Your message dated Wed, 23 Apr 2025 09:06:44 +0000
with message-id <e1u7w44-00cb7a...@fasolo.debian.org>
and subject line Bug#958045: fixed in resolvconf 1.93
has caused the Debian Bug report #958045,
regarding Support trust-ad option from glibc 2.31
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
958045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958045
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: resolvconf
Version: 1.79
glibc 2.31 has support for recognizing that the name servers listed in
/etc/resolv.conf are reached over a trusted network path and implement
DNSSEC correctly (but do not necessarily perform validation):
* The DNS stub resolver will optionally send the AD (authenticated data) bit
in queries if the trust-ad option is set via the options directive in
/etc/resolv.conf (or if RES_TRUSTAD is set in _res.options). In this
mode, the AD bit, as provided by the name server, is available to
applications which call res_search and related functions. In the default
mode, the AD bit is not set in queries, and it is automatically cleared in
responses, indicating a lack of DNSSEC validation. (Therefore, the name
servers and the network path to them are treated as untrusted.)
If resolvconf is used to set up a local caching resolver on 127.0.0.1
and that solver handles the AD bit properly (merely reflecting it in
the response would be wrong—but actual DNSSEC validation is not
required), then the generated /etc/resolv.conf contents should include:
options trust-ad
I expect that needs some interface (or documented approach) in
resolvconf.
Thoughts?
--- End Message ---
--- Begin Message ---
Source: resolvconf
Source-Version: 1.93
Done: Andrej Shadura <andre...@debian.org>
We believe that the bug you reported is fixed in the latest version of
resolvconf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 958...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrej Shadura <andre...@debian.org> (supplier of updated resolvconf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Apr 2025 09:46:18 +0200
Source: resolvconf
Architecture: source
Version: 1.93
Distribution: unstable
Urgency: medium
Maintainer: resolvconf team <team+resolvc...@tracker.debian.org>
Changed-By: Andrej Shadura <andre...@debian.org>
Closes: 958045 1033457 1039696 1085994 1100720 1103939
Changes:
resolvconf (1.93) unstable; urgency=medium
.
[ Carles Pina i Estany ]
* Added po-debconf Catalan translation (Closes: #1103939).
.
[ Guillem Jover ]
* Add a debian/.gitignore file.
* Do not hardcode absolute pathnames to third-party commands.
* Fully move files from «/» to canonical «/usr» locations.
.
[ Kevin Otte ]
* Prioritize IPv6 resolvers when using dhcpcd-base (Closes: #1100720)
and rdnssd (Closes: #1100720).
.
[ Wolfgang ]
* Honor dns-options for creating resolv.conf (Closes: #958045, #1085994)
.
[ Andrej Shadura ]
* Remove the confusing comment about resolvectl from the resolv.conf header
(Closes: #1039696)
.
[ Remus-Gabriel Chelu ]
* Add Romanian debconf templates translation of resolvconf (Closes: #1033457)
Checksums-Sha1:
5a690bec4d92e97d282aa8e9dedde8193198f509 1218 resolvconf_1.93.dsc
eacd852c0a08438cdf03b3c2ea23cf7bd33d1b2c 78072 resolvconf_1.93.tar.xz
Checksums-Sha256:
134f1f31a82aafe4e53a676996926fa4a8536c6755555df2386eaa9c8c11c9ba 1218
resolvconf_1.93.dsc
0ecc034a74410968819fe378a07056350cf286cc20c3ddfc476ca7a5c1267923 78072
resolvconf_1.93.tar.xz
Files:
3047d3f23aed0e467051f5ec110cf486 1218 net optional resolvconf_1.93.dsc
c9ad3d9dd82fb2f3a21af11cf4e5fc4c 78072 net optional resolvconf_1.93.tar.xz
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCaAibAwAKCRDoRGtKyMdy
YczTAP9nKPHulizgcxpl9JcJQfsrOZlBbFgJFh6hGl4QUfhVDgD/RUv0TaIjOpcU
1t1NoW5wRx2WRvj0NmHmowF8RTJ3bwk=
=eXTI
-----END PGP SIGNATURE-----
pgpUcjg4kRMRr.pgp
Description: PGP signature
--- End Message ---
