[Bug 1717015] Re: libc resolver stops searching domain search list after getting back NSEC record

Jonathan Kamens jik at kamens.brookline.ma.us
Thu Feb 1 15:52:48 UTC 2018 

I haven't changed /etc/systemd/resolved.conf.

Here's systemd-resolve --status

Global
          DNS Domain: cnn.com
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 5 (virbr0-nic)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 4 (virbr0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 3 (wlp3s0)
      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.43.1

Link 2 (enp0s25)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1717015

Title:
  libc resolver stops searching domain search list after getting back
  NSEC record

Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  Suppose that:

  1. you have a "search" line in your /etc/resolv.conf file;
  2. it has two domains in it; and
  3. the first of the two domains does DNSSEC, including returning NSEC records for nonexisting hosts.

  In this situation, when you try to look up a host name in the second
  domain without specifying the domain part of the host name, the libc
  resolver will stop after it gets back the NSEC record and report that
  the host name doesn't exist, rather than moving on to the second
  domain in the search list and searching for the host in that domain.

  See also https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1717014
  .

  ProblemType: Bug
  DistroRelease: Ubuntu 17.04
  Package: libc6 2.24-9ubuntu2.2
  ProcVersionSignature: Ubuntu 4.10.0-33.37-generic 4.10.17
  Uname: Linux 4.10.0-33-generic x86_64
  ApportVersion: 2.20.4-0ubuntu4.5
  Architecture: amd64
  CurrentDesktop: Unity:Unity7
  Date: Wed Sep 13 16:00:45 2017
  Dependencies:
   gcc-6-base 6.3.0-12ubuntu2
   libc6 2.24-9ubuntu2.2
   libgcc1 1:6.3.0-12ubuntu2
  InstallationDate: Installed on 2016-08-09 (400 days ago)
  InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
  SourcePackage: glibc
  UpgradeStatus: Upgraded to zesty on 2017-04-19 (147 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1717015/+subscriptions

More information about the foundations-bugs mailing list