systemd-resolved: returns SERVFAIL for uknown domain
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| systemd |
Unknown
|
Unknown
|
|||
| systemd (Ubuntu) |
Confirmed
|
Low
|
Unassigned | ||
Bug Description
Ubuntu 22.04.2 amd64
systemd: 249.11-0ubuntu3.9
when I ask for non-existing domain, systemd-resolved replies with SERVFAIL. I believe that correct answer should be NXDOMAIN (this is reply from public DNS servers, like 1.1.1.1, 8.8.8.8, 9.9.9.9 and others).
DEMO, I use `khost` utility from package `knot-host`:
CloudFlare DNS, reference, I believe this is expected answer:
$ khost oops. 1.1.1.1
Host oops. type A error: NXDOMAIN
Host oops. type AAAA error: NXDOMAIN
Host oops. type MX error: NXDOMAIN
systemd-resolved, the bug (and the reply is not consistent, MX record has different error):
$ khost oops.
Host oops. type A error: SERVFAIL
Host oops. type AAAA error: SERVFAIL
Host oops. type MX error: NXDOMAIN
$ khost -v oops.
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 15468
;; Flags: qr aa rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0
;;oops. IN A
;; Received 22 B
;; Time 2023-06-18 18:27:02 UTC
;; From 127.0.0.53@53(UDP) in 0.0 ms
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 55107
;; Flags: qr aa rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0
;;oops. IN AAAA
;; Received 22 B
;; Time 2023-06-18 18:27:02 UTC
;; From 127.0.0.53@53(UDP) in 0.0 ms
;; ->>HEADER<<- opcode: QUERY; status: NXDOMAIN; id: 46585
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 1; ADDITIONAL: 0
;;oops. IN MX
. 1390 IN SOA a.root-servers.net. nstld.verisign-
;; Received 97 B
;; Time 2023-06-18 18:27:02 UTC
;; From 127.0.0.53@53(UDP) in 3.4 ms
Check that DNS is served by systemd-resolved:
$ sudo ss -nlp | grep ":53 "
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(
tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(
Check version
$ resolvectl --version
systemd 249 (249.11-0ubuntu3.9)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-
| description: | updated |
| summary: |
- systemd-resolv: returns SERVFAIL for uknown domain + systemd-resolvd: returns SERVFAIL for uknown domain |
| summary: |
- systemd-resolvd: returns SERVFAIL for uknown domain + systemd-resolved: returns SERVFAIL for uknown domain |
| description: | updated |
| description: | updated |
| description: | updated |
| description: | updated |
| Nick Rosbrook (enr0n) wrote | #1 |
| Changed in systemd (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| psl (slansky) wrote | #2 |
| Mike Battersby (mib-8) wrote | #3 |
I do see this behavior on Lunar as well:
root@lunar:~# resolvectl query oops.
oops.: resolve call failed: No appropriate name servers or networks for name found
root@lunar:~# dig oops.
; <<>> DiG 9.18.12-
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21966
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;oops. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.
;; WHEN: Tue Jun 20 20:53:32 UTC 2023
;; MSG SIZE rcvd: 33
root@lunar:~# resolvectl --version
systemd 252 (252.5-2ubuntu3)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-
I took a look at the code but I am not sure the best way to address this. Can you please open an upstream bug (https:/