Am 08.05.20 um 06:12 schrieb наб: > Package: src:systemd > Version: 245.5-2 > Severity: normal > > Dear Maintainer, > > Around line 88, d/rules says this (also present on Salsa @ b9498a5): > > -- >8 -- > # resolved's DNSSEC support is still not mature enough, don't enable it by > # default on stable Debian or any Ubuntu releases > CONFFLAGS += $(shell grep -qE 'stretch|ubuntu' /etc/os-release && echo > -Ddefault-dnssec=no) > -- >8 -- > > I don't know if DNSSEC support matured and this isn't needed anymore > anyway, but going by the comment this was probably overlooked > at some point; but now I looked at it, and here we are.
Both Fedora and Ubuntu apparently disable DNSSEC by default, as it still produces too many issues when used in the wild. In Debian, we did not disable DNSSEC as resolved is not enabled by default and we thought someone willing to enable resolved is probably more likely able to deal with issues resulting from DNSSEC. That said, I'm fine with disabling DNSSEC unconditionally for Debian as well. This would mean one less small divergence from the Ubuntu package. Does anyone feel strongly about keeping DNSSEC enabled by default? Thoughts? Michael
signature.asc
Description: OpenPGP digital signature
