I upgraded to Ubuntu 17.04 and it appears to now have a new DNS resolver mechanism first introduced in Ubuntu 16.10.
I am now getting DNS lookup failures 50% of the time. Every other call to nslookup is failing, with half the calls resolving fine and half giving this:
watch -n 1 nslookup google.com
Server: 127.0.0.53
Address: 127.0.0.53#53
** server can't find google.com: SERVFAIL
From what I understand, that DNS server IP address is now used to represent systemd-resolved, which does some kind of meta lookup to avoid slower DNS queries (or something...). I am seeing the exact same behavior on two machines I have upgraded to 17.04 in the past week.
Any idea what the problem is here, and the correct way to address it?
Things were working fine before the upgrade (from 16.04 or 16.10, I don't remember which, sorry). I THOUGHT 17.04 was a LTS release but now I see that I jumped the gun and it won't be considered stable until April. So... here I am.
Also of note... browsers don't seem to exhibit problems, but nslookup, ping, git, etc. do.
Answer
Ubuntu 17.04 can not resolve DNS servers with DNSSEC support as of 2017-04-18. Disable DNSSEC with this daemon:
sudo mkdir -p /etc/systemd/resolved.conf.d
printf "[Resolve]\nDNSSEC=no\n" | sudo tee /etc/systemd/resolved.conf.d/no-dnssec.conf
Optionally reconfigure resolvconf if you messed with it (say yes to "prepare /etc/resolve.conf for dynamic updates?"):
sudo dpkg-reconfigure resolvconf
Restart systemd-resolved:
sudo systemctl restart systemd-resolved
Your DNS should start working. You can check by trying systemd-resolve www.google.com and seeing a response.
No comments:
Post a Comment