<div><div dir="auto">Systemd-resolvd has a peculiar existence. It doesn’t seem to solve any problems or improve any pre-existing tools. It claims to be a fully featured DNS resolver but could not possibly compete with Unbound. It appears to be an unnecessary abstraction that confuses the sh*t out of things.</div></div><div><br><div class="gmail_quote"><div dir="ltr">On Sat, Dec 15, 2018 at 10:07 PM Rick Moen <<a href="mailto:rick@linuxmafia.com">rick@linuxmafia.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Quoting Ken Shaffer (<a href="mailto:kenshaffer80@gmail.com" target="_blank">kenshaffer80@gmail.com</a>):<br>
<br>
> Looks like I missed the forum discussion of the comcast/systemd-resolve<br>
> problem:<br>
> <a href="https://ubuntuforums.org/showthread.php?t=2406399" rel="noreferrer" target="_blank">https://ubuntuforums.org/showthread.php?t=2406399</a><br>
<br>
Short version (<a href="https://moss.sh/name-resolution-issue-systemd-resolved/" rel="noreferrer" target="_blank">https://moss.sh/name-resolution-issue-systemd-resolved/</a>):<br>
One of the innumerble ways systemd-resolved sucks rocks is in failing to<br>
follow DNS standards, such as DNSSEC's RRSIG digital signatures.<br>
<br>
(From above link:)<br>
<br>
# host -t RRSIG <a href="http://keyserver.ubuntu.com" rel="noreferrer" target="_blank">keyserver.ubuntu.com</a> 127.0.0.53<br>
Using domain server:<br>
Name: 127.0.0.53<br>
Address: 127.0.0.53#53<br>
Aliases: <br>
Host <a href="http://keyserver.ubuntu.com" rel="noreferrer" target="_blank">keyserver.ubuntu.com</a> not found: 1(FORMERR)<br>
#<br>
<br>
You'd probably have seen entries about the DNS resolution error pointing<br>
the finger directly at systemd-resolved if it had occurred to you to<br>
look in /var/log/syslog -- but it didn't, right? Nota bene: When Unix<br>
processes have problems, they very often mutter about that into log files.<br>
Log files are your friend. Get to know them. Many mysterious goings-on<br>
will become much less so.<br>
<br>
And, Ken, are you going to be implementing daft solutions from<br>
nobody-in-particular on <a href="http://ubuntuforums.org" rel="noreferrer" target="_blank">ubuntuforums.org</a>? Like hardwiring an IP address<br>
instead of '<a href="http://pop3.comcast.net" rel="noreferrer" target="_blank">pop3.comcast.net</a>' to compensate for systemd-resolved's<br>
inability to correctly handle DNSSEC? Or migrating everything from a<br>
POP3 account to an IMAP account? <br>
<br>
See, that's the problem with following advice off <a href="http://ubuntuforums.org" rel="noreferrer" target="_blank">ubuntuforums.org</a>.<br>
It's the blind leading the blind.<br>
<br>
How about considering -- oh, just spitballing, here -- disabling<br>
systemd-resolved, seeing that it's bugware 'n' all? Like, addressing<br>
the source of the error, rather than just limping around it?<br>
<br>
<br>
_______________________________________________<br>
sf-lug mailing list<br>
<a href="mailto:sf-lug@linuxmafia.com" target="_blank">sf-lug@linuxmafia.com</a><br>
<a href="http://linuxmafia.com/mailman/listinfo/sf-lug" rel="noreferrer" target="_blank">http://linuxmafia.com/mailman/listinfo/sf-lug</a><br>
Information about SF-LUG is at <a href="http://www.sf-lug.org/" rel="noreferrer" target="_blank">http://www.sf-lug.org/</a><br><br>
Related Information <br><br>
<a href="http://www.shallowsky.com/blog/" rel="noreferrer" target="_blank">http://www.shallowsky.com/blog/</a><br><br>
<a href="http://explainshell.com/" rel="noreferrer" target="_blank">http://explainshell.com/</a> <br><br>
</blockquote></div></div>