28 Sep
2020
28 Sep
'20
5:36 p.m.
* Andrew Lutomirski:
Paul may well have been mixing different things here, but I don't think you answered the one that seems like the most severe problem: systemd-resolved removed perfectly valid DNSSEC records that were supplied by the upstream server. One might reasonably debate whether Fedora's default DNS resolver configuration should validate DNSSEC, but I think it should honor the DO bit in client requests and return DNSSEC data.
FWIW, this is https://bugzilla.redhat.com/show_bug.cgi?id=1879028.
Thanks, Florian
--
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill