Ubuntu
systemd package

NetworkManager incorrectly uses resolved' route-only DNS setting, resulting in dns resolution only working for domains in 'search'.

Bug #1751797 reported by Scott Moser
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Fix Released
Critical
Unassigned
systemd (Ubuntu)
Invalid
Critical
Unassigned

Bug Description

After reboot, dns was broken.
This is a very simple Network Manager managed interface that has dhcp.

$ nmcli device show enp0s25 | pastebinit
http://paste.ubuntu.com/p/sMVTdrMBxJ/

I've attached systemd-resolve --status output.

In order to file the bug I just modified /etc/resolv.conf to put the dns server in directly.

Other information, it seems like it just will only look for dns under my search domains from the dhcp server:

$ systemd-resolve home.mosers.us
home.mosers.us: 23.28.108.176

-- Information acquired via protocol DNS in 1.5ms.
-- Data is authenticated: no

$ systemd-resolve google.com
google.com: resolve call failed: No appropriate name servers or networks for name found

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: systemd 237-3ubuntu3
ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13
Uname: Linux 4.13.0-32-generic x86_64
NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
ApportVersion: 2.20.8-0ubuntu10
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Mon Feb 26 09:35:32 2018
EcryptfsInUse: Yes
InstallationDate: Installed on 2015-07-23 (949 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20150722.1)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.13.0-32-generic root=UUID=f897b32a-eacf-4191-9717-844918947069 ro quiet splash vt.handoff=1
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.vendor: Intel Corporation

See original description
Revision history for this message
Scott Moser (smoser) wrote :
Revision history for this message
Scott Moser (smoser) wrote :

I had hoped that simply disconnect/reconnect of the interface would work, but that did not improve things. (nmcli device disconnect enp0s25 ; nmcli device connect enp0s25)

Scott Moser (smoser)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in systemd (Ubuntu):
status: New → Confirmed
Revision history for this message
Dan Watkins (oddbloke) wrote :

$ nmcli device show wlp3s0 | pastebinit
http://paste.ubuntu.com/p/xJ6YjD8WQ9/

$ systemd-resolve --status | pastebinit
http://paste.ubuntu.com/p/bPDMzY3sYh/

Revision history for this message
Dan Watkins (oddbloke) wrote :

Oops, removed the rest of my comment when pasting; I'm also seeing this issue, but on a wireless interface.

Scott Moser (smoser)
Changed in systemd (Ubuntu):
importance: Undecided → Critical
Revision history for this message
Scott Moser (smoser) wrote :

$ systemd-resolve --status enp0s25
Link 2 (enp0s25)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 10.7.0.1
                      fdfd:dddd:dddd::1
          DNS Domain: ~mydomain.com

$ cat /var/lib/NetworkManager/dhclient-72c7fac3-c017-4b76-9954-b4fb08262376-enp0s25.lease
lease {
  interface "enp0s25";
  fixed-address 10.7.2.103;
  filename "pxelinux.0";
  option subnet-mask 255.255.0.0;
  option dhcp-lease-time 43200;
  option routers 10.7.0.1;
  option dhcp-message-type 5;
  option dhcp-server-identifier 10.7.0.1;
  option domain-name-servers 10.7.0.1;
  option dhcp-renewal-time 21600;
  option dhcp-rebinding-time 37800;
  option broadcast-address 10.7.255.255;
  option host-name "milhouse-eth0";
  option domain-name "mydomain.com";
  renew 4 2018/03/15 18:51:36;
  rebind 4 2018/03/15 23:41:37;
  expire 5 2018/03/16 01:11:37;
}
lease {
  interface "enp0s25";
  fixed-address 10.7.2.103;
  filename "pxelinux.0";
  option subnet-mask 255.255.0.0;
  option routers 10.7.0.1;
  option dhcp-lease-time 43200;
  option dhcp-message-type 5;
  option domain-name-servers 10.7.0.1;
  option dhcp-server-identifier 10.7.0.1;
  option dhcp-renewal-time 21600;
  option broadcast-address 10.7.255.255;
  option dhcp-rebinding-time 37800;
  option host-name "milhouse-eth0";
  option domain-name "mydomain.com";
  renew 4 2018/03/15 18:19:57;
  rebind 4 2018/03/15 23:48:56;
  expire 5 2018/03/16 01:18:56;
}

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

DNS Domain: ~mydomain.com means that said domain got added as "route_only" to systemd-resolved.

We need to find who/what/why did this.

This could be the configuration of resolved.conf, networkd, or network-manager itself.

Can we make sure there is nothing suspicious in:

$ grep Domains= /etc/systemd/resolved.conf \
/etc/systemd/resolved.conf.d/* \
/run/systemd/resolved.conf \
/run/systemd/resolved.conf.d/* \
/lib/systemd/resolved.conf \
/lib/systemd/resolved.conf.d/* \
/usr/lib/systemd/resolved.conf \
/usr/lib/systemd/resolved.conf.d/* \
/etc/systemd/network/* \
/etc/systemd/network/*.d/* \
/run/systemd/network/* \
/run/systemd/network/*.d/* \
/lib/systemd/network/* \
/lib/systemd/network/*.d/* \
/usr/lib/systemd/network/* \
/usr/lib/systemd/network/*.d/*

I expect loads of errors, and just
'/etc/systemd/resolved.conf:#Domains='
to turn up.

That should exclude any systemd-resolved / networkd configurations.

And I'll start digging into network-manager resolved-dns plugin code.

Revision history for this message
Scott Moser (smoser) wrote :
Download full text (8.8 KiB)

connection.id: System Ethernet
connection.uuid: 72c7fac3-c017-4b76-9954-b4fb08262376
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: --
connection.autoconnect: yes
connection.autoconnect-priority: 0
connection.autoconnect-retries: -1 (default)
connection.auth-retries: -1
connection.timestamp: 1521122033
connection.read-only: no
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: unknown
connection.lldp: default
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: no
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist: --
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels: --
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options: --
802-3-ethernet.wake-on-lan: default
802-3-ethernet.wake-on-lan-password: --
ipv4.method: auto
ipv4.dns: --
ipv4.dns-search: --
ipv4.dns-options: ""
ipv4.dns-priority: 0
ipv4.addresses: --
ipv4.gateway: --
ipv4.routes: --
ipv4.route-metric: -1
ipv4.route-table: 0 (unspec)
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-timeout: 0 (default)
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv4.dad-timeout: -1 (default)
ipv6.method: auto
ipv6.dns: --
ipv6.dns-search: --
ipv6.dns-options: ""
ipv6.dns-priority: 0
ipv6.addresses: --
ipv6.gateway: --
ipv6.routes: --
ipv6.route-metric: -1
ipv6.route-table: 0 (unspec)
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.addr-gen-mode: stable-privacy
ipv6.dhcp-send-hostname: ...

Read more...

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Fixed upstream in https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=e91f1a7d2a6b8400b6b331d5b72287dcb5164a39

summary: - dns resolution only works for domains in 'search'.
+ NetworkManager incorrectly uses resolved' route-only DNS setting,
+ resulting in dns resolution only working for domains in 'search'.
Changed in systemd (Ubuntu):
status: Confirmed → Invalid
Dimitri John Ledkov (xnox)
Changed in network-manager (Ubuntu):
status: New → Fix Committed
Scott Moser (smoser)
Changed in network-manager (Ubuntu):
importance: Undecided → Critical
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager - 1.10.4-1ubuntu3

---------------
network-manager (1.10.4-1ubuntu3) bionic; urgency=medium

  * Cherry-pick a partial patch from 1.11 branch, to stop agressively
    setting route_only flag on nameservers in the systemd-resolved dns
    plugin. LP: #1751797

 -- Dimitri John Ledkov <email address hidden> Thu, 15 Mar 2018 15:24:01 +0000

Changed in network-manager (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.