[Bug 1854976] Re: systemd-resolved doesn't work with "host -l" / AXFR queries

Steve Langasek steve.langasek at canonical.com
Tue Dec 3 19:08:30 UTC 2019 

An AXFR is not a normal end-user operation, and for most public DNS
servers these queries are denied for security reasons.  I don't think
it's reasonable to expect an AXFR query to work against your local
forwarding resolver; I think it was accidental that this worked under
dnsmasq.

You should be able to execute a 'host -l' against an actual
authoritative nameserver for the domain, if the nameserver is configured
to support this, by listing its name as an additional argument to 'host'
i.e.:

  host -l mydomain.lan mydns.mydomain.lan

So I think this bug should be closed as 'wontfix', but I'm leaving it
for the systemd maintainers to make that determination.

** Changed in: systemd (Ubuntu)
     Assignee: (unassigned) => Dimitri John Ledkov (xnox)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1854976

Title:
  systemd-resolved doesn't work with "host -l" / AXFR queries

Status in systemd package in Ubuntu:
  New

Bug description:
  Hello,

  some time ago network-manager in Ubuntu switched from dnsmasq to
  systemd-resolved.

  When network-manager used dnsmasq to handle DNS, one could use "host
  -l" to list all the hosts in a DNS zone, something like this:

  $ host -l mydomain.lan
  mydomain.lan name server mydns.mydomain.lan
  host1.mydomain.lan has address x.x.x.x
  host2.mydomain.lan has address x.x.x.x
  host3.mydomain.lan has address x.x.x.x
  host4.mydomain.lan has address x.x.x.x
  [...]

  That, unfortunately, no longer works since the switch to systemd-resolved, it always fails like this:
  $ host -l mydomain.lan
  Host mydomain.lan not found: 4(NOTIMP)
  ; Transfer failed.

  And I think that's because systemd-resolved is "filtering" the AXFR
  queries issued by "host -l" (I checked the network traffic with tcdump
  and that "NOTIMP" comes from the loopback interface).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1854976/+subscriptions

More information about the foundations-bugs mailing list