVJTVevVYWEypsMobXkJmmUDdpeLarENR9lEXWvWtU0ootBzj-oXd_eKgvUJaoMfSO54Eyvjhyd2jtOSLIpCadTrzhP__7U=@protonmail.ch>
- References:
- systemd-resolved : How to change permanently to 127.0.0.54
- From: Laura Smith
- Re: systemd-resolved : How to change permanently to 127.0.0.54
- From: Kevin P. Fleming
- Re: systemd-resolved : How to change permanently to 127.0.0.54
- From: Laura Smith
- Re: systemd-resolved : How to change permanently to 127.0.0.54
- From: Daniel Foster
- Re: systemd-resolved : How to change permanently to 127.0.0.54
- From: Laura Smith
- Re: systemd-resolved : How to change permanently to 127.0.0.54
- From: Adam Nielsen
- Re: systemd-resolved : How to change permanently to 127.0.0.54
- From: Laura Smith
- Re: systemd-resolved : How to change permanently to 127.0.0.54
- From: Kevin P. Fleming
- Re: systemd-resolved : How to change permanently to 127.0.0.54
- From: Laura Smith
- systemd-resolved : How to change permanently to 127.0.0.54
- Prev by Date: Re: systemd-resolved : How to change permanently to 127.0.0.54
- Next by Date: Re: systemd-resolved : How to change permanently to 127.0.0.54
- Previous by thread: Re: systemd-resolved : How to change permanently to 127.0.0.54
- Next by thread: Re: systemd-resolved : How to change permanently to 127.0.0.54
- Index(es):
 |