FS#72610 - [systemd] add hostnames to fallback DNS servers
Attached to Project:
Arch Linux
Opened by nl6720 (nl6720) - Tuesday, 02 November 2021, 07:15 GMT
Last edited by Christian Hesse (eworm) - Tuesday, 02 November 2021, 10:22 GMT
Opened by nl6720 (nl6720) - Tuesday, 02 November 2021, 07:15 GMT
Last edited by Christian Hesse (eworm) - Tuesday, 02 November 2021, 10:22 GMT
|
Details
Description:
Upstream added hostnames to fallback DNS servers so that they work when DNS over TLS is enabled. Please add the appropriate hostnames for Arch's chosen fallback DNS servers in https://github.com/archlinux/svntogit-packages/blob/packages/systemd/trunk/PKGBUILD#L103-L115 . Additional info: * package version(s) * config and/or log files etc. * link to upstream bug report, if any systemd 249.5-3 https://github.com/systemd/systemd/commit/a83ddc08d66277b9bf1e374a3e1e9bc21ce12cdd Steps to reproduce: |
This task depends upon
Closed by Christian Hesse (eworm)
Tuesday, 02 November 2021, 10:22 GMT
Reason for closing: Implemented
Additional comments about closing: in SVN trunk
Tuesday, 02 November 2021, 10:22 GMT
Reason for closing: Implemented
Additional comments about closing: in SVN trunk
% echo | openssl s_client -connect 1.1.1.1:853 2>/dev/null | openssl x509 -in - -noout -ext subjectAltName
X509v3 Subject Alternative Name:
DNS:cloudflare-dns.com, DNS:*.cloudflare-dns.com, DNS:one.one.one.one, IP Address:1.1.1.1, IP Address:1.0.0.1, IP Address:162.159.36.1, IP Address:162.159.46.1, IP Address:2606:4700:4700:0:0:0:0:1111, IP Address:2606:4700:4700:0:0:0:0:1001, IP Address:2606:4700:4700:0:0:0:0:64, IP Address:2606:4700:4700:0:0:0:0:6400
% echo | openssl s_client -connect 9.9.9.10:853 2>/dev/null | openssl x509 -in - -noout -ext subjectAltName
X509v3 Subject Alternative Name:
DNS:*.quad9.net, DNS:quad9.net, IP Address:9.9.9.9, IP Address:9.9.9.10, IP Address:9.9.9.11, IP Address:9.9.9.12, IP Address:9.9.9.13, IP Address:9.9.9.14, IP Address:9.9.9.15, IP Address:149.112.112.9, IP Address:149.112.112.10, IP Address:149.112.112.11, IP Address:149.112.112.12, IP Address:149.112.112.13, IP Address:149.112.112.14, IP Address:149.112.112.15, IP Address:149.112.112.112, IP Address:2620:FE:0:0:0:0:0:9, IP Address:2620:FE:0:0:0:0:0:10, IP Address:2620:FE:0:0:0:0:0:11, IP Address:2620:FE:0:0:0:0:0:12, IP Address:2620:FE:0:0:0:0:0:13, IP Address:2620:FE:0:0:0:0:0:14, IP Address:2620:FE:0:0:0:0:0:15, IP Address:2620:FE:0:0:0:0:0:FE, IP Address:2620:FE:0:0:0:0:FE:9, IP Address:2620:FE:0:0:0:0:FE:10, IP Address:2620:FE:0:0:0:0:FE:11, IP Address:2620:FE:0:0:0:0:FE:12, IP Address:2620:FE:0:0:0:0:FE:13, IP Address:2620:FE:0:0:0:0:FE:14, IP Address:2620:FE:0:0:0:0:FE:15
% echo | openssl s_client -connect 8.8.8.8:853 2>/dev/null | openssl x509 -in - -noout -ext subjectAltName
X509v3 Subject Alternative Name:
DNS:dns.google, DNS:dns.google.com, DNS:*.dns.google.com, DNS:8888.google, DNS:dns64.dns.google, IP Address:8.8.8.8, IP Address:8.8.4.4, IP Address:2001:4860:4860:0:0:0:0:8888, IP Address:2001:4860:4860:0:0:0:0:8844, IP Address:2001:4860:4860:0:0:0:0:6464, IP Address:2001:4860:4860:0:0:0:0:64
All fallback servers do include ip addresses in certificate subject alt name. So everything should be fine, no?
On the other hand... Probably it does not hurt to have it, looks like v249 (see DNS= in man 5 resolved.conf) does support it.
Still, I'd be nice to closer match with upstream.