[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.
Thank you, I have gathered required log as you mentioned: Output of journalctl -b -u systemd-resolved --no-pager( please note: after the first read, link will disappear ) https://file.io/2LcfbtNf Output of dig: dig mharder-formrec.cognitiveservices.azure.com ; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> mharder-formrec.cognitiveservices.azure.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16016 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;mharder-formrec.cognitiveservices.azure.com. INA ;; Query time: 231 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Wed Jul 08 07:40:24 UTC 2020 ;; MSG SIZE rcvd: 72 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1886128 Title: systemd-resolved does not resolve address due to udp payload size. Status in systemd package in Ubuntu: Incomplete Bug description: Description: Ubuntu 18.04.4 LTS Release: 18.04 systemd-resolve --version systemd 237 +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid We met an error: on an attempt to resolve address, the following issue appears: ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> mharder-formrec.cognitiveservices.azure.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;mharder-formrec.cognitiveservices.azure.com. IN A ;; Query time: 231 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Tue Apr 28 20:47:14 UTC 2020 ;; MSG SIZE rcvd: 72 Let me provide you important notes about the issue: 1) It's not reproducing on Ubuntu 16; 2) Bypassing systemd-resolve - everything works fine; 3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE Successful query: 113516:27:25.964386 10.1.0.4168.63.129.16 DNS 128 Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com OPT Domain Name System (query) Transaction ID: 0xc2d4 Flags: 0x0120 Standard query 0... = Response: Message is a query .000 0... = Opcode: Standard query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively .0.. = Z: reserved (0) ..1. = AD bit: Set ...0 = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN Additional records : type OPT Name: Type: OPT (41) UDP payload size: 4096 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x 0... = DO bit: Cannot handle DNSSEC security RRs .000 = Reserved: 0x Data length: 12 Option: COOKIE Unsuccessful query: 112816:27:25.713886 10.1.0.4168.63.129.16 DNS 116 Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com OPT Domain Name System (query) Transaction ID: 0x198d Flags: 0x0100 Standard query 0... = Response: Message is a query .000 0... = Opcode: Standard query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively .0.. = Z: reserved (0) ...0 = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN Additional records : type OPT Name: Type: OPT (41) UDP payload size: 512 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x 0... = DO bit: Cannot handle DNSSEC security RRs .000 = Reserved: 0x Data length: 0 Notable difference: Success: UDP payload size: 4096 Failure: UDP payload size: 512 And notable differences in the responses: Success: Flags: 0x8180 Standard query response, No error
[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.
Added log as attachment ** Attachment added: "pcap.log" https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1886128/+attachment/5390800/+files/pcap.log -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1886128 Title: systemd-resolved does not resolve address due to udp payload size. Status in systemd package in Ubuntu: Incomplete Bug description: Description: Ubuntu 18.04.4 LTS Release: 18.04 systemd-resolve --version systemd 237 +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid We met an error: on an attempt to resolve address, the following issue appears: ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> mharder-formrec.cognitiveservices.azure.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;mharder-formrec.cognitiveservices.azure.com. IN A ;; Query time: 231 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Tue Apr 28 20:47:14 UTC 2020 ;; MSG SIZE rcvd: 72 Let me provide you important notes about the issue: 1) It's not reproducing on Ubuntu 16; 2) Bypassing systemd-resolve - everything works fine; 3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE Successful query: 113516:27:25.964386 10.1.0.4168.63.129.16 DNS 128 Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com OPT Domain Name System (query) Transaction ID: 0xc2d4 Flags: 0x0120 Standard query 0... = Response: Message is a query .000 0... = Opcode: Standard query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively .0.. = Z: reserved (0) ..1. = AD bit: Set ...0 = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN Additional records : type OPT Name: Type: OPT (41) UDP payload size: 4096 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x 0... = DO bit: Cannot handle DNSSEC security RRs .000 = Reserved: 0x Data length: 12 Option: COOKIE Unsuccessful query: 112816:27:25.713886 10.1.0.4168.63.129.16 DNS 116 Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com OPT Domain Name System (query) Transaction ID: 0x198d Flags: 0x0100 Standard query 0... = Response: Message is a query .000 0... = Opcode: Standard query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively .0.. = Z: reserved (0) ...0 = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN Additional records : type OPT Name: Type: OPT (41) UDP payload size: 512 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x 0... = DO bit: Cannot handle DNSSEC security RRs .000 = Reserved: 0x Data length: 0 Notable difference: Success: UDP payload size: 4096 Failure: UDP payload size: 512 And notable differences in the responses: Success: Flags: 0x8180 Standard query response, No error ..0. = Truncated: Message is not truncated Failure: Flags: 0x8380 Standard query response, No error ..1. = Truncated: Message is truncated Interestingly, systemd-resolved is setting the maximum payload size to 512 regardless of whether EDNS0 is configured and regardless of what is sent to it for the payload size. I tried to found a way to change UDP_PAYLOAD_SIZE,but it seems it is only possible to change it only with direct code modifications. To manage notifications about this bug go to:
[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.
Thank you for the explanation, I have gathered dns.pcap file with the required option. ** Attachment added: "dns (1).pcap" https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1886128/+attachment/5391049/+files/dns%20%281%29.pcap -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1886128 Title: systemd-resolved does not resolve address due to udp payload size. Status in systemd package in Ubuntu: Incomplete Bug description: Description: Ubuntu 18.04.4 LTS Release: 18.04 systemd-resolve --version systemd 237 +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid We met an error: on an attempt to resolve address, the following issue appears: ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> mharder-formrec.cognitiveservices.azure.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;mharder-formrec.cognitiveservices.azure.com. IN A ;; Query time: 231 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Tue Apr 28 20:47:14 UTC 2020 ;; MSG SIZE rcvd: 72 Let me provide you important notes about the issue: 1) It's not reproducing on Ubuntu 16; 2) Bypassing systemd-resolve - everything works fine; 3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE Successful query: 113516:27:25.964386 10.1.0.4168.63.129.16 DNS 128 Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com OPT Domain Name System (query) Transaction ID: 0xc2d4 Flags: 0x0120 Standard query 0... = Response: Message is a query .000 0... = Opcode: Standard query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively .0.. = Z: reserved (0) ..1. = AD bit: Set ...0 = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN Additional records : type OPT Name: Type: OPT (41) UDP payload size: 4096 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x 0... = DO bit: Cannot handle DNSSEC security RRs .000 = Reserved: 0x Data length: 12 Option: COOKIE Unsuccessful query: 112816:27:25.713886 10.1.0.4168.63.129.16 DNS 116 Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com OPT Domain Name System (query) Transaction ID: 0x198d Flags: 0x0100 Standard query 0... = Response: Message is a query .000 0... = Opcode: Standard query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively .0.. = Z: reserved (0) ...0 = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN Additional records : type OPT Name: Type: OPT (41) UDP payload size: 512 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x 0... = DO bit: Cannot handle DNSSEC security RRs .000 = Reserved: 0x Data length: 0 Notable difference: Success: UDP payload size: 4096 Failure: UDP payload size: 512 And notable differences in the responses: Success: Flags: 0x8180 Standard query response, No error ..0. = Truncated: Message is not truncated Failure: Flags: 0x8380 Standard query response, No error ..1. = Truncated: Message is truncated Interestingly, systemd-resolved is setting the maximum payload size to 512 regardless of whether EDNS0 is configured and regardless of what is sent to it for the payload size. I tried to found a way to change UDP_PAYLOAD_SIZE,but it seems it is only possible to change it only with direct code modifications. To manage notifications about this bug
[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.
Thank you for the detailed explanation. Let me clarify some things here: 1) In the initial reply, I provided two types of reponses: - A successful one, that goes right through EDNS0 with UDP payload size 4096 - An unsuccessful one, that goes through the local stub resolver, but with udp payload size 512. I believe that successful example confirms that EDNS supports larger UDP payload size. Is it correct? Could you please advise how to increase UDP payload size for the local stub resolver? 2) I have gathered data using tcpdump, I hope it sheds some light on this. ** Attachment added: "dns.pcap" https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1886128/+attachment/5390841/+files/dns.pcap -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1886128 Title: systemd-resolved does not resolve address due to udp payload size. Status in systemd package in Ubuntu: Incomplete Bug description: Description: Ubuntu 18.04.4 LTS Release: 18.04 systemd-resolve --version systemd 237 +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid We met an error: on an attempt to resolve address, the following issue appears: ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> mharder-formrec.cognitiveservices.azure.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;mharder-formrec.cognitiveservices.azure.com. IN A ;; Query time: 231 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Tue Apr 28 20:47:14 UTC 2020 ;; MSG SIZE rcvd: 72 Let me provide you important notes about the issue: 1) It's not reproducing on Ubuntu 16; 2) Bypassing systemd-resolve - everything works fine; 3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE Successful query: 113516:27:25.964386 10.1.0.4168.63.129.16 DNS 128 Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com OPT Domain Name System (query) Transaction ID: 0xc2d4 Flags: 0x0120 Standard query 0... = Response: Message is a query .000 0... = Opcode: Standard query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively .0.. = Z: reserved (0) ..1. = AD bit: Set ...0 = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN Additional records : type OPT Name: Type: OPT (41) UDP payload size: 4096 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x 0... = DO bit: Cannot handle DNSSEC security RRs .000 = Reserved: 0x Data length: 12 Option: COOKIE Unsuccessful query: 112816:27:25.713886 10.1.0.4168.63.129.16 DNS 116 Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com OPT Domain Name System (query) Transaction ID: 0x198d Flags: 0x0100 Standard query 0... = Response: Message is a query .000 0... = Opcode: Standard query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively .0.. = Z: reserved (0) ...0 = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN Additional records : type OPT Name: Type: OPT (41) UDP payload size: 512 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x 0... = DO bit: Cannot handle DNSSEC security RRs .000 = Reserved: 0x Data length: 0 Notable difference: Success: UDP payload size: 4096 Failure: UDP payload size: 512 And notable differences in the responses: Success: Flags: 0x8180 Standard query response, No error ..0. = Truncated: Message is not truncated
[Touch-packages] [Bug 1886128] [NEW] systemd-resolved does not resolve address due to udp payload size.
Public bug reported: Description:Ubuntu 18.04.4 LTS Release:18.04 systemd-resolve --version systemd 237 +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid We met an error: on an attempt to resolve address, the following issue appears: ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> mharder-formrec.cognitiveservices.azure.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;mharder-formrec.cognitiveservices.azure.com. INA ;; Query time: 231 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Tue Apr 28 20:47:14 UTC 2020 ;; MSG SIZE rcvd: 72 Let me provide you important notes about the issue: 1) It's not reproducing on Ubuntu 16; 2) Bypassing systemd-resolve - everything works fine; 3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE Successful query: 113516:27:25.964386 10.1.0.4168.63.129.16 DNS 128 Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com OPT Domain Name System (query) Transaction ID: 0xc2d4 Flags: 0x0120 Standard query 0... = Response: Message is a query .000 0... = Opcode: Standard query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively .0.. = Z: reserved (0) ..1. = AD bit: Set ...0 = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN Additional records : type OPT Name: Type: OPT (41) UDP payload size: 4096 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x 0... = DO bit: Cannot handle DNSSEC security RRs .000 = Reserved: 0x Data length: 12 Option: COOKIE Unsuccessful query: 112816:27:25.713886 10.1.0.4168.63.129.16 DNS 116 Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com OPT Domain Name System (query) Transaction ID: 0x198d Flags: 0x0100 Standard query 0... = Response: Message is a query .000 0... = Opcode: Standard query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively .0.. = Z: reserved (0) ...0 = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN Additional records : type OPT Name: Type: OPT (41) UDP payload size: 512 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x 0... = DO bit: Cannot handle DNSSEC security RRs .000 = Reserved: 0x Data length: 0 Notable difference: Success: UDP payload size: 4096 Failure: UDP payload size: 512 And notable differences in the responses: Success: Flags: 0x8180 Standard query response, No error ..0. = Truncated: Message is not truncated Failure: Flags: 0x8380 Standard query response, No error ..1. = Truncated: Message is truncated Interestingly, systemd-resolved is setting the maximum payload size to 512 regardless of whether EDNS0 is configured and regardless of what is sent to it for the payload size. I tried to found a way to change UDP_PAYLOAD_SIZE,but it seems it is only possible to change it only with direct code modifications. ** Affects: systemd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1886128 Title: systemd-resolved does not resolve address due to udp payload size. Status in systemd package in Ubuntu: New Bug description: Description: Ubuntu 18.04.4 LTS Release: 18.04 systemd-resolve --version systemd 237 +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid We met an error: on an attempt to resolve address, the following issue appears: ; <<>> DiG
[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.
Thank you for the answer. We are reffering to the local stub resolver( 127.0.0.53 ). As a workaround we have created symbolic link: sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf However, with the local stub resolver is still not working. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1886128 Title: systemd-resolved does not resolve address due to udp payload size. Status in systemd package in Ubuntu: Incomplete Bug description: Description: Ubuntu 18.04.4 LTS Release: 18.04 systemd-resolve --version systemd 237 +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid We met an error: on an attempt to resolve address, the following issue appears: ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> mharder-formrec.cognitiveservices.azure.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;mharder-formrec.cognitiveservices.azure.com. IN A ;; Query time: 231 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Tue Apr 28 20:47:14 UTC 2020 ;; MSG SIZE rcvd: 72 Let me provide you important notes about the issue: 1) It's not reproducing on Ubuntu 16; 2) Bypassing systemd-resolve - everything works fine; 3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE Successful query: 113516:27:25.964386 10.1.0.4168.63.129.16 DNS 128 Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com OPT Domain Name System (query) Transaction ID: 0xc2d4 Flags: 0x0120 Standard query 0... = Response: Message is a query .000 0... = Opcode: Standard query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively .0.. = Z: reserved (0) ..1. = AD bit: Set ...0 = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN Additional records : type OPT Name: Type: OPT (41) UDP payload size: 4096 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x 0... = DO bit: Cannot handle DNSSEC security RRs .000 = Reserved: 0x Data length: 12 Option: COOKIE Unsuccessful query: 112816:27:25.713886 10.1.0.4168.63.129.16 DNS 116 Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com OPT Domain Name System (query) Transaction ID: 0x198d Flags: 0x0100 Standard query 0... = Response: Message is a query .000 0... = Opcode: Standard query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively .0.. = Z: reserved (0) ...0 = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 1 Queries mharder-formrec.cognitiveservices.azure.com: type A, class IN Additional records : type OPT Name: Type: OPT (41) UDP payload size: 512 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x 0... = DO bit: Cannot handle DNSSEC security RRs .000 = Reserved: 0x Data length: 0 Notable difference: Success: UDP payload size: 4096 Failure: UDP payload size: 512 And notable differences in the responses: Success: Flags: 0x8180 Standard query response, No error ..0. = Truncated: Message is not truncated Failure: Flags: 0x8380 Standard query response, No error ..1. = Truncated: Message is truncated Interestingly, systemd-resolved is setting the maximum payload size to 512 regardless of whether EDNS0 is configured and regardless of what is sent to it for the payload size. I tried to found a way to change UDP_PAYLOAD_SIZE,but it seems it is only possible to change it only with direct code modifications. To manage