Ubuntu
systemd package

systemd-resolved: no dns resolution after upgrade to Artful

Bug #1690605 reported by Tim Lunn
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

After upgrading to artful systemd-resolved is failing to resolve dns. It seems DNSSEC validation is failing but shouldnt that be disabled by default like it was in zesty?

$ systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/systemd-resolved.service.d
           └─resolvconf.conf
   Active: active (running) since Sun 2017-05-14 13:45:27 AEST; 29min ago
     Docs: man:systemd-resolved.service(8)
           http://www.freedesktop.org/wiki/Software/systemd/resolved
           http://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
           http://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
  Process: 12092 ExecStartPost=/bin/sh -c [ ! -e /run/resolvconf/enable-updates ] || echo "nameserver 127.0.0.53" | /sbin/resolvconf -a systemd-resolved (code
 Main PID: 12089 (systemd-resolve)
   Status: "Processing requests..."
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/systemd-resolved.service
           └─12089 /lib/systemd/systemd-resolved

May 14 14:06:42 arapiles2 systemd-resolved[12089]: DNSSEC validation failed for question changelogs.ubuntu.com IN SOA: failed-auxiliary
May 14 14:06:42 arapiles2 systemd-resolved[12089]: DNSSEC validation failed for question changelogs.ubuntu.com IN A: failed-auxiliary
May 14 14:06:43 arapiles2 systemd-resolved[12089]: DNSSEC validation failed for question changelogs.ubuntu.com IN SOA: failed-auxiliary
May 14 14:06:43 arapiles2 systemd-resolved[12089]: DNSSEC validation failed for question changelogs.ubuntu.com IN A: failed-auxiliary
May 14 14:09:31 arapiles2 systemd-resolved[12089]: DNSSEC validation failed for question launchpad.net IN SOA: failed-auxiliary
May 14 14:09:31 arapiles2 systemd-resolved[12089]: DNSSEC validation failed for question launchpad.net IN A: failed-auxiliary
May 14 14:14:27 arapiles2 systemd-resolved[12089]: DNSSEC validation failed for question search.apps.ubuntu.com IN SOA: failed-auxiliary
May 14 14:14:27 arapiles2 systemd-resolved[12089]: DNSSEC validation failed for question search.apps.ubuntu.com IN A: failed-auxiliary
May 14 14:14:27 arapiles2 systemd-resolved[12089]: DNSSEC validation failed for question search.apps.ubuntu.com IN SOA: failed-auxiliary
May 14 14:14:27 arapiles2 systemd-resolved[12089]: DNSSEC validation failed for question search.apps.ubuntu.com IN A: failed-auxiliary

$ systemd-resolve --status
Link 3 (wlp3s0)
      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: yes
         DNS Servers: 192.168.15.1

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: systemd 233-6ubuntu1
ProcVersionSignature: Ubuntu 4.10.0-20.22-generic 4.10.8
Uname: Linux 4.10.0-20-generic x86_64
ApportVersion: 2.20.4-0ubuntu7
Architecture: amd64
CurrentDesktop: GNOME
Date: Sun May 14 14:17:46 2017
InstallationDate: Installed on 2016-03-18 (421 days ago)
InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160317)
MachineType: LENOVO 2764CTO
PccardctlIdent:
 Socket 0:
   no product info available
PccardctlStatus:
 Socket 0:
   no card
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.10.0-20-generic root=UUID=3664c32a-e900-46b0-bd17-848f08c17bbe ro quiet splash vt.handoff=7
SourcePackage: systemd
UpgradeStatus: Upgraded to artful on 2017-05-13 (0 days ago)
dmi.bios.date: 10/17/2012
dmi.bios.vendor: LENOVO
dmi.bios.version: 7UET94WW (3.24 )
dmi.board.name: 2764CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr7UET94WW(3.24):bd10/17/2012:svnLENOVO:pn2764CTO:pvrThinkPadT400:rvnLENOVO:rn2764CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2764CTO
dmi.product.version: ThinkPad T400
dmi.sys.vendor: LENOVO
modified.conffile..etc.systemd.logind.conf: [modified]
modified.conffile..etc.systemd.resolved.conf: [modified]
mtime.conffile..etc.systemd.logind.conf: 2017-05-13T15:35:01.923954
mtime.conffile..etc.systemd.resolved.conf: 2017-05-14T14:16:55.303043

Revision history for this message
Tim Lunn (darkxst) wrote :
Revision history for this message
lotuspsychje (lotuspsychje) wrote :

Installed 17.10 64bit development branch on a daily .iso @ 14/5/2017

problem is solved after editing: /etc/systemd/resolved.conf DNSSEC=off and reboot

Revision history for this message
lotuspsychje (lotuspsychje) wrote :

duplicates:

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1681597

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in systemd (Ubuntu):
status: New → Confirmed
Dimitri John Ledkov (xnox)
Changed in systemd (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 233-6ubuntu2

---------------
systemd (233-6ubuntu2) artful; urgency=medium

  [ Michael Biebl ]
  * basic/journal-importer: Fix unaligned access in get_data_size()
    (Closes: #862062)

  [ Dimitri John Ledkov ]
  * ubuntu: disable dnssec on any ubuntu releases (LP: #1690605)
  * Cherrypick upstream patch for vio predictable interface names.
  * Cherrypick upstream patch for platform predictable interface names.
    (LP: #1686784)

  [ Balint Reczey ]
  * Skip starting systemd-remount-fs.service in containers
    even when /etc/fstab is present.
    This allows entering fully running state even when /etc/fstab
    lists / to be mounted from a device which is not present in the
    container. (LP: #1576341)

 -- Dimitri John Ledkov <email address hidden> Wed, 17 May 2017 19:24:03 +0100

Changed in systemd (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.