[Bug 1624320] Re: systemd-resolved appends 127.0.0.53 to resolv.conf alongside existing entries

[Jan Vlug]

I have this issue as well. However, the instructions given in
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624320/comments/57
do not solve the issue for me.

When connecting the strongswan VPN, I see that the
/run/systemd/resolve/resolv.conf file is touched (the timestamp of the
file changes), but the content does not change.

Automatic nor manual DNS servers in the VPN settings do not work.

I tested manual modifying the /run/systemd/resolve/resolv.conf by
changing the nameserver. This works once, but this change is not
persisted, as the file is overwritten each time.

using fully up to date: Linux myhost 5.4.0-48-generic #52-Ubuntu SMP Thu
Sep 10 10:58:49 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1624320

Title:
  systemd-resolved appends 127.0.0.53 to resolv.conf alongside existing
  entries

Status in systemd package in Ubuntu:
  Fix Released
Status in Ubuntu RTM:
  New

Bug description:
  systemd-resolved, or more precisely the hook script
  /lib/systemd/system/systemd-resolved.service.d/resolvconf.conf, causes
  resolvconf to add 127.0.0.53 to the set of nameservers in
  /etc/resolv.conf alongside the other nameservers.  That makes no sense
  because systemd-resolved sets up 127.0.0.53 as a proxy for those other
  nameservers.  The effect is similar to bug 1624071 but for
  applications doing their own DNS lookups.  It breaks any DNSSEC
  validation that systemd-resolved tries to do; applications will
  failover to the other nameservers, bypassing validation failures.  And
  it makes failing queries take twice as long.

  /etc/resolv.conf should have only 127.0.0.53 when systemd-resolved is
  active.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624320/+subscriptions