[Bug 1624320] Re: systemd-resolved appends 127.0.0.53 to resolv.conf alongside existing entries

fedorowp fedorowp at gmail.com
Fri May 11 13:42:20 UTC 2018 

Given the number of bug reports, and that this causes delayed breakage
in server environments, perhaps this bug priority should be raised from
"Low" to "Medium"?

I encountered this delayed failure in an LXC container, following
upgrading the server and LXC container from Ubuntu 17.10 to Ubuntu
18.04.


Workaround
----------
Leandro Noskoski on askubuntu.com provided this work-round.

Edit /etc/systemd/resolved.conf, adding your desired DNS server:

change this:

[Resolve]
#DNS=

to this (but use the one you want - this is an example):

[Resolve]
DNS=192.168.1.152

after that, restart the service:

service systemd-resolved restart


DNS resolving should -NOT- be broken for containers by a single version OS upgrade
----------------------------------------------------------------------------------

Unfortunately this is a result of systemd violating 3 of 9 tenets of the
Unix Philosophy:

1 -  Small is beautiful.

2 -  Make each program do one thing well.

6 -  Use software leverage to your advantage.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1624320

Title:
  systemd-resolved appends 127.0.0.53 to resolv.conf alongside existing
  entries

Status in systemd package in Ubuntu:
  Confirmed

Bug description:
  systemd-resolved, or more precisely the hook script
  /lib/systemd/system/systemd-resolved.service.d/resolvconf.conf, causes
  resolvconf to add 127.0.0.53 to the set of nameservers in
  /etc/resolv.conf alongside the other nameservers.  That makes no sense
  because systemd-resolved sets up 127.0.0.53 as a proxy for those other
  nameservers.  The effect is similar to bug 1624071 but for
  applications doing their own DNS lookups.  It breaks any DNSSEC
  validation that systemd-resolved tries to do; applications will
  failover to the other nameservers, bypassing validation failures.  And
  it makes failing queries take twice as long.

  /etc/resolv.conf should have only 127.0.0.53 when systemd-resolved is
  active.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624320/+subscriptions

More information about the foundations-bugs mailing list