[Bug 1731522] Re: systemd-resolved does not listen on TCP port, cannot serve large records (Cannot ping pod51041.outlook.com but can dig.)

Daniel Richard G. skunk at iskunk.org
Thu Apr 5 06:06:27 UTC 2018 

Steve, Bionic still has the default (commented-out)

    #DNSStubListener=udp

in /etc/systemd/resolved.conf .

I've noticed that this breaks Kerberos KDC lookup at a large site,
because the reply is quite large:

    # host -t SRV _kerberos._udp.xxx.example.com
    ;; Connection to 127.0.0.53#53(127.0.0.53) for _kerberos._udp.xxx.example.com failed: connection refused.

    # kinit user at XXX.EXAMPLE.COM
    kinit: Cannot find KDC for realm "XXX.EXAMPLE.COM" while getting initial credentials

After setting DNSStubListener=yes:

    # host -t srv _kerberos._udp.xxx.example.com
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx01.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx02.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx03.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx04.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx05.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx06.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx07.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx08.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx09.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx10.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx11.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx12.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx13.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx14.xxx.example.com.
    _kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx15.xxx.example.com.

    # kinit user at XXX.EXAMPLE.COM
    Password for user at XXX.EXAMPLE.COM:

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1731522

Title:
  systemd-resolved does not listen on TCP port, cannot serve large
  records (Cannot ping pod51041.outlook.com but can dig.)

Status in systemd:
  Fix Released
Status in systemd package in Ubuntu:
  Triaged

Bug description:
  Trying to resolve pod51041.outlook.com's domain name seems to fail for
  applications:

  $ ping pod51041.outlook.com
  ping: pod51041.outlook.com: Temporary failure in name resolution

  (Also can't access via thunderbird).

  However, it seems to work directly via systemd-resolve:

  $ systemd-resolve pod51041.outlook.com
  pod51041.outlook.com: 40.97.160.2
                        40.97.126.50
                        132.245.38.194
                        40.97.147.194
                        132.245.41.34
                        40.97.176.2
                        40.97.150.242
                        40.97.85.114
                        40.97.120.50
                        40.97.85.2
                        40.97.176.34
                        40.97.138.242
                        40.97.166.18
                        40.97.120.162
                        40.97.119.82
                        40.97.176.18
                        40.97.85.98
                        40.97.134.34
                        40.97.84.18

  -- Information acquired via protocol DNS in 2.5ms.
  -- Data is authenticated: no

  It also works with dig and nslookup.

  Not quite sure why this is the case, I've spotted this issue upstream
  that looks similar: https://github.com/systemd/systemd/issues/6520.
  However, I'm not familiar enough with DNS to tell if it is the same
  issue.

  ProblemType: Bug
  DistroRelease: Ubuntu 17.10
  Package: systemd 234-2ubuntu12
  ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4
  Uname: Linux 4.13.0-16-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
  ApportVersion: 2.20.7-0ubuntu3
  Architecture: amd64
  CurrentDesktop: MATE
  Date: Fri Nov 10 13:10:02 2017
  InstallationDate: Installed on 2017-11-10 (0 days ago)
  InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64 (20171018)
  MachineType: LENOVO 2324BB9
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.13.0-16-generic.efi.signed root=UUID=8ab6bf88-72bd-4308-941e-3b36d4d7811b ro rootflags=subvol=@ quiet splash vt.handoff=7
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 03/03/2016
  dmi.bios.vendor: LENOVO
  dmi.bios.version: G2ETA6WW (2.66 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 2324BB9
  dmi.board.vendor: LENOVO
  dmi.board.version: Not Defined
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Not Available
  dmi.modalias: dmi:bvnLENOVO:bvrG2ETA6WW(2.66):bd03/03/2016:svnLENOVO:pn2324BB9:pvrThinkPadX230:rvnLENOVO:rn2324BB9:rvrNotDefined:cvnLENOVO:ct10:cvrNotAvailable:
  dmi.product.family: ThinkPad X230
  dmi.product.name: 2324BB9
  dmi.product.version: ThinkPad X230
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1731522/+subscriptions

More information about the foundations-bugs mailing list