DNS stops resolving on Ubuntu 18.04
I'm having issues with DNS lookups on my new install running Ubuntu 18.04 LTS. It uses the Linode "Auto-configure Networking" and I haven't made any changes to network config files.
The problem: emails weren't being sent because lookups don't resolve.
Here is the error from the mail log:
Host or domain name not found. Name service error for name=covertcabin.com type=A: Host found but no data record of requested type
Using dig returns no results (for certain domains), eg:
dig MX covertcabin.com +short
Same for nslookup:
nslookup covertcabin.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
*** Can't find covertcabin.com: No answer
Here is the output from systemd-resolve --status:
matt@leopard:~$ sudo systemd-resolve --status
Global
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 2 (eth0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 212.71.252.5
212.71.253.5
178.79.182.5
DNS Domain: members.linode.com
Here is more output from a similar command. The error reported was at the time I did the nslookup command above that failed:
matt@leopard:~$ sudo systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-08-03 11:18:15 CEST; 44min ago
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Main PID: 13332 (systemd-resolve)
Status: "Processing requests…"
Tasks: 1 (limit: 4661)
CGroup: /system.slice/systemd-resolved.service
└─13332 /lib/systemd/systemd-resolved
Aug 03 11:49:34 leopard systemd-resolved[13332]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
For some reason, the DNS look-up fails and the failure gets cached. So far, this has only been a problem for certain domains hosted on the server. Restarting the system-resolved service fixes the problem.
I'd be grateful for any assistance. Thanks.
6 Replies
This is caused by a bug in systemd-resolved. Until it's fixed, workaround is to bypass caching by changing symlink of resolv.conf file, like so:
sudo ln -sf ../run/systemd/resolve/resolv.conf resolv.conf
Hi - can you provide some reference for this bug or the fix you've presented here? I've been seeing these errors in my syslog and not sure but seems to be in conjunction with a Socket Connection Refused error returned by the webserver. Any chance this could be related?
@mattf10, your answer works if you're already in the /etc folder. This version works everywhere, since it specifies the whole path.
sudo ln -sf ../run/systemd/resolve/resolv.conf /etc/resolv.conf
[Edited to add the following]
There's more to it than that one-liner. The accepted answer here is a more comprehensive approach, and it includes that one-line, and doesn't require reboot.
https://askubuntu.com/questions/966870/dns-not-working-after-upgrade-17-04-to-17-10
Short answer: do the following:
$ sudo rm /etc/resolv.conf
$ sudo ln -s /run/resolvconf/resolv.conf /etc/resolv.conf
$ systemctl restart resolvconf
@billynoah - here is the bug report: https://github.com/systemd/systemd/issues/9833
It's been fixed, but I don't know when it's going to be released.
@clearhat - you're correct. My version uses relative paths. Using the "f" flag = force, so no need to delete the current symlink.
Thanks @mattf10 Been dealing with that crap for a while now, having to restart systemd-resolved every freaking 10 minutes.
It's crazy, but you need to allow access to 127.0.0.53 to use systemd-resolved.
iptables -I INPUT -s localhost -d 127.0.0.53 -j ACCEPT