Thanks, I was hoping for some help to find the right place to report this. I poked around some more, and I found out what the problem was. First of all, my wireless router was confused. I rebooted it, and then everything started working again.
I did some debugging before I rebooted it, though, and the reason for the partial failure situation was that EDNS0 wasn't specified in the queries sent by Ubuntu, but dig specifies it by default (as well as the AD flag, but I don't think that's relevant). A partial result should have been given by the DNS server (on the wireless router), or it should have truncated the reply to force a TCP retry by the client. (Now that everything works, it trims down the Additional section to fit the response.) To confirm, I ran dig like this, and these queries failed on my confused router: dig +noedns +noadflag @127.0.1.1 www.sciencedaily.com So if Ubuntu had in fact set EDNS0 in the query, it would have worked. Falling back to TCP presumably wasn't an option since no malformed/truncated result was received first. Feel free to close this issue if my router's behaviour was completely unacceptable and should cause failure on the client side. If it ought to have been handled better by Ubuntu, however, this may have been an interesting corner case for debugging. Let me know if you need anything else. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1466608 Title: Unable to resolve domains with large EDNS0 replies Status in dnsmasq package in Ubuntu: New Bug description: Not sure resolvconf is the correct place to report this bug, but I'm unable to resolve domains with large EDNS0 replies. A couple of examples are www.sciencedaily.com and www.ncbi.nlm.nih.gov. Interestingly, they resolve when I use "dig <domain>", but if I enter a URL with either of those domains in my browser (tried Chromium and Firefox), then name resolution fails. Ping also fails with a name resolution error message. Here's an example: $ dig www.ncbi.nlm.nih.gov ; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.ncbi.nlm.nih.gov ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8409 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1280 ;; QUESTION SECTION: ;www.ncbi.nlm.nih.gov. IN A ;; ANSWER SECTION: www.ncbi.nlm.nih.gov. 2358 IN CNAME www.wip.ncbi.nlm.nih.gov. www.ncbi.nlm.nih.gov. 2358 IN RRSIG CNAME 7 5 86400 20151213102025 20150616102025 52670 ncbi.nlm.nih.gov. dZt9uuyLImbB23vdqcsSK+nWK77BREttiAP80Ovq2/xV48JsII3Uxzxc W8OkLmc5dSdPNkfwc6QFC/+wqe+4ORb1TC4Qxw5HQxo4nCindPFGZAgJ SEFcWRJ2HrU5BKz/MeVMALJ3YN6LSHIwkTIwJbKweTGLQTZPZTryp1M7 UQrqd0hs7tjjwVl/6zRIA5UGgFbdrLwX9jmh4ykBTqK8u0Rt/wrTeHbp UpVMxAUdUW1CJ7xAnn/k4td6zdx7Tm5+CkS99Qva0cPfSSo6Qh4Uplun LKwT9GR4zqBTQRjBWSTf2YdhrAU8oyh9WbQ66WHLYkC8Kp55iskL8E8p E5wOYA== www.wip.ncbi.nlm.nih.gov. 30 IN A 130.14.29.110 www.wip.ncbi.nlm.nih.gov. 30 IN RRSIG A 7 6 30 20150708223631 20150617223631 34334 wip.ncbi.nlm.nih.gov. aF9abjtGNMz+8NkcTGIY8GwjfZBCcL532B2sdJM891OAP2V9GwPCDGNY VzMPzZjMGN9qHsBgXuFY5jZQNWFvWfIQctTJEZTxClyJyFhe5JbyIspg NIO6ZXxjD3h7Ax/Sr5peyf8mfCU/8FZHPGJOhsNEFOwL3RjIddTK6Ibc PQ55CWOuVrvw26kKj9gxBG8r6iBcKe89xHQYPm1w+Osp8c2twGhqBmfd 7zcRxFLyF0BpY63kcQiF5lJ2fI31x+zCAROL9H3L1jm/K7aMAiO5kuWl DK57upsmtQNzjWX8coYpm7/3Gebfmpjx4BtC75L5IP/WfwVBfzHeRjAG KY/7aQ== ;; Query time: 132 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Thu Jun 18 20:26:50 CEST 2015 ;; MSG SIZE rcvd: 699 $ ping www.ncbi.nlm.nih.gov ping: unknown host www.ncbi.nlm.nih.gov I also watched with tcpdump when trying to look up the domain www.sciencedaily.com, and when I use dig I immediately get the reply, but when trying with ping I don't get any reply, and it gives up after 4 queries are sent. Must have something to do with the DNS flags that are set on the query in the different cases. Here's a lookup with dig: 20:01:47.857269 IP 127.0.0.1.56927 > 127.0.1.1.53: 9907+ [1au] A? www.sciencedaily.com. (49) 20:01:47.869516 IP 127.0.1.1.53 > 127.0.0.1.56927: 9907 2/6/43 CNAME ed5n3.x.incapdns.net., A 149.126.72.70 (879) and here's a name resolution triggered by running ping: 20:02:47.969527 IP 127.0.0.1.35905 > 127.0.1.1.53: 59118+ A? www.sciencedaily.com. (38) 20:02:52.974752 IP 127.0.0.1.35905 > 127.0.1.1.53: 59118+ A? www.sciencedaily.com. (38) 20:02:57.980296 IP 127.0.0.1.48738 > 127.0.1.1.53: 3668+ A? www.sciencedaily.com. (38) 20:03:02.985493 IP 127.0.0.1.48738 > 127.0.1.1.53: 3668+ A? www.sciencedaily.com. (38) I've not experienced this before, though these aren't domains I commonly visit. Is this a new issue? ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: resolvconf 1.69ubuntu1.1 ProcVersionSignature: Ubuntu 3.13.0-52.86-generic 3.13.11-ckt18 Uname: Linux 3.13.0-52-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.11 Architecture: amd64 CurrentDesktop: Unity Date: Thu Jun 18 20:23:19 2015 InstallationDate: Installed on 2014-10-19 (241 days ago) InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2) PackageArchitecture: all SourcePackage: resolvconf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1466608/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp