Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 674672

Summary: sys-apps/systemd-240-r2 DNS-over-TLS option cannot be set to opportunistic when systemd-resolved is built without DNS-over-TLS support. Turning off DNS-over-TLS support.
Product: Gentoo Linux Reporter: Tuxine <nancy154>
Component: Current packagesAssignee: Gentoo systemd Team <systemd>
Status: RESOLVED FIXED    
Severity: normal CC: kyle, lucas.yamanishi
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/11030
Whiteboard:
Package list:
Runtime testing required: ---

Description Tuxine 2019-01-06 12:33:34 UTC 
In /etc/systemd/resolved.conf the option "DNSOverTLS = opportunistic" is set.

systemd-240-r2 denies DNS over TLS. The message is:

"DNS-over-TLS option can not be set to opportunistic when system-resolved is built-in without DNS-over-TLS support. Turning off DNS-over-TLS support."

Reproducible: Always

Steps to Reproduce:
1. systemctl restart systemd-resolved 
2. systemctl status systemd-resolved 
3.
Actual Results:  
No DNS over TLS

Expected Results:  
DNS over TLS

 emerge systemd -pv

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R   ~] sys-apps/systemd-240-r2:0/2::gentoo  USE="acl elfutils gcrypt gnuefi kmod lz4 lzma pam pcre (policykit) resolvconf seccomp split-usr ssl sysv-utils xkb -apparmor -audit -build -cryptsetup -curl -http -idn -importd -libidn2 -nat -qrcode (-selinux) -test -vanilla" ABI_X86="(64) -32 (-x32)" 0 KiB

Total: 1 package (1 reinstall), Size of downloads: 0 KiB



 # systemctl status systemd-resolved 
● systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-01-06 13:02:36 CET; 2s ago
     Docs: man:systemd-resolved.service(8)
           https://www.freedesktop.org/wiki/Software/systemd/resolved
           https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
           https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
 Main PID: 14687 (systemd-resolve)
   Status: "Processing requests..."
    Tasks: 1 (limit: 4915)
   Memory: 1.2M
   CGroup: /system.slice/systemd-resolved.service
           └─14687 /lib/systemd/systemd-resolved

Jan 06 13:02:36 tux systemd[1]: Starting Network Name Resolution...
Jan 06 13:02:36 tux systemd-resolved[14687]: Positive Trust Anchors:
Jan 06 13:02:36 tux systemd-resolved[14687]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Jan 06 13:02:36 tux systemd-resolved[14687]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Jan 06 13:02:36 tux systemd-resolved[14687]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.a>
Jan 06 13:02:36 tux systemd-resolved[14687]: DNS-over-TLS option cannot be set to opportunistic when systemd-resolved is built without DNS-over-TLS support. Turning off DNS-over-TLS support.
Jan 06 13:02:36 tux systemd-resolved[14687]: Using system hostname 'tux'.
Jan 06 13:02:36 tux systemd[1]: Started Network Name Resolution.


emerge --info
Portage 2.3.51 (python 3.6.5-final-0, default/linux/amd64/17.0/desktop/plasma/systemd, gcc-8.2.0, glibc-2.27-r6, 4.20.0-gentoo x86_64)
=================================================================
System uname: Linux-4.20.0-gentoo-x86_64-AMD_Ryzen_5_1600_Six-Core_Processor-with-gentoo-2.6
KiB Mem:    16413496 total,  10426636 free
KiB Swap:   16779260 total,  16779260 free
Timestamp of repository gentoo: Fri, 04 Jan 2019 18:44:09 +0000
Head commit of repository gentoo: fde7988d7a330369ce9ae091039848dc6c01c60b

sh bash 4.4_p12
ld GNU ld (Gentoo 2.30 p5) 2.30.0
app-shells/bash:          4.4_p12::gentoo
dev-java/java-config:     2.2.0-r4::gentoo
dev-lang/perl:            5.26.2::gentoo
dev-lang/python:          2.7.15::gentoo, 3.6.5::gentoo
dev-util/cmake:           3.9.6::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.6-r1::gentoo
sys-apps/sandbox:         2.13::gentoo
sys-devel/autoconf:       2.13-r1::gentoo, 2.69-r4::gentoo
sys-devel/automake:       1.11.6-r3::gentoo, 1.16.1-r1::gentoo
sys-devel/binutils:       2.30-r4::gentoo
sys-devel/gcc:            8.2.0-r6::gentoo
sys-devel/gcc-config:     2.0::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1-r4::gentoo
sys-kernel/linux-headers: 4.14-r1::gentoo (virtual/os-headers)
sys-libs/glibc:           2.27-r6::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: git
    sync-uri: git+ssh://git@git.gentoo.org/repo/sync/gentoo.git
    priority: -1000
    sync-git-verify-commit-signature: true

localrepo
    location: /usr/local/portage
    masters: gentoo

unity-gentoo
    location: /var/lib/layman/unity-gentoo
    sync-type: laymansync
    sync-uri: https://github.com/shiznix/unity-gentoo
    masters: gentoo
    priority: 50

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=znver1"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /etc/conf.d /etc/init.d /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/config/kdm /usr/share/gnupg/qualified.txt /usr/share/sddm/scripts/Xsetup"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.2/ext-active/ /etc/php/cgi-php7.2/ext-active/ /etc/php/cli-php7.2/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/skel /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -pipe -march=znver1"
DISTDIR="/usr/portage/distfiles"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs buildpkg cgroup collision-protect compress-build-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync webrsync-gpg xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="de_DE.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="de"
MAKEOPTS="-j12 -l12"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="52 X X509 a52 aac aacplus aalib acl acpi activities alisp alsa amd64 apache2 app archive aspell assistant atmo avahi bazaar berkdb bluetooth bluez bluray branding btpclient btrfs bzip2 cairo cdda cdparanoia cdr cgi chromium clang classic cli colord connection-sharing conntrack contrib crypt cups cvs cxx cycles dbi dbus declarative dns dri drm dts dvb dvbcsa dvbpsi dvd dvdarchive dvdr egl elfutils emboss emoji encode exif ext4 faad fam ffmpeg firewalld flac fonts fortran frei0r fuse gbm gd gdbm geoclue gif git glamor gles gme gnuefi gnutls google googledrive gpg gphoto2 gpm graphviz grub gsm-nonstandard gstreamer gtk gtk3 gvfs handbook hddtemp hvm ical iconv icu infinality iptables ipv4 ipv6 java javafx jce jpeg jpeg2k kate kde kdenlive kdesu kipi kvm kwallet layers lcms libcaca libnotify libtirpc live lkrn lm_sensors logrotate lua lv2 lvm lz4 lzma lzo mad magic masquerade matroska mdadm mercurial mng modemmanager modplug mp3 mp4 mpeg mpeg2 mpeg3 mpg123 mtp multilib musepack mysql mysqli ncurses networkmanager nfconntrack nls npp nptl nsplugin ntfs numa ogg omxil openal opencl opencv openexr opengl openimageio openmp opensubdiv opus pam pango pcre pdf pdfimport perl phonon pkcs11 plasma png policykit postproc postscript ppds projectm pulseaudio qml qt5 qtmedia readline rtsp rubberband scanner schroedinger script sdl seccomp semantic-desktop shout skins smp source speech spell sqlite ssl startup-notification subversion svg sync-plugin-portage systemd tci tcl tcpd theora threads thumbnail thunderbird tiff tk truetype twolame udev udisks unicode update_drivedb upnp upower usb usbredir user-session v4l vaapi vcdx vdpau vector-icons video virtualbox vnc vorbis vpx vte wav wayland webchannel webengine webp widevine widgets wma wma-fixed wmf wxwidgets x264 x265 xattr xcb xcomposite xine xinerama xkb xml xrandr xv xvid youtube zeroconf zip zip-encryption zlib zvbi" ABI_X86="64" ALSA_CARDS="hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon plan sheets words" CAMERAS="*" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="libinput" KERNEL="linux" L10N="de" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-2" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" QEMU_SOFTMMU_TARGETS="x86_64 aarch64 alpha arm cris i386 lm32 m68k microblaze microblazeel mips mips64 mips64el mipsel moxie nios2 or1k ppc ppc64 ppcemb s390x sh4 sh4eb sparc sparc64 tricore unicore32 xtensa xtensaeb" QEMU_USER_TARGETS="x86_64 aarch64 alpha arm armeb cris hppa i386 m68k microblaze microblazeel mips mips64 mips64el mipsel mipsn32 mipsn32el nios2 or1k ppc ppc64 ppc64abi32 ppc64le s390x sh4 sh4eb sparc sparc32plus sparc64 tilegx" RUBY_TARGETS="ruby23" SANE_BACKENDS="net" USERLAND="GNU" VIDEO_CARDS="amdgpu radeonsi" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Tuxine 2019-01-06 12:37:30 UTC 
How can systemd-resolved be built with DNSoverTLS support?
Maybe a USE-Flag is missing?
Comment 2 Mike Gilbert gentoo-dev 2019-01-27 03:06:40 UTC 
It looks like DNS over TLS is enabled automatically if you have USE=gnutls, or if you have >=dev-libs/openssl-1.1.0.

I'll have to think about how to properly express this optional dependency in the ebuild.
Comment 3 Larry the Git Cow gentoo-dev 2019-04-13 13:43:11 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ff400688d95696650641565e44203e1b7cfd02a

commit 6ff400688d95696650641565e44203e1b7cfd02a
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2019-04-13 13:37:35 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2019-04-13 13:43:07 +0000

    sys-apps/systemd: bump to 242
    
    Fixes DNS-over-TLS support, based loosely on work by Lucas Yamanishi.
    
    Closes: https://bugs.gentoo.org/674672
    Closes: https://github.com/gentoo/gentoo/pull/11030
    Package-Manager: Portage-2.3.62_p4, Repoman-2.3.12_p87
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-apps/systemd/Manifest                            |  2 +-
 sys-apps/systemd/metadata.xml                        |  1 +
 .../{systemd-242_rc3.ebuild => systemd-242.ebuild}   | 20 ++++++++++++++++----
 sys-apps/systemd/systemd-9999.ebuild                 | 20 ++++++++++++++++----
 4 files changed, 34 insertions(+), 9 deletions(-)