Ubuntu
systemd package

systemd-resolved: resolve call failed: DNSSEC validation failed: failed-auxiliary

Bug #1650877 reported by Fred on 2016-12-18

This bug report is a duplicate of: Bug #1682499: Disable DNSSEC by default. Edit Remove

92

This bug affects 16 people

Affects		Status	Importance	Assigned to	Milestone
	systemd (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

After I boot Ubuntu 17.04 "Zesty Zapus" (dev)

$ systemd-resolve www.facebook.com
www.facebook.com: resolve call failed: DNSSEC validation failed: failed-auxiliary

But after I have started Mozilla Firefox, and I try again it correctly resolves.

$ systemd-resolve www.facebook.com
www.facebook.com: 31.13.72.36
(star-mini.c10r.facebook.com)

-- Information acquired via protocol DNS in 3.6ms.
-- Data is authenticated: no

This does not only apply to the above mentioned www.facebook.com domain.
This seems to be related to a GitHub issue:
https://github.com/systemd/systemd/issues/4003

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-03-13:

#1

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in systemd (Ubuntu):
status:	New → Confirmed

Revision history for this message

Alexander Langanke (alexlanganke) wrote on 2017-03-17:

#2

I am having real trouble with this error on my 17.04 machine (nightly).

systemd-resolve --service www.google.de
Resolve call failed: DNSSEC validation failed: failed-auxiliary

Then from one moment to the next suddenly everything works again.

Revision history for this message

Alexander Langanke (alexlanganke) wrote on 2017-03-17:

#3

Interstingly I sometimes experience the same as the OP. Starting Firefox seems to "fix" the issue. Chromium does not!

Revision history for this message

Malte Cornils (malte) wrote on 2017-04-15:

#4

Setting
/etc/systemd/resolv.conf entry DNSSEC=no and enacting a sudo service systemd-resolved restart works around the problem for me. However, DNSSEC with the default (i.e. fallback) should still work.

Starting Firefox does not "fix" the problem for me, though.

Revision history for this message

humble_coffee (humblecoffee) wrote on 2017-04-17:

#5

I'm getting this after upgrading to 17.04. Setting DNSSEC=no in /etc/systemd/resolv.conf seems to fix the issue.

Revision history for this message

DieterDrewanz (dieterd2005) wrote on 2017-04-17:

#6

https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1650794/comments/5

Revision history for this message

DieterDrewanz (dieterd2005) wrote on 2017-04-17:

#7

Similar bugs:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1650794/comments/5
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1683066
https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1650794
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1663031

Nearly all 9 search results are similar bug:
https://bugs.launchpad.net/bugs/+bugs?field.searchtext=17.04+fail+to+resolve+DNS&search=Search+Bug+Reports&field.scope=all&field.scope.target=

Revision history for this message

Paul Natsuo Kishimoto (khaeru) wrote on 2017-04-20:

#8

I think this is a consequence of https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499 — if so, please mark (also those others listed in #7) as duplicate.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1682499 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.