Let me provide you important notes about the issue:
1) It's not reproducing on Ubuntu 16;
2) Bypassing systemd-resolve - everything works fine;
3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE
Successful query:
1135 16:27:25.964386 10.1.0.4 168.63.129.16 DNS 128 Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com OPT
Domain Name System (query)
Transaction ID: 0xc2d4
Flags: 0x0120 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ..1. .... = AD bit: Set
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x0000 0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs .000 0000 0000 0000 = Reserved: 0x0000
Data length: 12
Option: COOKIE
Unsuccessful query:
1128 16:27:25.713886 10.1.0.4 168.63.129.16 DNS 116 Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com OPT
Domain Name System (query)
Transaction ID: 0x198d
Flags: 0x0100 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 512
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x0000 0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs .000 0000 0000 0000 = Reserved: 0x0000
Data length: 0
Notable difference:
Success:
UDP payload size: 4096
Failure:
UDP payload size: 512
And notable differences in the responses:
Success:
Flags: 0x8180 Standard query response, No error
.... ..0. .... .... = Truncated: Message is not truncated
Failure:
Flags: 0x8380 Standard query response, No error
.... ..1. .... .... = Truncated: Message is truncated
Interestingly, systemd-resolved is setting the maximum payload size to 512 regardless of whether EDNS0 is configured and regardless of what is sent to it for the payload size.
I tried to found a way to change UDP_PAYLOAD_SIZE,but it seems it is only possible to change it only with direct code modifications.
Description: Ubuntu 18.04.4 LTS
Release: 18.04
systemd-resolve --version
systemd 237 hierarchy= hybrid
+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
-PCRE2 default-
We met an error: on an attempt to resolve address, the following issue appears:
; <<>> DiG 9.11.3- 1ubuntu1. 11-Ubuntu <<>> mharder- formrec. cognitiveservic es.azure. com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: formrec. cognitiveservic es.azure. com. IN A
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;mharder-
;; Query time: 231 msec 53#53(127. 0.0.53)
;; SERVER: 127.0.0.
;; WHEN: Tue Apr 28 20:47:14 UTC 2020
;; MSG SIZE rcvd: 72
Let me provide you important notes about the issue:
1) It's not reproducing on Ubuntu 16;
2) Bypassing systemd-resolve - everything works fine;
3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE
Successful query:
1135 16:27:25.964386 10.1.0.4 168.63.129.16 DNS 128 Standard query 0xc2d4 A mharder- formrec. cognitiveservic es.azure. com OPT
Domain Name System (query)
mharder- formrec. cognitiveservic es.azure. com: type A, class IN
0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Transaction ID: 0xc2d4
Flags: 0x0120 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ..1. .... = AD bit: Set
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x0000
Data length: 12
Option: COOKIE
Unsuccessful query:
1128 16:27:25.713886 10.1.0.4 168.63.129.16 DNS 116 Standard query 0x198d A mharder- formrec. cognitiveservic es.azure. com OPT
Domain Name System (query)
mharder- formrec. cognitiveservic es.azure. com: type A, class IN
0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Transaction ID: 0x198d
Flags: 0x0100 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 1
Queries
Additional records
<Root>: type OPT
Name: <Root>
Type: OPT (41)
UDP payload size: 512
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x0000
Data length: 0
Notable difference:
Success:
UDP payload size: 4096
Failure:
UDP payload size: 512
And notable differences in the responses:
Success:
Flags: 0x8180 Standard query response, No error
.... ..0. .... .... = Truncated: Message is not truncated
Failure:
Flags: 0x8380 Standard query response, No error
.... ..1. .... .... = Truncated: Message is truncated
Interestingly, systemd-resolved is setting the maximum payload size to 512 regardless of whether EDNS0 is configured and regardless of what is sent to it for the payload size. SIZE,but it seems it is only possible to change it only with direct code modifications.
I tried to found a way to change UDP_PAYLOAD_