[Bug 1624320] Re: systemd-resolved appends 127.0.0.53 to resolv.conf alongside existing entries

David Litster 1624320 at bugs.launchpad.net
Fri Mar 1 01:01:49 UTC 2019 

Also affects me.

I cannot believe that this is still set to low.  This is yet another
case of the systemd circus-tools causing unexpected behavior for long-
time linux users.

This breaks local DNS resolution in my homelab.  I should NOT have to do
a Google search to fix this, it should just work properly (like it used
to).

Fresh install of 18.04.2.  Notice that systemd is incapable of giving me
a lookup on my local LAN:

#CORRECT WHEN SPECIFIED MANUALLY
david at server:~$ nslookup ansible-nas 10.0.1.1 
Server:		10.0.1.1
Address:	10.0.1.1#53

Name:	ansible-nas
Address: 10.0.1.37

#SYSTEMD-RESOLVD PROXY IS BROKEN
david at server:~$ nslookup ansible-nas 
Server:		127.0.0.53
Address:	127.0.0.53#53

** server can't find ansible-nas: SERVFAIL

#AND YET IT CLAIMS IT'S USING MY ROUTERS DNS
david at server:~$ sudo systemd-resolve --status
...
Link 2 (enp2s0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 10.0.1.1

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1624320

Title:
  systemd-resolved appends 127.0.0.53 to resolv.conf alongside existing
  entries

Status in systemd package in Ubuntu:
  Confirmed

Bug description:
  systemd-resolved, or more precisely the hook script
  /lib/systemd/system/systemd-resolved.service.d/resolvconf.conf, causes
  resolvconf to add 127.0.0.53 to the set of nameservers in
  /etc/resolv.conf alongside the other nameservers.  That makes no sense
  because systemd-resolved sets up 127.0.0.53 as a proxy for those other
  nameservers.  The effect is similar to bug 1624071 but for
  applications doing their own DNS lookups.  It breaks any DNSSEC
  validation that systemd-resolved tries to do; applications will
  failover to the other nameservers, bypassing validation failures.  And
  it makes failing queries take twice as long.

  /etc/resolv.conf should have only 127.0.0.53 when systemd-resolved is
  active.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624320/+subscriptions

More information about the foundations-bugs mailing list