Comment 8 for bug 1731522

Steve, Bionic still has the default (commented-out)

    #DNSStubListener=udp

in /etc/systemd/resolved.conf .

I've noticed that this breaks Kerberos KDC lookup at a large site, because the reply is quite large:

    # host -t SRV _kerberos._udp.xxx.example.com
    ;; Connection to 127.0.0.53#53(127.0.0.53) for _kerberos._udp.xxx.example.com failed: connection refused.

    # kinit <email address hidden>
    kinit: Cannot find KDC for realm "XXX.EXAMPLE.COM" while getting initial credentials

After setting DNSStubListener=yes:

    # host -t srv _kerberos._udp.xxx.example.com
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx01.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx02.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx03.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx04.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx05.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx06.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx07.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx08.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx09.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx10.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx11.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx12.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx13.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx14.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx15.xxx.example.com.

    # kinit <email address hidden>
    Password for <email address hidden>: