How to understand and mitigate the Evil DNS remote attack under linux systems? A new vulnerability has discovered on the `systemd` package called Evil DNS allowing the remote control of a linux machine. From the security-tracker.debian , the debian Stretch , Buster and Sid are vulnerable. ( Also affect a various Linux distro with Systemd) System check: On Debian Stretch , my `systemd --version` is `systemd 232` before and after the system update. The `systemctl status systemd-resolved.service` command say that the `systemd-resolved` is disabled. How to easily understand and mitigate the Evil DNS remote attack under linux systems? Does stopping the `systemd-resolved` service is sufficient to prevent the Evil DNS attack?

As per the Ubuntu security notice, the issue only affects `systemd-resolved` (this can be confirmed by looking at the patch fixing the issue). So a system which isn’t running `systemd-resolved` isn’t exposed, and stopping `systemd-resolved` is sufficient to prevent the attack.

This is the reason why the Debian tracker mentions “[stretch] - systemd (Minor issue, systemd-resolved not enabled by default)”, meaning that while Debian 9 does include the affected code, it’s a minor issue and won’t result in a security advisory. You can receive notification of the fix in Debian 9 or later by subscribing to the corresponding Debian bug.