Unfortunately, this is a bug in upstream systemd.
For some reason, resolved's current upstream code clamps the 'best'
server protocol level at 512-byte-sized EDNS0 if DNSSEC is disabled.
Since the default is for DNSSEC to be disabled, this means by default,
resolved will restrict its udp edns0 packets sent to upstream
nameservers at 512 bytes, as you indicated in the bug description.
normally, this is ok because most nameservers support TCP, and resolved
always falls back to TCP when it finds a truncated response. However,
your upstream nameserver seems to either not support TCP DNS, or its
port 53 is firewalled for TCP.
This will take some time to open an upstream bug and investigate
patching. If you open an upstream bug please add a comment with the
link.
** Changed in: systemd (Ubuntu)
Assignee: (unassigned) => Dan Streetman (ddstreet)
** Changed in: systemd (Ubuntu)
Importance: Undecided => Medium
** Changed in: systemd (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1886128
Title:
systemd-resolved does not resolve address due to udp payload size.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1886128/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
