[Bug 1647031] Re: systemd-resolved’s 127.0.0.53 server does not follow CNAME records

Steve Langasek steve.langasek at canonical.com
Thu Feb 23 23:23:56 UTC 2017 

I was reminded that libnss-resolve is in 'standard' now, which means
it's also installed by default on server and any bugs that affect only
the stub DNS resolver without affecting the dbus service - such as this
one - do not impact DNS resolution by default on server in 16.10.

(I was wondering why no one had reported it before now.)

So, I'm downgrading this from critical to high since it only hits users
of 16.10 server in a few corner cases (i.e. containers, chroots without
libnss-resolve installed).  It should still be SRUed.

** Changed in: systemd (Ubuntu Yakkety)
   Importance: Critical => High

** Changed in: network-manager (Ubuntu Yakkety)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1647031

Title:
  systemd-resolved’s 127.0.0.53 server does not follow CNAME records

Status in systemd:
  New
Status in network-manager package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in network-manager source package in Yakkety:
  Invalid
Status in systemd source package in Yakkety:
  Triaged

Bug description:
  $ systemd-resolve www.freedesktop.org
  www.freedesktop.org: 131.252.210.176
                       2610:10:20:722:a800:ff:feda:470f
                       (annarchy.freedesktop.org)

  -- Information acquired via protocol DNS in 673.6ms.
  -- Data is authenticated: no
  $ ping www.freedesktop.org
  ping: www.freedesktop.org: Name or service not known
  $ cat /etc/resolv.conf
  # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
  #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
  # 127.0.0.53 is the systemd-resolved stub resolver.
  # run "systemd-resolve --status" to see details about the actual nameservers.

  nameserver 127.0.0.53
  $ dig +no{cmd,comments,stats} www.freedesktop.org @127.0.0.53
  ;www.freedesktop.org.		IN	A
  www.freedesktop.org.	7146	IN	CNAME	annarchy.freedesktop.org.
  $ dig +no{cmd,comments,stats} www.freedesktop.org @8.8.8.8
  ;www.freedesktop.org.		IN	A
  www.freedesktop.org.	14399	IN	CNAME	annarchy.freedesktop.org.
  annarchy.freedesktop.org. 14399	IN	A	131.252.210.176

  I trust it needn’t be explained why this makes the internet almost
  completely useless in zesty.

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1647031/+subscriptions

More information about the foundations-bugs mailing list