[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-13 Thread Dan Streetman
aha:

ddstreet@lp1886128:~$ sudo iptables -n -t security -L OUTPUT
Chain OUTPUT (policy ACCEPT)
target prot opt source   destination 
ACCEPT tcp  --  0.0.0.0/0168.63.129.16owner UID match 0
DROP   tcp  --  0.0.0.0/0168.63.129.16ctstate 
INVALID,NEW


it seems like this is being added by walinuxagent:

Jul 13 16:21:15 lp1886128 python3[1298]: 2020/07/13 16:21:15.672132 INFO 
ExtHandler Successfully added Azure fabric firewall rules
Jul 13 16:21:15 lp1886128 python3[1298]: 2020/07/13 16:21:15.683188 INFO 
ExtHandler Firewall rules:
Jul 13 16:21:15 lp1886128 python3[1298]: Chain INPUT (policy ACCEPT 0 packets, 
0 bytes)
Jul 13 16:21:15 lp1886128 python3[1298]: pkts  bytes target prot 
opt in out source   destination
Jul 13 16:21:15 lp1886128 python3[1298]: Chain FORWARD (policy ACCEPT 0 
packets, 0 bytes)
Jul 13 16:21:15 lp1886128 python3[1298]: pkts  bytes target prot 
opt in out source   destination
Jul 13 16:21:15 lp1886128 python3[1298]: Chain OUTPUT (policy ACCEPT 0 packets, 
0 bytes)
Jul 13 16:21:15 lp1886128 python3[1298]: pkts  bytes target prot 
opt in out source   destination
Jul 13 16:21:15 lp1886128 python3[1298]:00 ACCEPT tcp  --  
*  *   0.0.0.0/0168.63.129.16owner UID match 0
Jul 13 16:21:15 lp1886128 python3[1298]:00 DROP   tcp  --  
*  *   0.0.0.0/0168.63.129.16ctstate INVALID,NEW


** Also affects: walinuxagent (Ubuntu)
   Importance: Undecided
   Status: New

** Summary changed:

- systemd-resolved does not resolve address due to udp payload size.
+ walinuxagent blocks DNS fallback to TCP

** Changed in: systemd (Ubuntu)
   Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  walinuxagent blocks DNS fallback to TCP

Status in systemd package in Ubuntu:
  Invalid
Status in walinuxagent package in Ubuntu:
  New

Bug description:
  [impact]

  on azure instances, walinuxagent blocks all (new) TCP connections to
  the azure nameserver, which prevents fallback to TCP DNS for truncated
  dns queries

  [test case]

  on an azure instance:

  ddstreet@lp1886128:~$ systemd-resolve --status | grep Servers
   DNS Servers: 168.63.129.16
  ddstreet@lp1886128:~$ dig +retries=0 +timeout=1 +short +tcp @168.63.129.16 
toomany100.ddstreet.org
  ;; connection timed out; no servers could be reached
  ;; Connection to 168.63.129.16#53(168.63.129.16) for toomany100.ddstreet.org 
failed: timed out.

  
  change the actual nameserver ip in the 'dig' command to match what resolved 
is configured with (which comes from dhcp)

  [regression potential]

  TBD

  [scope]

  TBD

  [original description]

  
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-13 Thread Dan Streetman
To repro on azure instance:

ddstreet@lp1886128:~$ systemd-resolve --status | grep Servers
 DNS Servers: 168.63.129.16
ddstreet@lp1886128:~$ dig +retries=0 +timeout=1 +short +tcp @168.63.129.16 
toomany100.ddstreet.org
;; connection timed out; no servers could be reached
;; Connection to 168.63.129.16#53(168.63.129.16) for toomany100.ddstreet.org 
failed: timed out.


tcp does work with external dns servers, e.g.:

ddstreet@lp1886128:~$ dig +retries=0 +timeout=1 +short +tcp @8.8.8.8 
toomany100.ddstreet.org | head -5
10.254.201.0
10.254.201.1
10.254.201.18
10.254.201.19
10.254.201.2


note that the TCP packets to 168.63.129.16 do not make it out of the instance; 
they don't show up in the tcpdump at all, although TCP packets to 168.63.129.15 
or 168.63.129.17 *do* show up.  So there is something specific to that ip 
address that's causing TCP packets to get lost inside the instance.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  In Progress

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable difference:

  Success:
  UDP payload size: 4096

  Failure:
  UDP payload size: 

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-13 Thread Dan Streetman
I spun up an azure instance and tested, and indeed tcp port 53 appears
completely missing from any tcpdump, but only for packets sent to the
upstream nameserver.  TCP sent to port 53 on *any* other ip address does
make it out, but tcp port 53 to the nameserver does not. There are no
routing rules or ip routes or iptables I could find that might be
blocking the packets, so I'm not sure why the packets aren't being sent
out, but that's the cause of the failure here to fallback to TCP DNS.

So 1) we do need to fix upstream systemd to use >512 byte edns0 udp with
upstream nameservers, and also 2) something is wrong with the azure
instances that is blocking TCP DNS to the upstream nameserver.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  In Progress

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable difference:

  Success:
  UDP payload size: 4096

  Failure:
  UDP payload size: 512
  And notable differences in the responses:

  Success:
  Flags: 0x8180 Standard query response, No error
   ..0.   = Truncated: Message is not truncated

  Failure:
  Flags: 

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-13 Thread Chad Kimes
Azure DNS does support DNS over TCP. Looking through a separate packet
capture I had taken during investigating this issue, I don't see any
attempts by resolved to open a TCP connection to port 53 of the DNS
server (in fact, I don't see any use of TCP port 53 at all).

Wireshark filters used:

udp.port == 53 or tcp.port == 53 (shows all DNS traffic)
tcp.port == 53 (shows nothing)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  In Progress

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable difference:

  Success:
  UDP payload size: 4096

  Failure:
  UDP payload size: 512
  And notable differences in the responses:

  Success:
  Flags: 0x8180 Standard query response, No error
   ..0.   = Truncated: Message is not truncated

  Failure:
  Flags: 0x8380 Standard query response, No error
   ..1.   = Truncated: Message is truncated

  Interestingly, systemd-resolved is setting the maximum payload size to 512 
regardless of whether EDNS0 is configured and regardless of what is sent to it 
for the payload size.
  I tried to found a way to 

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-10 Thread Dan Streetman
Unfortunately, this is a bug in upstream systemd.

For some reason, resolved's current upstream code clamps the 'best'
server protocol level at 512-byte-sized EDNS0 if DNSSEC is disabled.
Since the default is for DNSSEC to be disabled, this means by default,
resolved will restrict its udp edns0 packets sent to upstream
nameservers at 512 bytes, as you indicated in the bug description.

normally, this is ok because most nameservers support TCP, and resolved
always falls back to TCP when it finds a truncated response.  However,
your upstream nameserver seems to either not support TCP DNS, or its
port 53 is firewalled for TCP.

This will take some time to open an upstream bug and investigate
patching. If you open an upstream bug please add a comment with the
link.

** Changed in: systemd (Ubuntu)
 Assignee: (unassigned) => Dan Streetman (ddstreet)

** Changed in: systemd (Ubuntu)
   Importance: Undecided => Medium

** Changed in: systemd (Ubuntu)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  In Progress

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable 

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-10 Thread Dan Streetman
** Changed in: systemd (Ubuntu)
   Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  Confirmed

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable difference:

  Success:
  UDP payload size: 4096

  Failure:
  UDP payload size: 512
  And notable differences in the responses:

  Success:
  Flags: 0x8180 Standard query response, No error
   ..0.   = Truncated: Message is not truncated

  Failure:
  Flags: 0x8380 Standard query response, No error
   ..1.   = Truncated: Message is truncated

  Interestingly, systemd-resolved is setting the maximum payload size to 512 
regardless of whether EDNS0 is configured and regardless of what is sent to it 
for the payload size.
  I tried to found a way to change UDP_PAYLOAD_SIZE,but it seems it is only 
possible to change it only with direct code modifications.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1886128/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : 

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-09 Thread Darii Nurgaleev
Thank you for the explanation, I have gathered dns.pcap file with the
required option.

** Attachment added: "dns (1).pcap"
   
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1886128/+attachment/5391049/+files/dns%20%281%29.pcap

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable difference:

  Success:
  UDP payload size: 4096

  Failure:
  UDP payload size: 512
  And notable differences in the responses:

  Success:
  Flags: 0x8180 Standard query response, No error
   ..0.   = Truncated: Message is not truncated

  Failure:
  Flags: 0x8380 Standard query response, No error
   ..1.   = Truncated: Message is truncated

  Interestingly, systemd-resolved is setting the maximum payload size to 512 
regardless of whether EDNS0 is configured and regardless of what is sent to it 
for the payload size.
  I tried to found a way to change UDP_PAYLOAD_SIZE,but it seems it is only 
possible to change it only with direct code modifications.

To manage notifications about this bug 

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-08 Thread Dan Streetman
> dns.pcap Edit (14.5 KiB, application/vnd.tcpdump.pcap)

that's tcpdump output, not actually a pcap; to get an actual pcap use
the tcpdump -w parameter to write the packets to a file.

> Could you please advise how to increase UDP payload size for the local
stub resolver?

resolved adjusts levels automatically.  looking at your dns packet
capture will be the easiest way to tell what the problem is.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable difference:

  Success:
  UDP payload size: 4096

  Failure:
  UDP payload size: 512
  And notable differences in the responses:

  Success:
  Flags: 0x8180 Standard query response, No error
   ..0.   = Truncated: Message is not truncated

  Failure:
  Flags: 0x8380 Standard query response, No error
   ..1.   = Truncated: Message is truncated

  Interestingly, systemd-resolved is setting the maximum payload size to 512 
regardless of whether EDNS0 is configured and regardless of what is sent to it 
for the payload size.
  I tried 

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-08 Thread Darii Nurgaleev
Thank you for the detailed explanation.

Let me clarify some things here:

1) In the initial reply, I provided two types of reponses:

- A successful one, that goes right through EDNS0 with UDP payload size 4096
- An unsuccessful one, that goes through the local stub resolver, but with udp 
payload size 512. I believe that successful example confirms that EDNS supports 
larger UDP payload size. Is it correct? 

Could you please advise how to increase UDP payload size for the local
stub resolver?

2) I have gathered data using tcpdump, I hope it sheds some light on
this.


** Attachment added: "dns.pcap"
   
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1886128/+attachment/5390841/+files/dns.pcap

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable difference:

  Success:
  UDP payload size: 4096

  Failure:
  UDP payload size: 512
  And notable differences in the responses:

  Success:
  Flags: 0x8180 Standard query response, No error
   ..0.   = Truncated: Message is not truncated

  

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-08 Thread Dan Streetman
well that's not a pcap, a pcap is a packet capture, e.g. from tcpdump.

Your log shows your response is truncated:
Jul 08 07:27:22 ubuntu18oras systemd-resolved[963]: Got DNS stub UDP query 
packet for id 2283
Jul 08 07:27:22 ubuntu18oras systemd-resolved[963]: Looking up RR for 
mharder-formrec.cognitiveservices.azure.com IN A.
Jul 08 07:27:22 ubuntu18oras systemd-resolved[963]: Cache miss for 
mharder-formrec.cognitiveservices.azure.com IN A
Jul 08 07:27:22 ubuntu18oras systemd-resolved[963]: Transaction 26533 for 
 scope dns on eth0/*.
Jul 08 07:27:22 ubuntu18oras systemd-resolved[963]: Using feature level 
UDP+EDNS0 for transaction 26533.
Jul 08 07:27:22 ubuntu18oras systemd-resolved[963]: Using DNS server 
168.63.129.16 for transaction 26533.
Jul 08 07:27:22 ubuntu18oras systemd-resolved[963]: Sending query packet with 
id 26533.
Jul 08 07:27:22 ubuntu18oras systemd-resolved[963]: Processing query...
Jul 08 07:27:22 ubuntu18oras systemd-resolved[963]: Processing incoming packet 
on transaction 26533. (rcode=SUCCESS)
Jul 08 07:27:22 ubuntu18oras systemd-resolved[963]: Reply truncated, retrying 
via TCP.

resolved then retries using tcp, but your upstream nameserver doesn't
respond:

Jul 08 07:27:23 ubuntu18oras systemd-resolved[963]: Timeout reached on
transaction 26533.

you should make sure your upstream nameserver supports tcp and/or check
your firewalling to make sure tcp can reach your upstream nameserver,
and/or make sure your upstream nameserver supports larger udp packet
sizes with edns0.

An actual packet capture would show exactly what is going on.


for reference, on my system (Ubuntu Bionic 18.04 container) edns0 works fine 
for that hostname without any truncation:

Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Got DNS stub UDP query 
packet for id 18607
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Looking up RR for 
mharder-formrec.cognitiveservices.azure.com IN A.
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Switching to DNS server 
10.202.51.1 for interface eth0.
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Cache miss for 
mharder-formrec.cognitiveservices.azure.com IN A
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Transaction 3905 for 
 scope dns on eth0/*.
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Using feature level 
UDP+EDNS0 for transaction 3905.
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Using DNS server 
10.202.51.1 for transaction 3905.
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Sending query packet with 
id 3905.
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Processing query...
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Processing incoming packet 
on transaction 3905. (rcode=SUCCESS)
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Verified we get a response 
at feature level UDP+EDNS0 from DNS server 10.202.51.1.
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Added positive 
unauthenticated cache entry for mharder-formrec.cognitiveservices.azure.com IN 
CNAME 899s on */INET/10.202.51.1
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Added positive 
unauthenticated cache entry for westus2.api.cognitive.microsoft.com IN CNAME 
3598s on */INET/10.202.51.1
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Added positive 
unauthenticated cache entry for cognitiveusw2prod.trafficmanager.net IN CNAME 
28s on */INET/10.202.51.1
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Added positive 
unauthenticated cache entry for cognitiveusw2prod.azure-api.net IN CNAME 898s 
on */INET/10.202.51.1
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Added positive 
unauthenticated cache entry for 
apimgmttmmtjxmdjuddplpewicwu8gnxxj7ehaj3ubplfwharv.trafficmanager.net IN CNAME 
298s on */INET/10.202.51.1
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Added positive 
unauthenticated cache entry for 
cognitiveusw2prod-westus2-01.regional.azure-api.net IN CNAME 898s on 
*/INET/10.202.51.1
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Added positive 
unauthenticated cache entry for 
apimgmthsn6metwepz5stnvukztxi3dks7nna13rgbo90ytolj.cloudapp.net IN A 58s on 
*/INET/10.202.51.1
Jul 08 17:35:18 lp1886128-b systemd-resolved[1114]: Transaction 3905 for 
 on scope dns on eth0/* now 
complete with  from network (unsigned).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-08 Thread Darii Nurgaleev
Added log as attachment

** Attachment added: "pcap.log"
   
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1886128/+attachment/5390800/+files/pcap.log

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable difference:

  Success:
  UDP payload size: 4096

  Failure:
  UDP payload size: 512
  And notable differences in the responses:

  Success:
  Flags: 0x8180 Standard query response, No error
   ..0.   = Truncated: Message is not truncated

  Failure:
  Flags: 0x8380 Standard query response, No error
   ..1.   = Truncated: Message is truncated

  Interestingly, systemd-resolved is setting the maximum payload size to 512 
regardless of whether EDNS0 is configured and regardless of what is sent to it 
for the payload size.
  I tried to found a way to change UDP_PAYLOAD_SIZE,but it seems it is only 
possible to change it only with direct code modifications.

To manage notifications about this bug go to:

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-08 Thread Dan Streetman
> please note: after the first read, link will disappear

it's already gone (this is a public bug)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable difference:

  Success:
  UDP payload size: 4096

  Failure:
  UDP payload size: 512
  And notable differences in the responses:

  Success:
  Flags: 0x8180 Standard query response, No error
   ..0.   = Truncated: Message is not truncated

  Failure:
  Flags: 0x8380 Standard query response, No error
   ..1.   = Truncated: Message is truncated

  Interestingly, systemd-resolved is setting the maximum payload size to 512 
regardless of whether EDNS0 is configured and regardless of what is sent to it 
for the payload size.
  I tried to found a way to change UDP_PAYLOAD_SIZE,but it seems it is only 
possible to change it only with direct code modifications.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1886128/+subscriptions

-- 
Mailing list: 

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-08 Thread Darii Nurgaleev
Thank you,

I have gathered required log as you mentioned:

Output of journalctl -b -u systemd-resolved --no-pager( please note: after the 
first read, link will disappear )
https://file.io/2LcfbtNf

Output of dig:

dig mharder-formrec.cognitiveservices.azure.com

; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16016
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;mharder-formrec.cognitiveservices.azure.com. INA

;; Query time: 231 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Jul 08 07:40:24 UTC 2020
;; MSG SIZE  rcvd: 72

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable difference:

  Success:
  UDP payload size: 4096

  Failure:
  UDP payload size: 512
  And notable differences in the responses:

  Success:
  Flags: 0x8180 Standard query response, No error
   

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-07 Thread Dan Streetman
> We are reffering to the local stub resolver

yes, i understand that, but i'm asking if you are talking about local
traffic TO the stub resolver, or traffic FROM the stub resolver to your
upstream nameserver.

If you have pcap showing the problem, please attach it.

If you're not sure what I'm talking about, then you should do:

$ sudo systemctl edit systemd-resolved

and in the file editor it opens, add this content:


[Service]
Environment=SYSTEMD_LOG_LEVEL=debug


then save the file and reboot.

then try looking up your host again (using the local stub resolver of
course).

Gather the resolved logs and attach or paste them here.

$ journalctl -b -u systemd-resolved --no-pager

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable difference:

  Success:
  UDP payload size: 4096

  Failure:
  UDP payload size: 512
  And notable differences in the responses:

  Success:
  Flags: 0x8180 Standard query response, No error
   ..0.   = Truncated: Message is not truncated

  Failure:
  Flags: 0x8380 

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-07 Thread Darii Nurgaleev
Thank you for the answer. We are reffering to the local stub resolver(
127.0.0.53 ). As a workaround we have created symbolic link:

sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

However, with the local stub resolver is still not working.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable difference:

  Success:
  UDP payload size: 4096

  Failure:
  UDP payload size: 512
  And notable differences in the responses:

  Success:
  Flags: 0x8180 Standard query response, No error
   ..0.   = Truncated: Message is not truncated

  Failure:
  Flags: 0x8380 Standard query response, No error
   ..1.   = Truncated: Message is truncated

  Interestingly, systemd-resolved is setting the maximum payload size to 512 
regardless of whether EDNS0 is configured and regardless of what is sent to it 
for the payload size.
  I tried to found a way to change UDP_PAYLOAD_SIZE,but it seems it is only 
possible to change it only with direct code modifications.

To manage 

[Touch-packages] [Bug 1886128] Re: systemd-resolved does not resolve address due to udp payload size.

2020-07-07 Thread Dan Streetman
Are you referring to edns0 from glibc to the local stub resolver, or
edns0 from systemd-resolved to the upstream nameserver?

I don't see any problem when i resolve the name on bionic:

$ lsb_release -c
Codename:   bionic

$ dpkg -l systemd|grep systemd
ii  systemd237-3ubuntu10.41 amd64system and service manager

$ dig +short mharder-formrec.cognitiveservices.azure.com
westus2.api.cognitive.microsoft.com.
cognitiveusw2prod.trafficmanager.net.
cognitiveusw2prod.azure-api.net.
apimgmttmmtjxmdjuddplpewicwu8gnxxj7ehaj3ubplfwharv.trafficmanager.net.
cognitiveusw2prod-westus2-01.regional.azure-api.net.
apimgmthsn6metwepz5stnvukztxi3dks7nna13rgbo90ytolj.cloudapp.net.
52.229.16.14


** Changed in: systemd (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1886128

Title:
  systemd-resolved does not resolve address due to udp payload size.

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  Description:  Ubuntu 18.04.4 LTS
  Release:  18.04

  systemd-resolve --version

  systemd 237
  +PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
  +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN
  -PCRE2 default-hierarchy=hybrid

  We met an error: on an attempt to resolve address, the following issue
  appears:

  ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> 
mharder-formrec.cognitiveservices.azure.com
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44096
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 65494
  ;; QUESTION SECTION:
  ;mharder-formrec.cognitiveservices.azure.com. IN  A

  ;; Query time: 231 msec
  ;; SERVER: 127.0.0.53#53(127.0.0.53)
  ;; WHEN: Tue Apr 28 20:47:14 UTC 2020
  ;; MSG SIZE  rcvd: 72

  Let me provide you important notes about the issue:
  1) It's not reproducing on Ubuntu 16;
  2) Bypassing systemd-resolve - everything works fine;
  3) Only the difference between systemd-resolve and END is UDP_PAYLOAD_SIZE

  Successful query:

  113516:27:25.964386 10.1.0.4168.63.129.16   DNS 128
  Standard query 0xc2d4 A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0xc2d4
  Flags: 0x0120 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ..1.  = AD bit: Set
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 4096
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 12
  Option: COOKIE
  Unsuccessful query:

  112816:27:25.713886 10.1.0.4168.63.129.16   DNS 116
  Standard query 0x198d A mharder-formrec.cognitiveservices.azure.com
  OPT

  Domain Name System (query)
  Transaction ID: 0x198d
  Flags: 0x0100 Standard query
  0...    = Response: Message is a query
  .000 0...   = Opcode: Standard query (0)
   ..0.   = Truncated: Message is not truncated
   ...1   = Recursion desired: Do query recursively
    .0..  = Z: reserved (0)
    ...0  = Non-authenticated data: Unacceptable
  Questions: 1
  Answer RRs: 0
  Authority RRs: 0
  Additional RRs: 1
  Queries
  mharder-formrec.cognitiveservices.azure.com: type A, class IN
  Additional records
  : type OPT
  Name: 
  Type: OPT (41)
  UDP payload size: 512
  Higher bits in extended RCODE: 0x00
  EDNS0 version: 0
  Z: 0x
  0...    = DO bit: Cannot handle DNSSEC security 
RRs
  .000    = Reserved: 0x
  Data length: 0
  Notable difference:

  Success:
  UDP payload size: 4096

  Failure:
  UDP payload size: 512
  And notable differences in the responses:

  Success:
  Flags: 0x8180 Standard query response, No error
   ..0.