cannot resolve Active Directory realm name with large number of A records

Bug #1801495 reported by Jason Haar on 2018-11-03
This bug affects 1 person
Affects Status Importance Assigned to Milestone
trace-summary (Ubuntu)

Bug Description

We have 3 Active Directory "realms". One has 25 domain controllers/DNS servers and the other two both have 35+. The way that AD works means this creates DNS 'A' records for the realm name that resolves to all the Domain Controllers/DNS servers that service it (ie a DNS name with many A records).

If we have a fully patched/updated Ubuntu-18.04.1 system, running "nslookup" returns the 25 DNS servers, and life is good. Running "nslookup" works - but only returns 30 DNS servers (out of 35+). Running the same command on a CentOS-6 system (ie no systemd) returns 35+ DNS servers. So that's a (minor) bug?

...but ping and other real applications are the real problem - they don't work at all in the larger realms. "ping" works fine, but "ping" returns "Temporary failure in name resolution". Also telnet, etc doesn't work. "ping" works fine - just the domain name itself doesn't work - which makes me think it's related to the number of A records being returned.

We are trying to add these Ubuntu laptops to our AD domains - which requires several calls to "" - which is failing - but so far can only get it to work in due to this issue. I think this is a systemd-resolved bug? (237-3ubuntu10.3)



To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers