[Bug 1940908] [NEW] resolved: closes listening socket too rapidly and sends Destination port unreachable
TJ
1940908 at bugs.launchpad.net
Tue Aug 24 09:03:17 UTC 2021
Public bug reported:
With systemd v245 (and v247) and systemd-resolved we're seeing frequent
problems due to resolved rapidly closing the socket on which it sends
out a query before the server has answered. The server answers and then
resolved sends an ICMP Destination Unreachable (Port Unreachable)
response!
This breaks name lookups frequently. In our case the DNS server is
reached via a Wireguard tunnel over a satellite link and latencies can
vary.
A typical example captured via tcpdump:
07:22:03.446919 IP6 fddc:7e00:e001:ee00:fffe:f875:a4f3:42b4.45338 > fddc:7e00:e001:ee00::1.53: 2963+ [1au] AAAA? contile-images.services.mozilla.com. (64)
07:22:03.501089 IP6 fddc:7e00:e001:ee00::1.53 > fddc:7e00:e001:ee00:fffe:f875:a4f3:42b4.45338: 2963 1/0/1 AAAA 2a01:7e00:e001:ee64::2278:7366 (92)
07:22:03.501152 IP6 fddc:7e00:e001:ee00:fffe:f875:a4f3:42b4 > fddc:7e00:e001:ee00::1: ICMP6, destination unreachable, unreachable port, fddc:7e00:e001:ee00:fffe:f875:a4f3:42b4 udp port 45338, length 148
The time difference here is only 0.054170 and there is no way to alter
the timeout in resolved.
There are recent upstream commits to fix this which ought to be cherry-
picked. See:
https://github.com/systemd/systemd/issues/17421
https://github.com/systemd/systemd/pull/17535
https://github.com/systemd/systemd/commit/e03d156f78cb5a0cac85d1e1310d89fdfa4f1b88
** Affects: systemd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1940908
Title:
resolved: closes listening socket too rapidly and sends Destination
port unreachable
Status in systemd package in Ubuntu:
New
Bug description:
With systemd v245 (and v247) and systemd-resolved we're seeing
frequent problems due to resolved rapidly closing the socket on which
it sends out a query before the server has answered. The server
answers and then resolved sends an ICMP Destination Unreachable (Port
Unreachable) response!
This breaks name lookups frequently. In our case the DNS server is
reached via a Wireguard tunnel over a satellite link and latencies can
vary.
A typical example captured via tcpdump:
07:22:03.446919 IP6 fddc:7e00:e001:ee00:fffe:f875:a4f3:42b4.45338 > fddc:7e00:e001:ee00::1.53: 2963+ [1au] AAAA? contile-images.services.mozilla.com. (64)
07:22:03.501089 IP6 fddc:7e00:e001:ee00::1.53 > fddc:7e00:e001:ee00:fffe:f875:a4f3:42b4.45338: 2963 1/0/1 AAAA 2a01:7e00:e001:ee64::2278:7366 (92)
07:22:03.501152 IP6 fddc:7e00:e001:ee00:fffe:f875:a4f3:42b4 > fddc:7e00:e001:ee00::1: ICMP6, destination unreachable, unreachable port, fddc:7e00:e001:ee00:fffe:f875:a4f3:42b4 udp port 45338, length 148
The time difference here is only 0.054170 and there is no way to alter
the timeout in resolved.
There are recent upstream commits to fix this which ought to be
cherry-picked. See:
https://github.com/systemd/systemd/issues/17421
https://github.com/systemd/systemd/pull/17535
https://github.com/systemd/systemd/commit/e03d156f78cb5a0cac85d1e1310d89fdfa4f1b88
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1940908/+subscriptions
More information about the foundations-bugs
mailing list