> although from comment #4 it sounds like it might be a regression caused by a security fix.
it's not a security fix, it's a patch to get resolved working with specific broken captive portals, from bug 1727237 and bug 1766969. It was proposed upstream in this PR: https://github.com/systemd/systemd/pull/8608 but was never accepted upstream, only added to Ubuntu. As this bug shows, the patch does appear to actually still cause problems for people even without DNSSEC on (that problem was fixed in Ubuntu separately with bug 1796501). Fixing dnsmasq is good, but at some point we'll need to properly fix upstream to workaround buggy captive portals in a way that doesn't cause other problems. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1785383 Title: missing EDNS0 record confuses systemd-resolved Status in systemd: Fix Released Status in dnsmasq package in Ubuntu: Triaged Status in systemd package in Ubuntu: Triaged Status in dnsmasq source package in Bionic: Triaged Status in systemd source package in Bionic: New Bug description: [Impact] dnsmasq 2.79 and below omits EDNS0 OPT records when returning an empty answer for a domain it is authoritative for. systemd-resolved seems to get confused by this in certain circumstances; when using the stub resolver and requesting an address for which there are no AAAA records, there can sometimes be a five second hang in resolution. [Fix] This is fixed by upstream commit http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1682d15a744880b0398af75eadf68fe66128af78 Not sure if it is worth cherry picking? I imagine the most likely trigger will be dnsmasq on routers which are not likely to be running Ubuntu, but maybe just in case. I also think there are some logic issues in systemd-resolved, upstream bug filed: https://github.com/systemd/systemd/issues/9785 [Test Case] Simple-ish test case: --- IFACE=dummy0 SUBNET=10.0.0 ip link add $IFACE type dummy ifconfig $IFACE ${SUBNET}.1/24 dnsmasq -h -R -d -C /dev/null -2 $IFACE -z -i $IFACE -I lo --host-record=test.test,${SUBNET}.1 & dig -t a test.test @10.0.0.1 | grep EDNS # should return "; EDNS ..." dig -t aaaa test.test @10.0.0.1 | grep EDNS # again, should return "; EDNS ..." but doesn't --- To reproduce the systemd-resolved side of the problem --- # as above, but # now configure systemd-resolved to look at only 10.0.0.1, then systemd-resolve --reset-server-features # should exhibit five second delay then connect, assuming sshd is running :) ssh test.test --- [Discussion] ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: dnsmasq-base 2.79-1 ProcVersionSignature: Ubuntu 4.15.0-23.25-generic 4.15.18 Uname: Linux 4.15.0-23-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.2 Architecture: amd64 Date: Sat Aug 4 11:33:56 2018 InstallationDate: Installed on 2018-05-31 (64 days ago) InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_GB.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1785383/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
