[Touch-packages] [Bug 1681597] Re: DNS broken after >50m of uptime
*** This bug is a duplicate of bug 1682499 *** https://bugs.launchpad.net/bugs/1682499 This issue just came up for me on Kubuntu 17.04, using systemd 232-21ubuntu3. I had upgraded some packages with apt, but none are related to systemd: there's samba, Firefox, apport, kio ... nothing that should really be touching system resolver settings AFAICT. Re-modprobing the ath9k_htc module, restarting systemd-resolved.service, reconnecting network through the system tray icon ... all bring back the network very briefly. It looks from tail-ing syslog to almost be a race condition between two DNS systems?? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1681597 Title: DNS broken after >50m of uptime Status in systemd package in Ubuntu: Incomplete Bug description: After about 50m of uptime news.ycombinator.com stops working in Chromium: news.ycombinator.com’s server's DNS address could not be found. DNS_PROBE_FINISHED_NXDOMAIN $ host news.ycombinator.com Host news.ycombinator.com not found: 2(SERVFAIL) This is a *regression* from Ubuntu 16.10, where DNS worked flawlessly. Workarounds: * 'systemctl restart systemd-resolved' solves the problem for another 50m * disable systemd-resolved and use the DNS server directly. This involves removing 'resolve [!UNAVAIL=return]' from nsswitch.conf, and disabling the systemd-resolved unit Logs show DNSSEC related errors, and DNSSEC getting disabled and reenabled: -- Logs begin at Mon 2017-04-10 23:10:59 BST, end at Tue 2017-04-11 00:11:14 BST. -- Apr 10 23:11:01 bolt systemd[1]: Starting Network Name Resolution... Apr 10 23:11:01 bolt systemd-resolved[1351]: Positive Trust Anchors: Apr 10 23:11:01 bolt systemd-resolved[1351]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 Apr 10 23:11:01 bolt systemd-resolved[1351]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d Apr 10 23:11:01 bolt systemd-resolved[1351]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test Apr 10 23:11:01 bolt systemd-resolved[1351]: Using system hostname 'bolt'. Apr 10 23:11:01 bolt systemd[1]: Started Network Name Resolution. Apr 10 23:11:05 bolt systemd-resolved[1351]: Switching to DNS server 194.168.4.100 for interface wlp3s0. Apr 10 23:11:06 bolt systemd-resolved[1351]: Using degraded feature set (UDP+EDNS0) for DNS server 194.168.4.100. Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question ubuntu.com IN DS: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN DS: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN A: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: Server 194.168.4.100 does not support DNSSEC, downgrading to non-DNSSEC mode. Apr 10 23:11:06 bolt systemd-resolved[1351]: Switching to DNS server 194.168.8.100 for interface wlp3s0. Apr 10 23:11:07 bolt systemd-resolved[1351]: Using degraded feature set (UDP+EDNS0) for DNS server 194.168.8.100. Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question cvd.clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question cvd.clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question
[Touch-packages] [Bug 1681597] Re: DNS broken after >50m of uptime
*** This bug is a duplicate of bug 1682499 *** https://bugs.launchpad.net/bugs/1682499 Should have said DNSSEC is already off, have made the change in the systemd/resolved.conf file anyway, but no help for me. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1681597 Title: DNS broken after >50m of uptime Status in systemd package in Ubuntu: Incomplete Bug description: After about 50m of uptime news.ycombinator.com stops working in Chromium: news.ycombinator.com’s server's DNS address could not be found. DNS_PROBE_FINISHED_NXDOMAIN $ host news.ycombinator.com Host news.ycombinator.com not found: 2(SERVFAIL) This is a *regression* from Ubuntu 16.10, where DNS worked flawlessly. Workarounds: * 'systemctl restart systemd-resolved' solves the problem for another 50m * disable systemd-resolved and use the DNS server directly. This involves removing 'resolve [!UNAVAIL=return]' from nsswitch.conf, and disabling the systemd-resolved unit Logs show DNSSEC related errors, and DNSSEC getting disabled and reenabled: -- Logs begin at Mon 2017-04-10 23:10:59 BST, end at Tue 2017-04-11 00:11:14 BST. -- Apr 10 23:11:01 bolt systemd[1]: Starting Network Name Resolution... Apr 10 23:11:01 bolt systemd-resolved[1351]: Positive Trust Anchors: Apr 10 23:11:01 bolt systemd-resolved[1351]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 Apr 10 23:11:01 bolt systemd-resolved[1351]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d Apr 10 23:11:01 bolt systemd-resolved[1351]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test Apr 10 23:11:01 bolt systemd-resolved[1351]: Using system hostname 'bolt'. Apr 10 23:11:01 bolt systemd[1]: Started Network Name Resolution. Apr 10 23:11:05 bolt systemd-resolved[1351]: Switching to DNS server 194.168.4.100 for interface wlp3s0. Apr 10 23:11:06 bolt systemd-resolved[1351]: Using degraded feature set (UDP+EDNS0) for DNS server 194.168.4.100. Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question ubuntu.com IN DS: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN DS: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN A: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: Server 194.168.4.100 does not support DNSSEC, downgrading to non-DNSSEC mode. Apr 10 23:11:06 bolt systemd-resolved[1351]: Switching to DNS server 194.168.8.100 for interface wlp3s0. Apr 10 23:11:07 bolt systemd-resolved[1351]: Using degraded feature set (UDP+EDNS0) for DNS server 194.168.8.100. Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question cvd.clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question cvd.clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN TXT: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: Server 194.168.8.100 does not support DNSSEC, downgrading to non-DNSSEC mode. Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN
[Touch-packages] [Bug 1681597] Re: DNS broken after >50m of uptime
*** This bug is a duplicate of bug 1682499 *** https://bugs.launchpad.net/bugs/1682499 Installed 17.10 64bit development branch on a daily .iso @ 14/5/2017 problem is solved after editing: /etc/systemd/resolved.conf DNSSEC=off and reboot tnx to answer #4 another duplicate: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1690605 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1681597 Title: DNS broken after >50m of uptime Status in systemd package in Ubuntu: Incomplete Bug description: After about 50m of uptime news.ycombinator.com stops working in Chromium: news.ycombinator.com’s server's DNS address could not be found. DNS_PROBE_FINISHED_NXDOMAIN $ host news.ycombinator.com Host news.ycombinator.com not found: 2(SERVFAIL) This is a *regression* from Ubuntu 16.10, where DNS worked flawlessly. Workarounds: * 'systemctl restart systemd-resolved' solves the problem for another 50m * disable systemd-resolved and use the DNS server directly. This involves removing 'resolve [!UNAVAIL=return]' from nsswitch.conf, and disabling the systemd-resolved unit Logs show DNSSEC related errors, and DNSSEC getting disabled and reenabled: -- Logs begin at Mon 2017-04-10 23:10:59 BST, end at Tue 2017-04-11 00:11:14 BST. -- Apr 10 23:11:01 bolt systemd[1]: Starting Network Name Resolution... Apr 10 23:11:01 bolt systemd-resolved[1351]: Positive Trust Anchors: Apr 10 23:11:01 bolt systemd-resolved[1351]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 Apr 10 23:11:01 bolt systemd-resolved[1351]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d Apr 10 23:11:01 bolt systemd-resolved[1351]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test Apr 10 23:11:01 bolt systemd-resolved[1351]: Using system hostname 'bolt'. Apr 10 23:11:01 bolt systemd[1]: Started Network Name Resolution. Apr 10 23:11:05 bolt systemd-resolved[1351]: Switching to DNS server 194.168.4.100 for interface wlp3s0. Apr 10 23:11:06 bolt systemd-resolved[1351]: Using degraded feature set (UDP+EDNS0) for DNS server 194.168.4.100. Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question ubuntu.com IN DS: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN DS: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN A: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: Server 194.168.4.100 does not support DNSSEC, downgrading to non-DNSSEC mode. Apr 10 23:11:06 bolt systemd-resolved[1351]: Switching to DNS server 194.168.8.100 for interface wlp3s0. Apr 10 23:11:07 bolt systemd-resolved[1351]: Using degraded feature set (UDP+EDNS0) for DNS server 194.168.8.100. Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question cvd.clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question cvd.clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN TXT: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: Server 194.168.8.100 does not support DNSSEC, downgrading to non-DNSSEC mode. Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com
[Touch-packages] [Bug 1681597] Re: DNS broken after >50m of uptime
*** This bug is a duplicate of bug 1682499 *** https://bugs.launchpad.net/bugs/1682499 Yes, I put 'DNSSEC=off' in /etc/systemd/resolved.conf yesterday evening, and it is working. ** This bug has been marked a duplicate of bug 1682499 disable dnssec -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1681597 Title: DNS broken after >50m of uptime Status in systemd package in Ubuntu: Incomplete Bug description: After about 50m of uptime news.ycombinator.com stops working in Chromium: news.ycombinator.com’s server's DNS address could not be found. DNS_PROBE_FINISHED_NXDOMAIN $ host news.ycombinator.com Host news.ycombinator.com not found: 2(SERVFAIL) This is a *regression* from Ubuntu 16.10, where DNS worked flawlessly. Workarounds: * 'systemctl restart systemd-resolved' solves the problem for another 50m * disable systemd-resolved and use the DNS server directly. This involves removing 'resolve [!UNAVAIL=return]' from nsswitch.conf, and disabling the systemd-resolved unit Logs show DNSSEC related errors, and DNSSEC getting disabled and reenabled: -- Logs begin at Mon 2017-04-10 23:10:59 BST, end at Tue 2017-04-11 00:11:14 BST. -- Apr 10 23:11:01 bolt systemd[1]: Starting Network Name Resolution... Apr 10 23:11:01 bolt systemd-resolved[1351]: Positive Trust Anchors: Apr 10 23:11:01 bolt systemd-resolved[1351]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 Apr 10 23:11:01 bolt systemd-resolved[1351]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d Apr 10 23:11:01 bolt systemd-resolved[1351]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test Apr 10 23:11:01 bolt systemd-resolved[1351]: Using system hostname 'bolt'. Apr 10 23:11:01 bolt systemd[1]: Started Network Name Resolution. Apr 10 23:11:05 bolt systemd-resolved[1351]: Switching to DNS server 194.168.4.100 for interface wlp3s0. Apr 10 23:11:06 bolt systemd-resolved[1351]: Using degraded feature set (UDP+EDNS0) for DNS server 194.168.4.100. Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question ubuntu.com IN DS: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN DS: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN A: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: Server 194.168.4.100 does not support DNSSEC, downgrading to non-DNSSEC mode. Apr 10 23:11:06 bolt systemd-resolved[1351]: Switching to DNS server 194.168.8.100 for interface wlp3s0. Apr 10 23:11:07 bolt systemd-resolved[1351]: Using degraded feature set (UDP+EDNS0) for DNS server 194.168.8.100. Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question cvd.clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question cvd.clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN TXT: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: Server 194.168.8.100 does not support DNSSEC, downgrading to non-DNSSEC mode. Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC
[Touch-packages] [Bug 1681597] Re: DNS broken after >50m of uptime
This looks like it would be a "duplicate" of bug 1682499; we should disable DNSSEC by default. Can you please verify if setting DNSSEC=off fixes your issue? ** Changed in: systemd (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1681597 Title: DNS broken after >50m of uptime Status in systemd package in Ubuntu: Incomplete Bug description: After about 50m of uptime news.ycombinator.com stops working in Chromium: news.ycombinator.com’s server's DNS address could not be found. DNS_PROBE_FINISHED_NXDOMAIN $ host news.ycombinator.com Host news.ycombinator.com not found: 2(SERVFAIL) This is a *regression* from Ubuntu 16.10, where DNS worked flawlessly. Workarounds: * 'systemctl restart systemd-resolved' solves the problem for another 50m * disable systemd-resolved and use the DNS server directly. This involves removing 'resolve [!UNAVAIL=return]' from nsswitch.conf, and disabling the systemd-resolved unit Logs show DNSSEC related errors, and DNSSEC getting disabled and reenabled: -- Logs begin at Mon 2017-04-10 23:10:59 BST, end at Tue 2017-04-11 00:11:14 BST. -- Apr 10 23:11:01 bolt systemd[1]: Starting Network Name Resolution... Apr 10 23:11:01 bolt systemd-resolved[1351]: Positive Trust Anchors: Apr 10 23:11:01 bolt systemd-resolved[1351]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 Apr 10 23:11:01 bolt systemd-resolved[1351]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d Apr 10 23:11:01 bolt systemd-resolved[1351]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test Apr 10 23:11:01 bolt systemd-resolved[1351]: Using system hostname 'bolt'. Apr 10 23:11:01 bolt systemd[1]: Started Network Name Resolution. Apr 10 23:11:05 bolt systemd-resolved[1351]: Switching to DNS server 194.168.4.100 for interface wlp3s0. Apr 10 23:11:06 bolt systemd-resolved[1351]: Using degraded feature set (UDP+EDNS0) for DNS server 194.168.4.100. Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question ubuntu.com IN DS: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN DS: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN A: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: Server 194.168.4.100 does not support DNSSEC, downgrading to non-DNSSEC mode. Apr 10 23:11:06 bolt systemd-resolved[1351]: Switching to DNS server 194.168.8.100 for interface wlp3s0. Apr 10 23:11:07 bolt systemd-resolved[1351]: Using degraded feature set (UDP+EDNS0) for DNS server 194.168.8.100. Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question cvd.clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question cvd.clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN TXT: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: Server 194.168.8.100 does not support DNSSEC, downgrading to non-DNSSEC mode. Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question
[Touch-packages] [Bug 1681597] Re: DNS broken after >50m of uptime
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: systemd (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1681597 Title: DNS broken after >50m of uptime Status in systemd package in Ubuntu: Confirmed Bug description: After about 50m of uptime news.ycombinator.com stops working in Chromium: news.ycombinator.com’s server's DNS address could not be found. DNS_PROBE_FINISHED_NXDOMAIN $ host news.ycombinator.com Host news.ycombinator.com not found: 2(SERVFAIL) This is a *regression* from Ubuntu 16.10, where DNS worked flawlessly. Workarounds: * 'systemctl restart systemd-resolved' solves the problem for another 50m * disable systemd-resolved and use the DNS server directly. This involves removing 'resolve [!UNAVAIL=return]' from nsswitch.conf, and disabling the systemd-resolved unit Logs show DNSSEC related errors, and DNSSEC getting disabled and reenabled: -- Logs begin at Mon 2017-04-10 23:10:59 BST, end at Tue 2017-04-11 00:11:14 BST. -- Apr 10 23:11:01 bolt systemd[1]: Starting Network Name Resolution... Apr 10 23:11:01 bolt systemd-resolved[1351]: Positive Trust Anchors: Apr 10 23:11:01 bolt systemd-resolved[1351]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 Apr 10 23:11:01 bolt systemd-resolved[1351]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d Apr 10 23:11:01 bolt systemd-resolved[1351]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test Apr 10 23:11:01 bolt systemd-resolved[1351]: Using system hostname 'bolt'. Apr 10 23:11:01 bolt systemd[1]: Started Network Name Resolution. Apr 10 23:11:05 bolt systemd-resolved[1351]: Switching to DNS server 194.168.4.100 for interface wlp3s0. Apr 10 23:11:06 bolt systemd-resolved[1351]: Using degraded feature set (UDP+EDNS0) for DNS server 194.168.4.100. Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question ubuntu.com IN DS: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN DS: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN A: failed-auxiliary Apr 10 23:11:06 bolt systemd-resolved[1351]: Server 194.168.4.100 does not support DNSSEC, downgrading to non-DNSSEC mode. Apr 10 23:11:06 bolt systemd-resolved[1351]: Switching to DNS server 194.168.8.100 for interface wlp3s0. Apr 10 23:11:07 bolt systemd-resolved[1351]: Using degraded feature set (UDP+EDNS0) for DNS server 194.168.8.100. Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question cvd.clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question cvd.clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN DS: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question current.cvd.clamav.net IN TXT: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: Server 194.168.8.100 does not support DNSSEC, downgrading to non-DNSSEC mode. Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN SOA: failed-auxiliary Apr 10 23:11:07 bolt systemd-resolved[1351]: DNSSEC validation failed for question daisy.ubuntu.com IN A: failed-auxiliary Apr 10 23:11:52 bolt systemd[1]: Stopping Network Name
