Linux News Today: systemd 230 Launches with DNSSEC Enabled by Default in systemd-resolved, More
Zbigniew Jędrzejewski-Szmek has announced the release of systemd 230, a major update of the modern init system adopted by various GNU/Linux operating systems.
It looks like releasing a new version of systemd takes a few good months, and systemd 230 comes approximately three months after the debut of systemd 229, whose main attraction was systemd-resolved, the DNS resolver service, which could be used as a DNSSEC validating stub resolver.
Well, guess what, systemd-resolved remains the main attraction of the systemd 230 release, and it now comes with the DNSSEC (Domain Name System Security Extensions) feature turned on by default when using it in the “allow-downgrade” mode. However, GNU/Linux operating system maintainers can disable it during compilation by adding the “–with-default-dnssec=no” flag to the “configure” command.
“We recommend downstreams to leave this on at least during development cycles and report any issues with the DNSSEC logic upstream,” said Zbigniew Jędrzejewski-Szmek. “We are very interested in collecting feedback about the DNSSEC validator and its limitations in the wild. Note however, that DNSSEC support is probably nothing downstreams should turn on in stable distros just yet, as it might create incompatibilities with a few DNS servers and networks.”
systemd 230 coming soon to a distro near you
Of course, systemd-resolved is not the only component of the systemd init system that has received significant improvements and new features in the systemd 230 release, which also includes various necessary changes to the systemd-logind, systemd-networkd, systemd-journald, journalctl, the sd-journal API, systemd-ask-password, systemd-tmpfiles, systemd-nspawn, and systemd-bootchart components.
The full changelog has been added below if you’re curious to know what exactly has been changed in systemd 230, which should soon arrive in the main software repositories of modern GNU/Linux operating systems that are using the next-generation init system by default. Alternatively, you can download the systemd 230 sources right now via our website and compile it yourself.