DNSSEC prevents to resolve DNS-Zones like *.local. On Linux Mint for example this leads to a DNS-Problem in company wide networks with for example domain.local domains.
I lastly found a solution while setting up my colleagues new laptop which where installed with the latest Linux Mint (19.x) Ubuntu.
The problem we encounterd was that we have different domains where some inhouse where ending with
.local . So DNSSEC obviously rightly don’t like.
Here is our solution:
/etc/resolv.conf or delete, rename it.
Then link it to the dynamic
$ unlink /etc/resolv.conf
$ ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
In the next step we will disable DNSSEC. Therefore you need to edit your
/etc/systemd/resolved.conf to something like that:
$ vim /etc/systemd/resolved.conf# This file is part of systemd.
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
# See resolved.conf(5) for details[Resolve]
Lastly find in
hosts: line which tells the sequence in how your device should resolve.
Find the line and replace it with
hosts: files dns . This will resolve your
/etc/resolv.conf first and 2nd asking your specified DNS-Server.
$ vim /etc/nsswitch.conf
#hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
hosts: files dns