Must run systemd-resolve --status before DNS resolving is operative

Bug #1710410 reported by WoJ on 2017-08-12
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
High
Dimitri John Ledkov
Zesty
High
Dimitri John Ledkov
Artful
High
Dimitri John Ledkov

Bug Description

[Impact]
systemd-resolved is not enabled by default, therefore relies on dbus activation to become active and operatable and update resolvconf with resolved stub resolver

[Fix]
Enable systemd-resolved in the src:systemd package by default, even when libnss-resolve is not installed

[Regression Potential]
Minimal, simply the service is now started earlier in the boot, as part of the multi-user.targer, rather than awaiting for dbus activation from command line tool or the nss-resolved module.

[Testcase]
Debootstrap minimal zesty, without libnss-resolve package installed, boot and check that 127.0.0.53 is present in /etc/resolv.conf and that systemd-resolved.service is running

Context: fresh install of zesty via

debootstrap --include=nano,dbus,iputils-ping,iproute2 zesty zesty1 http://fr.archive.ubuntu.com/ubuntu

ran via asystemd-nspawn with a static IP

1. Upon first connexion, a ping fails:

root@zesty1:~# ping google.com
ping: google.com: Temporary failure in name resolution

2. The content of /etc/resolv.conf:

root@zesty1:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

3. When running systemd-resolve --status:

root@zesty1:~# systemd-resolve --status
Global
         DNS Servers: 8.8.8.8
                      8.8.4.4
                      2001:4860:4860::8888
                      2001:4860:4860::8844
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
(...)

4. After running this command the resolution is miraculously restored:

root@zesty1:~# ping google.com
PING google.com (172.217.22.142) 56(84) bytes of data.
64 bytes from 172.217.22.142 (172.217.22.142): icmp_seq=1 ttl=53 time=2.62 ms
64 bytes from 172.217.22.142 (172.217.22.142): icmp_seq=2 ttl=53 time=1.93 ms

Changed in systemd (Ubuntu Artful):
status: New → Fix Committed
Changed in systemd (Ubuntu Zesty):
status: New → Triaged
importance: Undecided → High
Changed in systemd (Ubuntu Artful):
importance: Undecided → High
assignee: nobody → Dimitri John Ledkov (xnox)
Changed in systemd (Ubuntu Zesty):
assignee: nobody → Dimitri John Ledkov (xnox)
milestone: none → zesty-updates
Dimitri John Ledkov (xnox) wrote :

systemd (234-2ubuntu1) artful; urgency=medium
...
* Enable systemd-resolved by default
...

Changed in systemd (Ubuntu Artful):
status: Fix Committed → Fix Released
Changed in systemd (Ubuntu Zesty):
status: Triaged → In Progress
description: updated

Hello WoJ, or anyone else affected,

Accepted systemd into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/232-21ubuntu6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in systemd (Ubuntu Zesty):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-zesty
Dimitri John Ledkov (xnox) wrote :

Starting with zesty container that has 232-21ubuntu5 installed.
Removed libnss-resolve.
Reboot.
Notice that systemd-resolve is not enabled.
Upgrade to 232-21ubuntu6.
.... and systemd-resolved was not enabled by default

This is a fail, the version number in postinst is too low when comparing whether or not resolved should be enabled or not.

tags: added: verification-failed verification-failed-zesty
removed: verification-needed verification-needed-zesty
Brian Murray (brian-murray) wrote :

Hello WoJ, or anyone else affected,

Accepted systemd into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/232-21ubuntu7 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed verification-needed-zesty
removed: verification-failed verification-failed-zesty
Dimitri John Ledkov (xnox) wrote :

Upgrading from 232-21ubuntu5 to 232-21ubuntu7 enables systemd-resolved.service by default now.

tags: added: verification-done verification-done-zesty
removed: verification-needed verification-needed-zesty
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 232-21ubuntu7

---------------
systemd (232-21ubuntu7) zesty; urgency=medium

  * networkd: accept `:' in ifnames in systemd/networkd. (LP: #1714933)
  * networkd: add support for ActiveSlave and PrimarySlave netdev options.
    (LP: #1709135)
  * Cherrypick upstream fix for a race between .mount and .automount units,
    which currently may result in automounts hanging. (LP: #1709649)
  * systemd.postinst: Fix-up version number check in the previous sru.
    The version check in the postinst was too tight, thus the SRU fix failed
    validation. (LP: #1710410)

systemd (232-21ubuntu6) zesty; urgency=medium

  * link: Fix offload features initialization.
    This fixes a regression introduced in v232 which caused TCP
    segmentation offloads being disabled by default, resulting in
    significant performance issues under certain conditions. (Closes: #864073)
    (LP: #1703393)
  * loginctl: Fix loginctl ignoring user given session IDs at command-line
    (LP: #1682154)
  * Disable fallback DNS servers.
    This causes resolved to call-home to google, attempt to access network when
    none is available, and spams logs. (LP: #1449001)
  * initramfs-tools: trigger udevadm add actions with subsystems first.
    This updates the initramfs-tools init-top udev script to trigger udevadm
    actions with type specified. This mimicks the
    systemd-udev-trigger.service. Without type specified only devices are
    triggered, but triggering subsystems may also be required and should happen
    before triggering the devices. This is the case for example on s390x with zdev
    generated udev rules. (LP: #1713536)
  * Enable systemd-resolved by default. (LP: #1710410)
  * core: fix systemd failing to serialize tasks correctly on daemon-reload.
    (LP: #1702823)

 -- Dimitri John Ledkov <email address hidden> Wed, 04 Oct 2017 14:22:02 +0100

Changed in systemd (Ubuntu Zesty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for systemd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers