On 6/11/22 19:27, Petr Menšík wrote:
Because of attitude documented in change for systemd-resolved [1], I expect the only change to get this improved would be switch from systemd-resolved to anything more DNSSEC friendly. I don't understand why, but it seems systemd team is avoiding working DNSSEC as much as they can. Yet it was fixed ALMOST after change related to original issue #4621 [2], reported 4 years before even the original change in Fedora were started.
I will attempt to prepare a better working alternative for the next release or the one after it.
Is patching Fedora’s systemd-resolved an option?