1. top
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
19147 systemd+ 20 0 50848 6232 4572 R 99.0 0.1 5:43.81 systemd-resolve
1472 dnsmasq 20 0 57020 3084 2620 R 63.1 0.0 44:03.49 dnsmasq
2. journalctl -u systemd-resolved.service
Apr 16 13:01:59 Danny systemd-resolved[19147]: DNSSEC validation failed for question clients-china.l.google.com IN A: failed-auxiliary
Apr 16 13:02:02 Danny systemd-resolved[19147]: Using degraded feature set (UDP+EDNS0) for DNS server 127.0.0.1.
Apr 16 13:02:08 Danny systemd-resolved[19147]: Server 127.0.0.1 does not support DNSSEC, downgrading to non-DNSSEC mode.
Apr 16 13:06:24 Danny systemd-resolved[19147]: Server 192.168.128.1 does not support DNSSEC, downgrading to non-DNSSEC mode.
Apr 16 13:11:24 Danny systemd-resolved[19147]: Grace period over, resuming full feature set (UDP+EDNS0+DO+LARGE) for DNS server 127.0.0.1.
3. journalctl -u dnsmasq.service
Apr 16 13:18:27 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
Apr 16 13:18:33 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
Apr 16 13:18:39 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
Apr 16 13:18:45 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
Apr 16 13:18:51 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
7. systemd-resolve --status
Global
DNS Servers: 127.0.0.1
DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local private test
Link 2 (wlan0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: no
DNS Servers: 192.168.128.1
DNS Domain: lan
1. top
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
19147 systemd+ 20 0 50848 6232 4572 R 99.0 0.1 5:43.81 systemd-resolve
1472 dnsmasq 20 0 57020 3084 2620 R 63.1 0.0 44:03.49 dnsmasq
2. journalctl -u systemd- resolved. service resolved[ 19147]: DNSSEC validation failed for question clients- china.l. google. com IN A: failed-auxiliary resolved[ 19147]: Using degraded feature set (UDP+EDNS0) for DNS server 127.0.0.1. resolved[ 19147]: Server 127.0.0.1 does not support DNSSEC, downgrading to non-DNSSEC mode. resolved[ 19147]: Server 192.168.128.1 does not support DNSSEC, downgrading to non-DNSSEC mode. resolved[ 19147]: Grace period over, resuming full feature set (UDP+EDNS0+ DO+LARGE) for DNS server 127.0.0.1.
Apr 16 13:01:59 Danny systemd-
Apr 16 13:02:02 Danny systemd-
Apr 16 13:02:08 Danny systemd-
Apr 16 13:06:24 Danny systemd-
Apr 16 13:11:24 Danny systemd-
3. journalctl -u dnsmasq.service
Apr 16 13:18:27 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
Apr 16 13:18:33 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
Apr 16 13:18:39 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
Apr 16 13:18:45 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
Apr 16 13:18:51 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
4. lsb_release -a
Distributor ID: Ubuntu
Description: Ubuntu 17.04
Release: 17.04
Codename: zesty
5. sudo strace -p 1472 --- dnsmasq htons(37051) , sin_addr= inet_addr( "0.0.0. 0")}, 16) = 0 1\20\0\ 1\0\0\0\ 0\0\1\rclients- china\1l\ 6goo".. ., 55, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr= inet_addr( "127.0. 0.53")} , 16) = 55 201\200\ 0\1\0\6\ 0\0\0\1\ rclients- china\1l\ 6goo".. ., 5131, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr= inet_addr( "127.0. 0.53")} , [16]) = 151 16)={sa_ family= AF_INET, sin_port= htons(33355) , sin_addr= inet_addr( "127.0. 0.1")}, msg_iov( 1)=[{"\ 272\303\ 201\220\ 0\1\0\6\ 0\0\0\1\ rclients- china\1l\ 6goo".. ., 151}], msg_controllen=0, msg_flags=0}, 0) = 151 16)={sa_ family= AF_INET, sin_port= htons(57326) , sin_addr= inet_addr( "127.0. 0.1")}, msg_iov( 1)=[{"C\ 21\1\20\ 0\1\0\0\ 0\0\0\1\ rclients- china\1l\ 6goo".. ., 4096}], msg_controllen=0, msg_flags=0}, 0) = 55
bind(12, {sa_family=AF_INET, sin_port=
sendto(12, "g\325\
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=5, events=POLLIN}, {fd=6, events=POLLIN}, {fd=7, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLIN}, {fd=12, events=POLLIN}], 8, -1) = 2 ([{fd=4, revents=POLLIN}, {fd=12, revents=POLLIN}])
recvfrom(12, "g\325\
sendmsg(4, {msg_name(
close(12) = 0
recvmsg(4, {msg_name(
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 12
fcntl(12, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0
6. sudo strace -p 1914 CLOCK_BOOTTIME, {5858, 172230641}) = 0 run/systemd/ netif/links/ 2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) etc/resolv. conf", {st_mode= S_IFREG| 0644, st_size=303, ...}) = 0 etc/resolv. conf", {st_mode= S_IFREG| 0644, st_size=303, ...}) = 0 SOCK_CLOEXEC| SOCK_NONBLOCK, IPPROTO_IP) = 18 inet_addr( "127.0. 0.1")}, 16) = 0 584}}) = 0 0\1\0\0\ 0\0\0\1\ 17ec2-52- 7-217-10\ tcom".. ., 68) = 68 CLOCK_BOOTTIME, {5858, 172456596}) = 0 CLOCK_BOOTTIME, {5858, 172482649}) = 0 16)={sa_ family= AF_INET, sin_port= htons(45041) , sin_addr= inet_addr( "127.0. 0.1")}, msg_iov( 1)=[{"qX\ 201\200\ 0\1\0\1\ 0\0\0\1\ 17ec2-52- 7-217-10\ tcom".. ., 84}], msg_controllen=28, [{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type= IP_PKTINFO, {ipi_ifindex= if_nametoindex( "lo"), ipi_spec_ dst=inet_ addr("127. 0.0.53" ), ipi_addr= inet_addr( "127.0. 0.53")} }], msg_flags=0}, 0) = 84 776}}], 16, -1) = 1 CLOCK_BOOTTIME, {5858, 172675790}) = 0 16)={sa_ family= AF_INET, sin_port= htons(48677) , sin_addr= inet_addr( "127.0. 0.1")}, msg_iov( 1)=[{"\ 313{\1\ 20\0\1\ 0\0\0\0\ 0\1\17ec2- 52-7-217- 10\tcom" ..., 3936}], msg_controllen=56, [{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type= IP_PKTINFO, {ipi_ifindex= if_nametoindex( "lo"), ipi_spec_ dst=inet_ addr("127. 0.0.53" ), ipi_addr= inet_addr( "127.0. 0.53")} }, {cmsg_len=20, cmsg_level=SOL_IP, cmsg_type=IP_TTL, {ttl=64}}], msg_flags=0}, 0) = 68 etc/resolv. conf", {st_mode= S_IFREG| 0644, st_size=303, ...}) = 0 "\213\235" , 2, GRND_NONBLOCK) = 2 etc/resolv. conf", {st_mode= S_IFREG| 0644, st_size=303, ...}) = 0
clock_gettime(
open("/
stat("/
stat("/
socket(AF_INET, SOCK_DGRAM|
connect(18, {sa_family=AF_INET, sin_port=htons(53), sin_addr=
epoll_ctl(4, EPOLL_CTL_ADD, 18, {EPOLLIN, {u32=1040890848, u64=94559040879
write(18, ";q\1\20\
clock_gettime(
clock_gettime(
epoll_ctl(4, EPOLL_CTL_DEL, 18, NULL) = 0
close(18) = 0
sendmsg(15, {msg_name(
epoll_wait(4, [{EPOLLIN, {u32=1039855040, u64=94559039843
clock_gettime(
recvfrom(15, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 68
recvmsg(15, {msg_name(
stat("/
getrandom(
stat("/
getrandom(" \317", 2, GRND_NONBLOCK) = 2
7. systemd-resolve --status
16.172. in-addr. arpa
168.192. in-addr. arpa
17.172. in-addr. arpa
18.172. in-addr. arpa
19.172. in-addr. arpa
20.172. in-addr. arpa
21.172. in-addr. arpa
22.172. in-addr. arpa
23.172. in-addr. arpa
24.172. in-addr. arpa
25.172. in-addr. arpa
26.172. in-addr. arpa
27.172. in-addr. arpa
28.172. in-addr. arpa
29.172. in-addr. arpa
30.172. in-addr. arpa
31.172. in-addr. arpa
corp
d.f.ip6. arpa
home
internal
intranet
lan
local
private
test
Global
DNS Servers: 127.0.0.1
DNSSEC NTA: 10.in-addr.arpa
Link 2 (wlan0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: no
DNS Servers: 192.168.128.1
DNS Domain: lan