Ubuntu MATE 17.04: No DNS resolution caused by systemd-resolved

Bug #1656830 reported by Sascha on 2017-01-16
96
This bug affects 18 people
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
High
Mathieu Trudel-Lapierre
Artful
High
Mathieu Trudel-Lapierre

Bug Description

This is something new in Ubuntu 17.04. Whenever I boot up or upon returning from sleep, I don't have DNS resolution available. What I have to do is go and shutdown systemd-resolved (sudo service systemd-resolved stop) and edit /etc/resolv.conf to point to 192.168.1.1 (my router) instead of 127.0.0.53. Then everything works peachy. Otherwise any DNS resolution attempt will result in SERVFAIL.

Since this is a major issue out of the box and I don't see any other bug report on this yet, I wanted to report it. This happens both on my laptop and my desktop PC, so it's not something strange on a single machine, but since no one else is complaining about it yet, it may be related to my network configuration. My router forwards DNS requests to an ODROID C2 on the same subnet, which then does the DNS resolution via dnsmasq. Dnsqmasq is set up to forward the requests to multiple DNS servers and respond with whichever one was fastest.

ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: systemd 232-8
ProcVersionSignature: Ubuntu 4.9.0-11.12-generic 4.9.0
Uname: Linux 4.9.0-11-generic x86_64
ApportVersion: 2.20.4-0ubuntu1
Architecture: amd64
CurrentDesktop: MATE
Date: Mon Jan 16 08:51:43 2017
InstallationDate: Installed on 2017-01-08 (7 days ago)
InstallationMedia: Ubuntu-MATE 17.04 "Zesty Zapus" - Alpha amd64 (20170107)
MachineType: LENOVO 7675CTO
PccardctlIdent:
 Socket 0:
   no product info available
PccardctlStatus:
 Socket 0:
   no card
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.9.0-11-generic root=UUID=b64995c7-1fd6-405b-b7ee-de3e56fe0617 ro quiet splash zswap.enabled=1 vt.handoff=7
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 03/22/2011
dmi.bios.vendor: LENOVO
dmi.bios.version: 7NETC2WW (2.22 )
dmi.board.name: 7675CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr7NETC2WW(2.22):bd03/22/2011:svnLENOVO:pn7675CTO:pvrThinkPadX61:rvnLENOVO:rn7675CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 7675CTO
dmi.product.version: ThinkPad X61
dmi.sys.vendor: LENOVO

Sascha (konradsa) wrote :
Sascha (konradsa) on 2017-01-16
summary: - No DNS resolution caused by systemd-resolved
+ Ubuntu MATE 17.04: No DNS resolution caused by systemd-resolved
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in systemd (Ubuntu):
status: New → Confirmed
Changed in systemd (Ubuntu):
importance: Undecided → High
tags: added: rls-z-incoming
Antti Salmela (asalmela) wrote :

At least here it's because systemd-resolved insists on doing DNSSEC validation:

~$ sudo journalctl -u systemd-resolved | tail -5
Mar 27 13:30:55 ubuntu systemd-resolved[1083]: DNSSEC validation failed for question ubuntu.pool.ntp.org IN SOA: no-signature
Mar 27 13:30:55 ubuntu systemd-resolved[1083]: DNSSEC validation failed for question 2.ubuntu.pool.ntp.org IN DS: no-signature
Mar 27 13:30:55 ubuntu systemd-resolved[1083]: DNSSEC validation failed for question 2.ubuntu.pool.ntp.org IN SOA: no-signature
Mar 27 13:30:55 ubuntu systemd-resolved[1083]: DNSSEC validation failed for question 2.ubuntu.pool.ntp.org IN A: no-signature
Mar 27 13:30:55 ubuntu systemd-resolved[1083]: DNSSEC validation failed for question 2.ubuntu.pool.ntp.org IN AAAA: no-signature

Hostnames with working DNSSEC records do work:

~$ getent hosts www.cloudflare.com
2400:cb00:2048:1::c629:d6a2 www.cloudflare.com
2400:cb00:2048:1::c629:d7a2 www.cloudflare.com

Jaromir Obr (jaromir-obr) wrote :

I can see the same issue once I upgraded to Ubuntu 17.04 (previous Ubuntu 16.10 was not affected).
Sometimes when I resume my notebook from sleep, DNS stops working for a few minutes. Restart of network or systemd-resolved didn't help. It seems that it starts working once system turns DNSSEC mode off:

$ service systemd-resolved status
...

dub 17 13:53:38 mira-HP-ENVY-Notebook systemd-resolved[13838]: DNSSEC validation failed for question docs.google.com IN A: failed-auxiliary
dub 17 13:53:38 mira-HP-ENVY-Notebook systemd-resolved[13838]: DNSSEC validation failed for question docs.google.com IN AAAA: failed-auxiliary
dub 17 13:53:38 mira-HP-ENVY-Notebook systemd-resolved[13838]: DNSSEC validation failed for question www.googleapis.com IN A: failed-auxiliary
dub 17 13:53:39 mira-HP-ENVY-Notebook systemd-resolved[13838]: Using degraded feature set (UDP) for DNS server 10.0.0.138.
dub 17 13:53:39 mira-HP-ENVY-Notebook systemd-resolved[13838]: Server 10.0.0.138 does not support DNSSEC, downgrading to non-DNSSEC mode.

Changed in systemd (Ubuntu):
assignee: nobody → Dimitri John Ledkov (xnox)

I'll look at this one.

tags: added: rls-aa-incoming
removed: rls-z-incoming
Changed in systemd (Ubuntu):
assignee: Dimitri John Ledkov (xnox) → Mathieu Trudel-Lapierre (cyphermox)
tags: removed: rls-aa-incoming
Steve Langasek (vorlon) wrote :

We believe this is most likely a duplicate of bug #1682499 which was fixed in systemd 232-21ubuntu3. If you can still reproduce this problem after upgrading to the zesty-updates version of systemd, please reopen.

Changed in systemd (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers