Well, guess what, systemd-resolved remains the main attraction of the systemd 230 release, and it now comes with the DNSSEC (Domain Name System Security Extensions) feature turned on by default, when using it in the “allow-downgrade” mode. However, GNU/Linux operating system maintainers can disable it during compilation by adding the “–with-default-dnssec=no” flag to the “configure” command.