On my bionic system, I had to manually remove resolvconf on account of bug 1713457. I think it was not being autoremoved because other packages like isc-dhcp-client, pppconfig, vpnc-scripts have Suggests: resolvconf.
So I don’t think I’m seeing this particular issue. However, the lack of resolvconf cooperation means that openconnect run from the command line fights with systemd-resolved over /etc/resolv.conf. I’m sure that all kinds of nonsense bugs like that are waiting to be rediscovered. For the record, I’m still really quite angry at systemd-resolved for a number of issues that upstream seems to have no interest in addressing. Its own DNSSEC validation is disabled in Ubuntu because it’s broken (bug 1628778), yet it also breaks DNSSEC validation in applications downstream of it (https://github.com/systemd/systemd/issues/4621). It breaks ‘dig +trace’ (https://github.com/systemd/systemd/issues/5897). It doesn’t work with resolvconf in a sane way. The many previous issues I’ve had with it took way too long to be addressed. And it does nothing useful that dnsmasq didn’t do! (I even had NetworkManager’s dnsmasq configured to to DNSSEC validation and it worked just fine.) I’m not one of those anti-systemd people who hates change for the sake of hating change. But systemd-resolved is an actual flaming garbage pile that needs to be vitrified and launched into the sun. ** Bug watch added: github.com/systemd/systemd/issues #5897 https://github.com/systemd/systemd/issues/5897 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1624320 Title: systemd-resolved appends 127.0.0.53 to resolv.conf alongside existing entries Status in systemd package in Ubuntu: Confirmed Bug description: systemd-resolved, or more precisely the hook script /lib/systemd/system/systemd-resolved.service.d/resolvconf.conf, causes resolvconf to add 127.0.0.53 to the set of nameservers in /etc/resolv.conf alongside the other nameservers. That makes no sense because systemd-resolved sets up 127.0.0.53 as a proxy for those other nameservers. The effect is similar to bug 1624071 but for applications doing their own DNS lookups. It breaks any DNSSEC validation that systemd-resolved tries to do; applications will failover to the other nameservers, bypassing validation failures. And it makes failing queries take twice as long. /etc/resolv.conf should have only 127.0.0.53 when systemd-resolved is active. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624320/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
