systemd-resolved of systemd 258-2 breaks name resolution in various places

Description:

Since the update to systemd 258-2, the following things with systemd-resolved fail: DNSSEC allow-downgrade doesn't allow downgrade at all, it behaves like DNSSEC=true. You have to set DNSSEC to false to get LAN DNS resolution working again. systemd-resolved completely ignores DNS Domainlist used as search suffix, regardless if set globally via /etc/systemd/resolved.conf.d/ or received from DHCP, so shortnames on the local network don't work anymore.

Additional info:

systemd 258-2

package version(s): 258-2
config and/or log files:
link to upstream bug report, if any:

Steps to reproduce:

set Search-Domains in /etc/systemd/resolved.conf.d/my_lan_domain.conf with [Resolve] Domain=example.org

use the domainname of you LAN resolver (e.g. knot-resolver)

drill a or ping worked perfect before, now neither does, the search domains are not appended to find the ip on the LAN resolver
as a followup to the shortname issue: shortnames appear to work only for the first domain name in the Domain Search list.

Edited Sep 20, 2025 by Wolf

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

systemd-resolved of systemd 258-2 breaks name resolution in various places

Description:

Additional info:

Steps to reproduce:

use the domainname of you LAN resolver (e.g. knot-resolver)