| 2017-02-28 21:32:13 |
jowfdoijdfdwfwdf |
bug |
|
|
added bug |
| 2017-03-07 15:51:21 |
Dimitri John Ledkov |
bug watch added |
|
https://github.com/systemd/systemd/issues/5552 |
|
| 2017-03-07 15:51:21 |
Dimitri John Ledkov |
bug task added |
|
systemd |
|
| 2017-03-07 16:04:54 |
Bug Watch Updater |
systemd: status |
Unknown |
New |
|
| 2017-03-13 02:50:45 |
Launchpad Janitor |
systemd (Ubuntu): status |
New |
Confirmed |
|
| 2018-04-24 16:50:33 |
Sergei Genchev |
bug |
|
|
added subscriber Sergei Genchev |
| 2019-05-23 21:21:46 |
James Hebden |
tags |
|
canonical-bootstack |
|
| 2019-05-29 15:37:09 |
Paul Goins |
bug |
|
|
added subscriber Canonical IS Incidents |
| 2019-07-08 20:00:10 |
Jorge Niedbalski |
systemd (Ubuntu): assignee |
|
Jorge Niedbalski (niedbalski) |
|
| 2019-07-12 19:58:14 |
Jorge Niedbalski |
systemd (Ubuntu): importance |
Undecided |
High |
|
| 2019-07-12 19:58:19 |
Jorge Niedbalski |
systemd (Ubuntu): status |
Confirmed |
In Progress |
|
| 2019-07-19 16:33:42 |
Dan Streetman |
nominated for series |
|
Ubuntu Disco |
|
| 2019-07-19 16:33:42 |
Dan Streetman |
bug task added |
|
systemd (Ubuntu Disco) |
|
| 2019-07-19 16:33:42 |
Dan Streetman |
nominated for series |
|
Ubuntu Eoan |
|
| 2019-07-19 16:33:42 |
Dan Streetman |
bug task added |
|
systemd (Ubuntu Eoan) |
|
| 2019-07-19 16:33:42 |
Dan Streetman |
nominated for series |
|
Ubuntu Bionic |
|
| 2019-07-19 16:33:42 |
Dan Streetman |
bug task added |
|
systemd (Ubuntu Bionic) |
|
| 2019-07-19 16:59:20 |
Jorge Niedbalski |
nominated for series |
|
Ubuntu Xenial |
|
| 2019-07-19 16:59:20 |
Jorge Niedbalski |
bug task added |
|
systemd (Ubuntu Xenial) |
|
| 2019-07-19 17:00:47 |
Dan Streetman |
bug |
|
|
added subscriber Dan Streetman |
| 2019-07-19 17:02:46 |
Jorge Niedbalski |
systemd (Ubuntu Disco): assignee |
|
Jorge Niedbalski (niedbalski) |
|
| 2019-07-19 17:02:49 |
Jorge Niedbalski |
systemd (Ubuntu Bionic): assignee |
|
Jorge Niedbalski (niedbalski) |
|
| 2019-07-19 17:02:52 |
Jorge Niedbalski |
systemd (Ubuntu Xenial): assignee |
|
Jorge Niedbalski (niedbalski) |
|
| 2019-07-19 17:03:00 |
Jorge Niedbalski |
systemd (Ubuntu Xenial): status |
New |
In Progress |
|
| 2019-07-19 17:03:05 |
Jorge Niedbalski |
systemd (Ubuntu Bionic): status |
New |
In Progress |
|
| 2019-07-19 17:03:09 |
Jorge Niedbalski |
systemd (Ubuntu Disco): status |
New |
In Progress |
|
| 2019-07-19 21:07:54 |
Jorge Niedbalski |
systemd (Ubuntu Disco): importance |
Undecided |
High |
|
| 2019-07-19 21:07:56 |
Jorge Niedbalski |
systemd (Ubuntu Bionic): importance |
Undecided |
High |
|
| 2019-07-19 21:07:59 |
Jorge Niedbalski |
systemd (Ubuntu Xenial): importance |
Undecided |
High |
|
| 2019-07-20 03:53:07 |
Jorge Niedbalski |
attachment added |
|
lp1668771-eoan.debdiff https://bugs.launchpad.net/systemd/+bug/1668771/+attachment/5278114/+files/lp1668771-eoan.debdiff |
|
| 2019-07-20 03:54:34 |
Jorge Niedbalski |
attachment removed |
lp1668771-eoan.debdiff https://bugs.launchpad.net/systemd/+bug/1668771/+attachment/5278114/+files/lp1668771-eoan.debdiff |
|
|
| 2019-07-20 03:59:31 |
Jorge Niedbalski |
attachment added |
|
lp1668771-eoan.debdiff https://bugs.launchpad.net/systemd/+bug/1668771/+attachment/5278115/+files/lp1668771-eoan.debdiff |
|
| 2019-07-20 04:19:01 |
Ubuntu Foundations Team Bug Bot |
tags |
canonical-bootstack |
canonical-bootstack patch |
|
| 2019-07-20 04:19:08 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
| 2019-07-22 21:16:29 |
Jorge Niedbalski |
tags |
canonical-bootstack patch |
canonical-bootstack patch sts sts-sru-needed |
|
| 2019-07-22 21:51:10 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~ddstreet/ubuntu/+source/systemd/+git/systemd/+merge/370455 |
|
| 2019-07-22 22:20:55 |
Dan Streetman |
bug |
|
|
added subscriber STS Sponsors |
| 2019-07-22 22:20:58 |
Dan Streetman |
removed subscriber Ubuntu Sponsors Team |
|
|
|
| 2019-07-23 15:13:58 |
Jorge Niedbalski |
description |
231-9ubuntu3
If a DNS lookup returns SERVFAIL, systemd-resolved seems to cache the result for very long (infinity?). I have to restart systemd-resolved to have the negative caching purged.
After SERVFAIL DNS server issue has been resolved, chromium/firefox still returns DNS error despite host can correctly resolve the name. |
[Impact]
* If a DNS lookup returns SERVFAIL, systemd-resolved seems to cache the result for very long (infinity?). I have to restart systemd-resolved to have the negative caching purged.
* After SERVFAIL DNS server issue has been resolved, chromium/firefox still returns DNS error despite host can correctly resolve the name.
[Test Case]
* If a lookup returns SERVFAIL systemd-resolved will cache the result for 30s (See 201d995),
however, there are several use cases on which this condition is not acceptable (See #5552 comments)
and the only workaround would be to disable cache entirely or flush it , which isn't optimal.
* Configure /etc/systemd/resolved.conf as follows:
Cache=yes (default)
* Restart systemd-resolved (systemctl restart systemd-resolved.service)
* Run a host/getent command against a entry that will return SERVFAIL and check the journalctl output to see that the reply gets served from cache.
root@systemd-disco:/home/ubuntu# host www.no-record.cl
Host www.montemar.cl not found: 2(SERVFAIL)
root@systemd-disco:/home/ubuntu# journalctl -u systemd-resolved -n
-- Logs begin at Fri 2019-07-12 18:09:42 UTC, end at Tue 2019-07-23 15:10:17 UTC. --
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Transaction 6222 for <ntp.ubuntu.com IN AAAA> on scope dns on ens3/* now complete with <success>
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Sending response packet with id 61042 on interface 1/AF_INET.
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Freeing transaction 6222.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Got DNS stub UDP query packet for id 53580
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Looking up RR for www.no-record.cl IN A.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: RCODE SERVFAIL cache hit for www.no-record.cl IN A
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Transaction 58570 for < www.no-record.cl IN A> on scope dns on ens3/* now complete with <rcode-fai
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Freeing transaction 58570.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Sending response packet with id 53580 on interface 1/AF_INET.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Processing query...
[Regression Potential]
* The default options (Yes/No) will remain as default Yes, behaving in the same original
way, by setting it to no-negative any negative answer will be skipped
from being cached.
* No regression potential has been detected as this just introduces
a new possible option for the Cache configuration directive.
[Fix]
With the cache option set to 'no-negative', negative DNS answers
are entirely avoided to being cached.
root@systemd-disco:/home/ubuntu# host www.metaklass.org
Host www.metaklass.org not found: 2(SERVFAIL)
* Look at the systemd-resolved entries
root@systemd-disco:/home/ubuntu# journalctl -u systemd-resolved -n
-- Logs begin at Fri 2019-07-12 18:09:42 UTC, end at Fri 2019-07-12 18:48:31 UTC. --
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Cache miss for www.metaklass.org IN A
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Transaction 22382 for <www.metaklass.org IN A> scope dns on ens3/.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Using feature level UDP for transaction 22382.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Sending query packet with id 22382.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Processing incoming packet on transaction 22382 (rcode=SERVFAIL).
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Server returned error: SERVFAIL
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Not caching negative entry for: www.metaklass.org IN A, cache mode set to no-negative
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Transaction 22382 for <www.metaklass.org IN A> on scope dns on ens3/ now complete with from network (unsigned).
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Sending response packet with id 31060 on interface 1/AF_INET.
The following patch https://github.com/systemd/systemd/pull/13047 implements the required changes. |
|
| 2019-07-23 19:41:52 |
Jorge Niedbalski |
attachment added |
|
lp1668771-bionic.debdiff https://bugs.launchpad.net/systemd/+bug/1668771/+attachment/5278752/+files/lp1668771-bionic.debdiff |
|
| 2019-07-23 19:42:21 |
Jorge Niedbalski |
summary |
systemd-resolved negative caching for extended period of time |
[SRU] systemd-resolved negative caching for extended period of time |
|
| 2019-07-23 20:28:57 |
Dan Streetman |
tags |
canonical-bootstack patch sts sts-sru-needed |
canonical-bootstack patch sts sts-sponsor sts-sponsor-ddstreet sts-sru-needed |
|
| 2019-07-23 20:46:00 |
Jorge Niedbalski |
attachment added |
|
lp1668771-disco.debdiff https://bugs.launchpad.net/systemd/+bug/1668771/+attachment/5278759/+files/lp1668771-disco.debdiff |
|
| 2019-07-23 21:40:53 |
Dan Streetman |
description |
[Impact]
* If a DNS lookup returns SERVFAIL, systemd-resolved seems to cache the result for very long (infinity?). I have to restart systemd-resolved to have the negative caching purged.
* After SERVFAIL DNS server issue has been resolved, chromium/firefox still returns DNS error despite host can correctly resolve the name.
[Test Case]
* If a lookup returns SERVFAIL systemd-resolved will cache the result for 30s (See 201d995),
however, there are several use cases on which this condition is not acceptable (See #5552 comments)
and the only workaround would be to disable cache entirely or flush it , which isn't optimal.
* Configure /etc/systemd/resolved.conf as follows:
Cache=yes (default)
* Restart systemd-resolved (systemctl restart systemd-resolved.service)
* Run a host/getent command against a entry that will return SERVFAIL and check the journalctl output to see that the reply gets served from cache.
root@systemd-disco:/home/ubuntu# host www.no-record.cl
Host www.montemar.cl not found: 2(SERVFAIL)
root@systemd-disco:/home/ubuntu# journalctl -u systemd-resolved -n
-- Logs begin at Fri 2019-07-12 18:09:42 UTC, end at Tue 2019-07-23 15:10:17 UTC. --
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Transaction 6222 for <ntp.ubuntu.com IN AAAA> on scope dns on ens3/* now complete with <success>
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Sending response packet with id 61042 on interface 1/AF_INET.
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Freeing transaction 6222.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Got DNS stub UDP query packet for id 53580
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Looking up RR for www.no-record.cl IN A.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: RCODE SERVFAIL cache hit for www.no-record.cl IN A
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Transaction 58570 for < www.no-record.cl IN A> on scope dns on ens3/* now complete with <rcode-fai
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Freeing transaction 58570.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Sending response packet with id 53580 on interface 1/AF_INET.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Processing query...
[Regression Potential]
* The default options (Yes/No) will remain as default Yes, behaving in the same original
way, by setting it to no-negative any negative answer will be skipped
from being cached.
* No regression potential has been detected as this just introduces
a new possible option for the Cache configuration directive.
[Fix]
With the cache option set to 'no-negative', negative DNS answers
are entirely avoided to being cached.
root@systemd-disco:/home/ubuntu# host www.metaklass.org
Host www.metaklass.org not found: 2(SERVFAIL)
* Look at the systemd-resolved entries
root@systemd-disco:/home/ubuntu# journalctl -u systemd-resolved -n
-- Logs begin at Fri 2019-07-12 18:09:42 UTC, end at Fri 2019-07-12 18:48:31 UTC. --
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Cache miss for www.metaklass.org IN A
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Transaction 22382 for <www.metaklass.org IN A> scope dns on ens3/.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Using feature level UDP for transaction 22382.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Sending query packet with id 22382.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Processing incoming packet on transaction 22382 (rcode=SERVFAIL).
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Server returned error: SERVFAIL
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Not caching negative entry for: www.metaklass.org IN A, cache mode set to no-negative
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Transaction 22382 for <www.metaklass.org IN A> on scope dns on ens3/ now complete with from network (unsigned).
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Sending response packet with id 31060 on interface 1/AF_INET.
The following patch https://github.com/systemd/systemd/pull/13047 implements the required changes. |
[Impact]
* If a DNS lookup returns SERVFAIL, systemd-resolved seems to cache the result for very long (infinity?). I have to restart systemd-resolved to have the negative caching purged.
* After SERVFAIL DNS server issue has been resolved, chromium/firefox still returns DNS error despite host can correctly resolve the name.
[Test Case]
* If a lookup returns SERVFAIL systemd-resolved will cache the result for 30s (See 201d995),
however, there are several use cases on which this condition is not acceptable (See #5552 comments)
and the only workaround would be to disable cache entirely or flush it , which isn't optimal.
* Configure /etc/systemd/resolved.conf as follows:
Cache=yes (default)
* Restart systemd-resolved (systemctl restart systemd-resolved.service)
* Run a host/getent command against a entry that will return SERVFAIL and check the journalctl output to see that the reply gets served from cache.
root@systemd-disco:/home/ubuntu# host www.no-record.cl
Host www.montemar.cl not found: 2(SERVFAIL)
root@systemd-disco:/home/ubuntu# journalctl -u systemd-resolved -n
-- Logs begin at Fri 2019-07-12 18:09:42 UTC, end at Tue 2019-07-23 15:10:17 UTC. --
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Transaction 6222 for <ntp.ubuntu.com IN AAAA> on scope dns on ens3/* now complete with <success>
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Sending response packet with id 61042 on interface 1/AF_INET.
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Freeing transaction 6222.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Got DNS stub UDP query packet for id 53580
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Looking up RR for www.no-record.cl IN A.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: RCODE SERVFAIL cache hit for www.no-record.cl IN A
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Transaction 58570 for < www.no-record.cl IN A> on scope dns on ens3/* now complete with <rcode-fai
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Freeing transaction 58570.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Sending response packet with id 53580 on interface 1/AF_INET.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Processing query...
[Regression Potential]
* The default options (Yes/No) will remain as default Yes, behaving in the same original
way, by setting it to no-negative any negative answer will be skipped
from being cached.
* No regression potential has been detected as this just introduces
a new possible option for the Cache configuration directive.
[Fix]
With the cache option set to 'no-negative', negative DNS answers
are entirely avoided to being cached.
root@systemd-disco:/home/ubuntu# host www.metaklass.org
Host www.metaklass.org not found: 2(SERVFAIL)
* Look at the systemd-resolved entries
root@systemd-disco:/home/ubuntu# journalctl -u systemd-resolved -n
-- Logs begin at Fri 2019-07-12 18:09:42 UTC, end at Fri 2019-07-12 18:48:31 UTC. --
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Cache miss for www.metaklass.org IN A
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Transaction 22382 for <www.metaklass.org IN A> scope dns on ens3/.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Using feature level UDP for transaction 22382.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Sending query packet with id 22382.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Processing incoming packet on transaction 22382 (rcode=SERVFAIL).
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Server returned error: SERVFAIL
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Not caching negative entry for: www.metaklass.org IN A, cache mode set to no-negative
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Transaction 22382 for <www.metaklass.org IN A> on scope dns on ens3/ now complete with from network (unsigned).
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Sending response packet with id 31060 on interface 1/AF_INET.
The following patch https://github.com/systemd/systemd/pull/13047 implements the required changes.
[Other Info]
Note that systemd in Eoan is being upgraded to upstream 242, so I am not adding this to Eoan now, as I don't want to disturb the merge. If needed after the merge, I'll add to Eoan. |
|
| 2019-07-25 16:17:43 |
Łukasz Zemczak |
systemd (Ubuntu Disco): status |
In Progress |
Fix Committed |
|
| 2019-07-25 16:17:45 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2019-07-25 16:17:48 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
| 2019-07-25 16:17:53 |
Łukasz Zemczak |
tags |
canonical-bootstack patch sts sts-sponsor sts-sponsor-ddstreet sts-sru-needed |
canonical-bootstack patch sts sts-sponsor sts-sponsor-ddstreet sts-sru-needed verification-needed verification-needed-disco |
|
| 2019-07-25 21:23:43 |
Łukasz Zemczak |
systemd (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2019-07-25 21:24:05 |
Łukasz Zemczak |
tags |
canonical-bootstack patch sts sts-sponsor sts-sponsor-ddstreet sts-sru-needed verification-needed verification-needed-disco |
canonical-bootstack patch sts sts-sponsor sts-sponsor-ddstreet sts-sru-needed verification-needed verification-needed-bionic verification-needed-disco |
|
| 2019-07-26 15:37:41 |
Jorge Niedbalski |
bug task deleted |
systemd (Ubuntu Xenial) |
|
|
| 2019-07-26 17:19:52 |
Jorge Niedbalski |
tags |
canonical-bootstack patch sts sts-sponsor sts-sponsor-ddstreet sts-sru-needed verification-needed verification-needed-bionic verification-needed-disco |
canonical-bootstack patch sts sts-sponsor sts-sponsor-ddstreet sts-sru-needed verification-done verification-done-bionic verification-done-disco |
|
| 2019-08-02 20:44:53 |
Launchpad Janitor |
merge proposal unlinked |
https://code.launchpad.net/~ddstreet/ubuntu/+source/systemd/+git/systemd/+merge/370455 |
|
|
| 2019-08-02 20:46:49 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~ddstreet/ubuntu/+source/systemd/+git/systemd/+merge/370455 |
|
| 2019-08-06 16:16:35 |
Dan Streetman |
systemd (Ubuntu Eoan): status |
In Progress |
Fix Committed |
|
| 2019-08-06 17:26:36 |
Dan Streetman |
tags |
canonical-bootstack patch sts sts-sponsor sts-sponsor-ddstreet sts-sru-needed verification-done verification-done-bionic verification-done-disco |
canonical-bootstack patch sts sts-sponsor sts-sru-needed verification-done verification-done-bionic verification-done-disco |
|
| 2019-08-06 18:36:25 |
Launchpad Janitor |
systemd (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2019-08-06 18:36:42 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2019-08-07 10:03:07 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~fourdollars/ubuntu/+source/systemd/+git/systemd/+merge/370808 |
|
| 2019-08-07 20:18:27 |
Launchpad Janitor |
systemd (Ubuntu Disco): status |
Fix Committed |
Fix Released |
|
| 2019-08-21 19:39:29 |
Dan Streetman |
systemd (Ubuntu Eoan): status |
Fix Committed |
In Progress |
|
| 2019-08-22 14:55:13 |
Dimitri John Ledkov |
systemd (Ubuntu Eoan): status |
In Progress |
Fix Committed |
|
| 2019-08-26 23:40:43 |
Launchpad Janitor |
systemd (Ubuntu Eoan): status |
Fix Committed |
Fix Released |
|
| 2019-08-29 12:04:46 |
Eric Desrochers |
removed subscriber STS Sponsors |
|
|
|
| 2019-09-09 13:27:47 |
Edward Hope-Morley |
tags |
canonical-bootstack patch sts sts-sponsor sts-sru-needed verification-done verification-done-bionic verification-done-disco |
canonical-bootstack patch sts sts-sponsor sts-sru-done verification-done verification-done-bionic verification-done-disco |
|
| 2019-09-26 17:14:08 |
Dan Streetman |
tags |
canonical-bootstack patch sts sts-sponsor sts-sru-done verification-done verification-done-bionic verification-done-disco |
canonical-bootstack patch sts sts-sru-done verification-done verification-done-bionic verification-done-disco |
|
| 2019-10-17 19:38:22 |
Dan Streetman |
systemd (Ubuntu Eoan): status |
Fix Released |
In Progress |
|
| 2019-10-17 20:14:34 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~ddstreet/ubuntu/+source/systemd/+git/systemd/+merge/374312 |
|
| 2019-10-17 20:57:46 |
Dan Streetman |
tags |
canonical-bootstack patch sts sts-sru-done verification-done verification-done-bionic verification-done-disco |
canonical-bootstack ddstreet eoan patch sts sts-sru-done systemd verification-done verification-done-bionic verification-done-disco |
|
| 2019-11-07 13:29:25 |
Łukasz Zemczak |
systemd (Ubuntu Eoan): status |
In Progress |
Fix Committed |
|
| 2019-11-07 13:29:29 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2019-11-07 13:29:35 |
Łukasz Zemczak |
tags |
canonical-bootstack ddstreet eoan patch sts sts-sru-done systemd verification-done verification-done-bionic verification-done-disco |
canonical-bootstack ddstreet eoan patch sts sts-sru-done systemd verification-done-bionic verification-done-disco verification-needed verification-needed-eoan |
|
| 2019-11-12 18:00:50 |
Dan Streetman |
description |
[Impact]
* If a DNS lookup returns SERVFAIL, systemd-resolved seems to cache the result for very long (infinity?). I have to restart systemd-resolved to have the negative caching purged.
* After SERVFAIL DNS server issue has been resolved, chromium/firefox still returns DNS error despite host can correctly resolve the name.
[Test Case]
* If a lookup returns SERVFAIL systemd-resolved will cache the result for 30s (See 201d995),
however, there are several use cases on which this condition is not acceptable (See #5552 comments)
and the only workaround would be to disable cache entirely or flush it , which isn't optimal.
* Configure /etc/systemd/resolved.conf as follows:
Cache=yes (default)
* Restart systemd-resolved (systemctl restart systemd-resolved.service)
* Run a host/getent command against a entry that will return SERVFAIL and check the journalctl output to see that the reply gets served from cache.
root@systemd-disco:/home/ubuntu# host www.no-record.cl
Host www.montemar.cl not found: 2(SERVFAIL)
root@systemd-disco:/home/ubuntu# journalctl -u systemd-resolved -n
-- Logs begin at Fri 2019-07-12 18:09:42 UTC, end at Tue 2019-07-23 15:10:17 UTC. --
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Transaction 6222 for <ntp.ubuntu.com IN AAAA> on scope dns on ens3/* now complete with <success>
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Sending response packet with id 61042 on interface 1/AF_INET.
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Freeing transaction 6222.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Got DNS stub UDP query packet for id 53580
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Looking up RR for www.no-record.cl IN A.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: RCODE SERVFAIL cache hit for www.no-record.cl IN A
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Transaction 58570 for < www.no-record.cl IN A> on scope dns on ens3/* now complete with <rcode-fai
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Freeing transaction 58570.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Sending response packet with id 53580 on interface 1/AF_INET.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Processing query...
[Regression Potential]
* The default options (Yes/No) will remain as default Yes, behaving in the same original
way, by setting it to no-negative any negative answer will be skipped
from being cached.
* No regression potential has been detected as this just introduces
a new possible option for the Cache configuration directive.
[Fix]
With the cache option set to 'no-negative', negative DNS answers
are entirely avoided to being cached.
root@systemd-disco:/home/ubuntu# host www.metaklass.org
Host www.metaklass.org not found: 2(SERVFAIL)
* Look at the systemd-resolved entries
root@systemd-disco:/home/ubuntu# journalctl -u systemd-resolved -n
-- Logs begin at Fri 2019-07-12 18:09:42 UTC, end at Fri 2019-07-12 18:48:31 UTC. --
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Cache miss for www.metaklass.org IN A
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Transaction 22382 for <www.metaklass.org IN A> scope dns on ens3/.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Using feature level UDP for transaction 22382.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Sending query packet with id 22382.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Processing incoming packet on transaction 22382 (rcode=SERVFAIL).
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Server returned error: SERVFAIL
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Not caching negative entry for: www.metaklass.org IN A, cache mode set to no-negative
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Transaction 22382 for <www.metaklass.org IN A> on scope dns on ens3/ now complete with from network (unsigned).
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Sending response packet with id 31060 on interface 1/AF_INET.
The following patch https://github.com/systemd/systemd/pull/13047 implements the required changes.
[Other Info]
Note that systemd in Eoan is being upgraded to upstream 242, so I am not adding this to Eoan now, as I don't want to disturb the merge. If needed after the merge, I'll add to Eoan. |
[Impact]
* If a DNS lookup returns SERVFAIL, systemd-resolved seems to cache the result for very long (infinity?). I have to restart systemd-resolved to have the negative caching purged.
* After SERVFAIL DNS server issue has been resolved, chromium/firefox still returns DNS error despite host can correctly resolve the name.
[Test Case]
* If a lookup returns SERVFAIL systemd-resolved will cache the result for 30s (See 201d995),
however, there are several use cases on which this condition is not acceptable (See #5552 comments)
and the only workaround would be to disable cache entirely or flush it , which isn't optimal.
* Configure /etc/systemd/resolved.conf as follows:
Cache=yes (default)
* Restart systemd-resolved (systemctl restart systemd-resolved.service)
* Run a host/getent command against a entry that will return SERVFAIL and check the journalctl output to see that the reply gets served from cache.
root@systemd-disco:/home/ubuntu# host www.montemar.cl
Host www.montemar.cl not found: 2(SERVFAIL)
root@systemd-disco:/home/ubuntu# journalctl -u systemd-resolved -n
-- Logs begin at Fri 2019-07-12 18:09:42 UTC, end at Tue 2019-07-23 15:10:17 UTC. --
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Transaction 6222 for <ntp.ubuntu.com IN AAAA> on scope dns on ens3/* now complete with <success>
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Sending response packet with id 61042 on interface 1/AF_INET.
Jul 23 15:10:10 systemd-disco systemd-resolved[1282]: Freeing transaction 6222.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Got DNS stub UDP query packet for id 53580
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Looking up RR for www.no-record.cl IN A.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: RCODE SERVFAIL cache hit for www.no-record.cl IN A
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Transaction 58570 for < www.no-record.cl IN A> on scope dns on ens3/* now complete with <rcode-fai
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Freeing transaction 58570.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Sending response packet with id 53580 on interface 1/AF_INET.
Jul 23 15:10:17 systemd-disco systemd-resolved[1282]: Processing query...
[Regression Potential]
* The default options (Yes/No) will remain as default Yes, behaving in the same original
way, by setting it to no-negative any negative answer will be skipped
from being cached.
* No regression potential has been detected as this just introduces
a new possible option for the Cache configuration directive.
[Fix]
With the cache option set to 'no-negative', negative DNS answers
are entirely avoided to being cached.
root@systemd-disco:/home/ubuntu# host www.metaklass.org
Host www.metaklass.org not found: 2(SERVFAIL)
* Look at the systemd-resolved entries
root@systemd-disco:/home/ubuntu# journalctl -u systemd-resolved -n
-- Logs begin at Fri 2019-07-12 18:09:42 UTC, end at Fri 2019-07-12 18:48:31 UTC. --
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Cache miss for www.metaklass.org IN A
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Transaction 22382 for <www.metaklass.org IN A> scope dns on ens3/.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Using feature level UDP for transaction 22382.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Sending query packet with id 22382.
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Processing incoming packet on transaction 22382 (rcode=SERVFAIL).
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Server returned error: SERVFAIL
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Not caching negative entry for: www.metaklass.org IN A, cache mode set to no-negative
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Transaction 22382 for <www.metaklass.org IN A> on scope dns on ens3/ now complete with from network (unsigned).
Jul 12 18:48:31 systemd-disco systemd-resolved[2635]: Sending response packet with id 31060 on interface 1/AF_INET.
The following patch https://github.com/systemd/systemd/pull/13047 implements the required changes.
[Other Info]
Note that systemd in Eoan is being upgraded to upstream 242, so I am not adding this to Eoan now, as I don't want to disturb the merge. If needed after the merge, I'll add to Eoan. |
|
| 2019-11-12 18:08:34 |
Dan Streetman |
tags |
canonical-bootstack ddstreet eoan patch sts sts-sru-done systemd verification-done-bionic verification-done-disco verification-needed verification-needed-eoan |
canonical-bootstack ddstreet eoan patch sts sts-sru-done systemd verification-done verification-done-bionic verification-done-disco verification-done-eoan |
|
| 2019-11-25 10:55:23 |
Launchpad Janitor |
systemd (Ubuntu Eoan): status |
Fix Committed |
Fix Released |
|
| 2019-12-11 22:59:08 |
Dan Streetman |
systemd (Ubuntu): status |
In Progress |
Fix Released |
|
| 2019-12-13 17:53:13 |
Dan Streetman |
tags |
canonical-bootstack ddstreet eoan patch sts sts-sru-done systemd verification-done verification-done-bionic verification-done-disco verification-done-eoan |
canonical-bootstack eoan patch sts sts-sru-done systemd verification-done verification-done-bionic verification-done-disco verification-done-eoan |
|
| 2020-07-14 14:52:49 |
Dan Streetman |
tags |
canonical-bootstack eoan patch sts sts-sru-done systemd verification-done verification-done-bionic verification-done-disco verification-done-eoan |
canonical-bootstack eoan patch sts-sru-done systemd verification-done verification-done-bionic verification-done-disco verification-done-eoan |
|
