4f461f7b77
Historically, we allowed downgrade of DNSSEC, but some folks argue this may decrease actually the security posture to do opportunistic DNSSEC. In addition, the current implementation of (opportunistic) DNSSEC validation is broken against "in the wild" servers which are usually slightly non-compliant. systemd upstream recommended to me (in personal communication surrounding the All Systems Go 2023 conference) to disable DNSSEC validation until they work on it in a significant capacity, ideally, by next year. |
||
|---|---|---|
| .. | ||
| activation | ||
| boot | ||
| etc | ||
| build.nix | ||