[Bug 1817903] Re: systemd-resolve appends "options edns0" to resolv.conf
Dan Streetman
dan.streetman at canonical.com
Fri Mar 1 01:10:10 UTC 2019
** Description changed:
[impact]
systems upgraded from pre-Bionic releases to Bionic or later will
continue to use ifupdown/resolvconf for network conf and management, but
resolvconf has a new systemd service in Bionic and later that pulls
systemd-resolved stub-resolv.conf into its local configuration. With
the recent addition of edns0 option to the stub resolver conf in systemd
to fix bug 1811471, this means resolvconf now sets up the
/etc/resolv.conf file to include upstream servers but also use edns.
For any systems where the upstream resolver(s) don't support edns, dns
lookups will break.
[test case]
- create a xenial system with ifupdown/resolvconf, then upgrade to bionic
- (alternately it should be possible to install bionic, then remove
- netplan and install/configure ifupdown and resolvconf). The system
- ifupdown config should include an upstream name server.
+ == upgrade from pre-bionic (e.g. xenial) to bionic or later ==
- After upgrade, the /etc/resolv.conf will contain both the upstream name
- server as well as options edns0.
+ 1) create a xenial system with ifupdown/resolvconf. The ifupdown config
+ needs to include an upstream name server (either static or dynamic). At
+ this point, once the network is configured and up, the resolvconf should
+ have put the upstream name server(s) and search domain into the
+ /etc/resolv.conf. As is usual for pre-systemd releases, there should be
+ no local dns resolver in /etc/resolv.conf (i.e. 127.0.0.53 should not be
+ included) at this point.
+
+ 2) upgrade the system to bionic (alternately it should be possible to install bionic, then remove netplan and install/configure ifupdown and resolvconf, but I have not specifically tested this). The upgrade will retain the ifupdown/resolvconf configuration, and will not change to netplan/systemd-networkd. After upgrade is finished, the /etc/resolv.conf will contain:
+ a) the upstream name server(s)
+ b) options edns0
+ c) the local stub resolver (127.0.0.53)
+ d) search domain
+
+ the fixed resolvconf will remove (b) and (c), and restore
+ /etc/resolv.conf to what it contained in Xenial release, before the
+ upgrade to Bionic.
+
+ As mentioned, this case also should cover the situation of a native
+ Bionic install, where netplan is removed and ifupdown/resolvconf is
+ manually installed.
+
+ == bionic or later install ==
+
+ with a bionic install, ifupdown is not installed, instead netplan
+ /systemd-networkd handle networking. In this case, systemd-networkd
+ manages the /etc/resolv.conf, and symlinks it to networkd's stub-
+ resolv.conf which always contains only the local stub resolver
+ (127.0.0.53) and (recently) options edns0, and local search domain.
+
+ If resolvconf is installed while systemd-networkd is managing the
+ network, then currently the resolv.conf contents will remain completely
+ unchanged, still pointing to the local stub resolver.
+
+ This resolvconf change will alter that, to revert the /etc/resolv.conf
+ to Xenial's contents; specifically, the upstream name server(s) and
+ search domain. It will no longer include the local stub resolver nor
+ edns0.
[regression potential]
- this changes how resolvconf handles system dns on bionic and later:
+ Regressions due to this change would likely be seen in dns query
+ failures with other system configurations.
- 1) networking is managed by ifupdown
-
- resolvconf is currently adding the local stub resolver to
- /etc/resolv.conf, even though in this case it doesn't know about any
- upstream name servers. This change will remove the local stub resolver
- from /etc/resolv.conf; it should not be there.
-
- 2) networking is managed by systemd-networkd
-
- resolvconf is currently setting up /etc/resolv.conf to direct all local
- dns queries to the local stub resolver, similar to how systemd-resolved
- itself configures /etc/resolv.conf. This change will instead set up
- /etc/resolv.conf to bypass the local stub resolver, and send all dns
- queries to the upstream name server(s).
-
- In case #1, this change has little chance for regression; in case #2
- however, this change will bypass the local stub resolver and thus create
- more network dns traffic (since dns queries will not be cached locally).
- However, this is how pre-Bionic releases worked, and simply removing
- resolvconf will restore systemd-resolved control of /etc/resolv.conf,
- causing the system to again use the local stub resolver.
-
- Additional regressions due to this change would likely be seen in dns
- query failures with other system configurations.
+ Additionally, for the case where systemd-networkd is actually managing
+ the network, this change will stop sending dns traffic to the local stub
+ resolver, and instead send it to the upstream name server(s). This will
+ increase outgoing dns traffic (since it's no longer cached locally), but
+ will matches the behavior from Xenial. Additionally, resolvconf should
+ not be needed when systemd-networkd is managing the network (and thus
+ systemd-resolved is managing dns), and resolvconf can simply be
+ uninstalled from the system to move back to normal use of the local stub
+ resolver.
[other info]
This affects only Bionic and later; in Xenial and earlier, resolvconf
does not include the 'resolvconf-pull-resolved' service to pull in the
systemd-resolved stub config, which is what causes this problem.
This also does not affect Debian, as it does not include the
'resolvconf-pull-resolved' service either.
original description:
--
Mint 19 (Ubuntu 18.04)
Following latest mint update done on 24/02/2019, DNS is broken....
nslookup and dig of certain domain names work as expected, ping does not
(ip works but not domain name)
After a day of trial and error, testing I found that the problem lies
with the presence of
"options edns0"
in /run/resolvconf/resolv.conf (link to by /etc/resolv.conf)
With option present many dns lookups fail with both FF and chrome browswers and thunderbird...
This is on a home network, with router set as dns proxy for external wan, not using NetworkManager
Deleting the option on live system results in the issue immediately
disappearing, but on reboot it is added back in (by systemd-resolve ?)
I cannot find any option to prevent this being added, so presumably it
is hard-coded in systemd following the update?
systemd:
Installed: 237-3ubuntu10.13
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to resolvconf in Ubuntu.
https://bugs.launchpad.net/bugs/1817903
Title:
systemd-resolve appends "options edns0" to resolv.conf
Status in resolvconf package in Ubuntu:
Fix Released
Status in systemd package in Ubuntu:
Invalid
Status in resolvconf source package in Trusty:
Invalid
Status in systemd source package in Trusty:
Invalid
Status in resolvconf source package in Xenial:
Invalid
Status in systemd source package in Xenial:
Invalid
Status in resolvconf source package in Bionic:
In Progress
Status in systemd source package in Bionic:
Invalid
Status in resolvconf source package in Cosmic:
In Progress
Status in systemd source package in Cosmic:
Invalid
Status in resolvconf source package in Disco:
Fix Released
Status in systemd source package in Disco:
Invalid
Bug description:
[impact]
systems upgraded from pre-Bionic releases to Bionic or later will
continue to use ifupdown/resolvconf for network conf and management,
but resolvconf has a new systemd service in Bionic and later that
pulls systemd-resolved stub-resolv.conf into its local configuration.
With the recent addition of edns0 option to the stub resolver conf in
systemd to fix bug 1811471, this means resolvconf now sets up the
/etc/resolv.conf file to include upstream servers but also use edns.
For any systems where the upstream resolver(s) don't support edns, dns
lookups will break.
[test case]
== upgrade from pre-bionic (e.g. xenial) to bionic or later ==
1) create a xenial system with ifupdown/resolvconf. The ifupdown
config needs to include an upstream name server (either static or
dynamic). At this point, once the network is configured and up, the
resolvconf should have put the upstream name server(s) and search
domain into the /etc/resolv.conf. As is usual for pre-systemd
releases, there should be no local dns resolver in /etc/resolv.conf
(i.e. 127.0.0.53 should not be included) at this point.
2) upgrade the system to bionic (alternately it should be possible to install bionic, then remove netplan and install/configure ifupdown and resolvconf, but I have not specifically tested this). The upgrade will retain the ifupdown/resolvconf configuration, and will not change to netplan/systemd-networkd. After upgrade is finished, the /etc/resolv.conf will contain:
a) the upstream name server(s)
b) options edns0
c) the local stub resolver (127.0.0.53)
d) search domain
the fixed resolvconf will remove (b) and (c), and restore
/etc/resolv.conf to what it contained in Xenial release, before the
upgrade to Bionic.
As mentioned, this case also should cover the situation of a native
Bionic install, where netplan is removed and ifupdown/resolvconf is
manually installed.
== bionic or later install ==
with a bionic install, ifupdown is not installed, instead netplan
/systemd-networkd handle networking. In this case, systemd-networkd
manages the /etc/resolv.conf, and symlinks it to networkd's stub-
resolv.conf which always contains only the local stub resolver
(127.0.0.53) and (recently) options edns0, and local search domain.
If resolvconf is installed while systemd-networkd is managing the
network, then currently the resolv.conf contents will remain
completely unchanged, still pointing to the local stub resolver.
This resolvconf change will alter that, to revert the /etc/resolv.conf
to Xenial's contents; specifically, the upstream name server(s) and
search domain. It will no longer include the local stub resolver nor
edns0.
[regression potential]
Regressions due to this change would likely be seen in dns query
failures with other system configurations.
Additionally, for the case where systemd-networkd is actually managing
the network, this change will stop sending dns traffic to the local
stub resolver, and instead send it to the upstream name server(s).
This will increase outgoing dns traffic (since it's no longer cached
locally), but will matches the behavior from Xenial. Additionally,
resolvconf should not be needed when systemd-networkd is managing the
network (and thus systemd-resolved is managing dns), and resolvconf
can simply be uninstalled from the system to move back to normal use
of the local stub resolver.
[other info]
This affects only Bionic and later; in Xenial and earlier, resolvconf
does not include the 'resolvconf-pull-resolved' service to pull in the
systemd-resolved stub config, which is what causes this problem.
This also does not affect Debian, as it does not include the
'resolvconf-pull-resolved' service either.
original description:
--
Mint 19 (Ubuntu 18.04)
Following latest mint update done on 24/02/2019, DNS is broken....
nslookup and dig of certain domain names work as expected, ping does
not (ip works but not domain name)
After a day of trial and error, testing I found that the problem lies
with the presence of
"options edns0"
in /run/resolvconf/resolv.conf (link to by /etc/resolv.conf)
With option present many dns lookups fail with both FF and chrome browswers and thunderbird...
This is on a home network, with router set as dns proxy for external wan, not using NetworkManager
Deleting the option on live system results in the issue immediately
disappearing, but on reboot it is added back in (by systemd-resolve ?)
I cannot find any option to prevent this being added, so presumably it
is hard-coded in systemd following the update?
systemd:
Installed: 237-3ubuntu10.13
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1817903/+subscriptions
More information about the foundations-bugs
mailing list