Ubuntu
systemd package

Incorrect handling of link-local IPv6 DNS servers

Bug #1718771 reported by Stéphane Graber
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Expired
High
Unassigned
Artful
Expired
High
Unassigned

Bug Description

We've recently seen odd looking DNS failures on autopkgtest:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-artful/artful/amd64/d/docker.io/20170921_065231_181b8@/log.gz

This shows a fe80:: link-local IPv6 address as one of the DNS servers on the interface. That's because dnsmasq includes both the link-local and global addresses of its DNS server in the router advertisement.

systemd-networkd appears to pick that up and send it to resolved, which includes it in its config but apparently doesn't know how to actually query it, leading to the failure above.

This is racy because once DHCPv4 completes, the resolved config will then work properly again.

I've confirmed that dnsmasq properly answers on all addresses:
  http://paste.ubuntu.com/25588197/

I've uploaded a workaround for this issue as part of the docker.io package.

Steve Langasek (vorlon)
Changed in systemd (Ubuntu):
importance: Undecided → Critical
tags: added: netplan-transition
Changed in systemd (Ubuntu):
importance: Critical → High
Dimitri John Ledkov (xnox)
Changed in systemd (Ubuntu Artful):
status: New → Confirmed
Francis Ginther (fginther)
tags: added: id-59c41ec2d19ed45aedf778d1
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Digging into this, there appears to be intent to support such DNS servers. E.g.:

https://github.com/systemd/systemd/commit/2817157bb705e0f3e9ad4a83246a80d026866be3

However, need to check if all fe80:: dns servers are properly qualified and have the ifindex set on them.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Trying to reproduce this error:

I did:
$ lxc launch ubuntu-daily:artful
$ lxc exec relaxed-fly bash

Edited /run/systemd/network/10-netplan-eth0.network to become:
[Match]
Name=eth0

[Network]
DHCP=ipv4
DNS=fe80::307e:12ff:fec4:90ba

[DHCP]
UseMTU=true
RouteMetric=100
UseDNS=no

where fe80... address is the right address for the lxd host provided dnsmasq.

Then I restarted everything:
$ sudo systemctl restart systemd-networkd systemd-resolved
$ systemd-resolve --flush-caches
$ ip link set dev eth0 down
$ ip link set dev eth0 up

# systemd-resolve --status eth0
Link 28 (eth0)
      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: fe80::307e:12ff:fec4:90ba
          DNS Domain: lxd

# systemd-resolve google.com
google.com: 216.58.204.46%eth0
            2a00:1450:4009:80d::200e%eth0

-- Information acquired via protocol DNS in 26.2ms.
-- Data is authenticated: no

# host google.com
google.com has address 216.58.204.46
google.com has IPv6 address 2a00:1450:4009:80d::200e
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.

Looks like a correct and valid responses to me.

This is with 234-2ubuntu12.1

Seems like it works correctly. I do wonder, if the bug here is that systemd-resolved is not up yet, and is not responding on dbus and/or over 127.0.0.53 at the point in time? I.e. https://bugs.launchpad.net/ubuntu/artful/+source/systemd/+bug/1734167 which is currently awaiting verification.

I'll try to revert the docker.io upload you did locally; and rerun all of these tests again; to see if i can make this work again.

Changed in systemd (Ubuntu):
status: Confirmed → Incomplete
Changed in systemd (Ubuntu Artful):
status: Confirmed → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for systemd (Ubuntu) because there has been no activity for 60 days.]

Changed in systemd (Ubuntu):
status: Incomplete → Expired
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for systemd (Ubuntu Artful) because there has been no activity for 60 days.]

Changed in systemd (Ubuntu Artful):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.