Comment 8 for bug 1670959

1. top
  PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
19147 systemd+ 20 0 50848 6232 4572 R 99.0 0.1 5:43.81 systemd-resolve
 1472 dnsmasq 20 0 57020 3084 2620 R 63.1 0.0 44:03.49 dnsmasq

2. journalctl -u systemd-resolved.service
Apr 16 13:01:59 Danny systemd-resolved[19147]: DNSSEC validation failed for question clients-china.l.google.com IN A: failed-auxiliary
Apr 16 13:02:02 Danny systemd-resolved[19147]: Using degraded feature set (UDP+EDNS0) for DNS server 127.0.0.1.
Apr 16 13:02:08 Danny systemd-resolved[19147]: Server 127.0.0.1 does not support DNSSEC, downgrading to non-DNSSEC mode.
Apr 16 13:06:24 Danny systemd-resolved[19147]: Server 192.168.128.1 does not support DNSSEC, downgrading to non-DNSSEC mode.
Apr 16 13:11:24 Danny systemd-resolved[19147]: Grace period over, resuming full feature set (UDP+EDNS0+DO+LARGE) for DNS server 127.0.0.1.

3. journalctl -u dnsmasq.service
Apr 16 13:18:27 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
Apr 16 13:18:33 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
Apr 16 13:18:39 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
Apr 16 13:18:45 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)
Apr 16 13:18:51 Danny dnsmasq[1472]: Maximum number of concurrent DNS queries reached (max: 150)

4. lsb_release -a
Distributor ID: Ubuntu
Description: Ubuntu 17.04
Release: 17.04
Codename: zesty

5. sudo strace -p 1472 --- dnsmasq
bind(12, {sa_family=AF_INET, sin_port=htons(37051), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
sendto(12, "g\325\1\20\0\1\0\0\0\0\0\1\rclients-china\1l\6goo"..., 55, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.53")}, 16) = 55
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=5, events=POLLIN}, {fd=6, events=POLLIN}, {fd=7, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLIN}, {fd=12, events=POLLIN}], 8, -1) = 2 ([{fd=4, revents=POLLIN}, {fd=12, revents=POLLIN}])
recvfrom(12, "g\325\201\200\0\1\0\6\0\0\0\1\rclients-china\1l\6goo"..., 5131, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.53")}, [16]) = 151
sendmsg(4, {msg_name(16)={sa_family=AF_INET, sin_port=htons(33355), sin_addr=inet_addr("127.0.0.1")}, msg_iov(1)=[{"\272\303\201\220\0\1\0\6\0\0\0\1\rclients-china\1l\6goo"..., 151}], msg_controllen=0, msg_flags=0}, 0) = 151
close(12) = 0
recvmsg(4, {msg_name(16)={sa_family=AF_INET, sin_port=htons(57326), sin_addr=inet_addr("127.0.0.1")}, msg_iov(1)=[{"C\21\1\20\0\1\0\0\0\0\0\1\rclients-china\1l\6goo"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 55
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 12
fcntl(12, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0

6. sudo strace -p 1914
clock_gettime(CLOCK_BOOTTIME, {5858, 172230641}) = 0
open("/run/systemd/netif/links/2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=303, ...}) = 0
stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=303, ...}) = 0
socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 18
connect(18, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
epoll_ctl(4, EPOLL_CTL_ADD, 18, {EPOLLIN, {u32=1040890848, u64=94559040879584}}) = 0
write(18, ";q\1\20\0\1\0\0\0\0\0\1\17ec2-52-7-217-10\tcom"..., 68) = 68
clock_gettime(CLOCK_BOOTTIME, {5858, 172456596}) = 0
clock_gettime(CLOCK_BOOTTIME, {5858, 172482649}) = 0
epoll_ctl(4, EPOLL_CTL_DEL, 18, NULL) = 0
close(18) = 0
sendmsg(15, {msg_name(16)={sa_family=AF_INET, sin_port=htons(45041), sin_addr=inet_addr("127.0.0.1")}, msg_iov(1)=[{"qX\201\200\0\1\0\1\0\0\0\1\17ec2-52-7-217-10\tcom"..., 84}], msg_controllen=28, [{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, {ipi_ifindex=if_nametoindex("lo"), ipi_spec_dst=inet_addr("127.0.0.53"), ipi_addr=inet_addr("127.0.0.53")}}], msg_flags=0}, 0) = 84
epoll_wait(4, [{EPOLLIN, {u32=1039855040, u64=94559039843776}}], 16, -1) = 1
clock_gettime(CLOCK_BOOTTIME, {5858, 172675790}) = 0
recvfrom(15, NULL, 0, MSG_PEEK|MSG_TRUNC, NULL, NULL) = 68
recvmsg(15, {msg_name(16)={sa_family=AF_INET, sin_port=htons(48677), sin_addr=inet_addr("127.0.0.1")}, msg_iov(1)=[{"\313{\1\20\0\1\0\0\0\0\0\1\17ec2-52-7-217-10\tcom"..., 3936}], msg_controllen=56, [{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, {ipi_ifindex=if_nametoindex("lo"), ipi_spec_dst=inet_addr("127.0.0.53"), ipi_addr=inet_addr("127.0.0.53")}}, {cmsg_len=20, cmsg_level=SOL_IP, cmsg_type=IP_TTL, {ttl=64}}], msg_flags=0}, 0) = 68
stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=303, ...}) = 0
getrandom("\213\235", 2, GRND_NONBLOCK) = 2
stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=303, ...}) = 0
getrandom(" \317", 2, GRND_NONBLOCK) = 2

7. systemd-resolve --status
Global
         DNS Servers: 127.0.0.1
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 2 (wlan0)
      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: no
         DNS Servers: 192.168.128.1
          DNS Domain: lan