On Sat, Jan 27, 2018 at 01:55:07PM -0000, Jonathan Kamens wrote: > I uninstalled libnss-resolve and the problem persists: > > $ sudo apt-get remove libnss-resolve > ... > $ sudo systemd-resolve --flush-caches > $ host jik5 > Host jik5.quantopian.com not found: 2(SERVFAIL) > $ cat /etc/resolv.conf > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) > # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN > # 127.0.0.53 is the systemd-resolved stub resolver. > # run "systemd-resolve --status" to see details about the actual nameservers.
> nameserver 127.0.0.53 > search quantopian.com kamens.us > $ Ok, then I will need some help understanding how to reproduce this problem, since simply inserting quantopian.com in the search list in /etc/resolv.conf on an Ubuntu 17.10 system with default settings is insufficient to reproduce the problem you describe. Have you also changed the default DNSSEC settings for systemd-resolved in /etc/systemd/resolved.conf ? What is the complete output of 'systemd-resolve --status'? > Note that "Just don't use libnss-resolve" wouldn't be a very good answer > to this problem even if it worked, because things like openvpn-systemd- > resolved, which I use, depend on it. Well, that's a bug in the openvpn-systemd-resolved package, it should not depend on libnss-resolve for what it does. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1717015 Title: libc resolver stops searching domain search list after getting back NSEC record Status in systemd package in Ubuntu: Incomplete Bug description: Suppose that: 1. you have a "search" line in your /etc/resolv.conf file; 2. it has two domains in it; and 3. the first of the two domains does DNSSEC, including returning NSEC records for nonexisting hosts. In this situation, when you try to look up a host name in the second domain without specifying the domain part of the host name, the libc resolver will stop after it gets back the NSEC record and report that the host name doesn't exist, rather than moving on to the second domain in the search list and searching for the host in that domain. See also https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1717014 . ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: libc6 2.24-9ubuntu2.2 ProcVersionSignature: Ubuntu 4.10.0-33.37-generic 4.10.17 Uname: Linux 4.10.0-33-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.5 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Wed Sep 13 16:00:45 2017 Dependencies: gcc-6-base 6.3.0-12ubuntu2 libc6 2.24-9ubuntu2.2 libgcc1 1:6.3.0-12ubuntu2 InstallationDate: Installed on 2016-08-09 (400 days ago) InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719) SourcePackage: glibc UpgradeStatus: Upgraded to zesty on 2017-04-19 (147 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1717015/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp