This helped me only partially - I still have issues with DNS lookup. It seems that the systemd-resolved is broken from the very idea.
After solving DNSSEC problem, I see now a switching problem - if one DNS does not respond, resolved switches to another one, which may be a local DNS not serving all the information, however it responds RELIABLY with .... "REFUSED" for majority of queries! Thus, resolved is stuck with this "reliable" DNS, refusing almost all queries until reboot (or networking reload). There are so many bugs filled about resolved that somebody should gather them in one place and do something. Moreover, tracing problems is not easy - they are intermittent, depending on current server load. For some people in fixed setup bug may be nonexistent; when travelling across well-configured, simple and non- overloaded networks everything is OK. Then, at some hour, some connection - I start having to reload network every time I start reading mail..... For now many people are switching to alternative resolver - e.g. "unbound"; what is going on with resolved looks like sabotage..... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1682499 Title: disable dnssec Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Zesty: Fix Released Bug description: [Impact] * dnssec functionality in systemd-resolved prevents network access in certain intra and extra net cases, due to failure to correctly validate dnssec entries. As a work-around we should disable dnssec by default. [Test Case] * Validate systemd-resolved is compiled with --with-default-dnssec=no * Validate that systemd-resolve --status says that DNSSEC setting is no $ systemd-resolve --status good output: ... DNSSEC setting: no DNSSEC supported: no ... bad output: ... DNSSEC setting: allow-downgrade DNSSEC supported: yes ... [Regression Potential] * People who expect DNSSEC to be available by default will need to re-enable it by modifying systemd-resolve configuration file [Other Info] * See duplicate bugs and other bug reports in systemd for scenarios of DNS resolution failures when DNSSEC is enabled. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
