Hm, this feels over complicated.
If we want to try DNSSEC=allow-downgrade as the default on Ubuntu, fine.
We can do that either by changing the build flag, or by shipping
/usr/lib/systemd/resolved.conf.d/dnssec-allow-downgrade.conf.
But if someone decides to *force* DNSSEC=yes, why not just allow them to
provide their own /etc/systemd/resolved.conf.d/dnssec-yes.conf? Is that
really more complicated than knowing that they should run `apt install
systemd-resolved-dnssec-force`?
** Changed in: systemd (Ubuntu)
Status: Triaged => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2117730
Title:
Enable (opportunistic) DNSSEC
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/2117730/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
