``` systemd[1]: Starting Network Name Resolution... systemd-resolved[1392]: Positive Trust Anchors: systemd-resolved[1392]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 systemd-resolved[1392]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d systemd-resolved[1392]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 2 systemd-resolved[1392]: Using system hostname 'machine'. systemd[1]: Started Network Name Resolution. systemd-resolved[1392]: DNSSEC validation failed for question 0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 1.b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 1.b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question d.1.b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question d.1.b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question f.d.1.b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question f.d.1.b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 0.f.d.1.b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 0.f.d.1.b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 4.0.f.d.1.b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question 4.0.f.d.1.b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question f.4.0.f.d.1.b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN DS: no-signature systemd-resolved[1392]: DNSSEC validation failed for question f.4.0.f.d.1.b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN SOA: no-signature systemd-resolved[1392]: DNSSEC validation failed for question f.4.0.f.d.1.b.9.c.c.3.2.2.0.a.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa IN PTR: no-signature systemd-resolved[1392]: Using degraded feature set (UDP+EDNS0+DO) for DNS server 8.8.8.8. systemd-resolved[1392]: Using degraded feature set (UDP+EDNS0+DO) for DNS server 193.40.0.12. systemd-resolved[1392]: DNSSEC validation failed for question vesta.web.telegram.org IN DS: failed-auxiliary systemd-resolved[1392]: DNSSEC validation failed for question vesta.web.telegram.org IN SOA: failed-auxiliary systemd-resolved[1392]: DNSSEC validation failed for question vesta.web.telegram.org IN A: failed-auxiliary systemd-resolved[1392]: DNSSEC validation failed for question googlehosted.l.googleusercontent.com IN SOA: failed-auxiliary systemd-resolved[1392]: DNSSEC validation failed for question googlehosted.l.googleusercontent.com IN A: failed-auxiliary systemd-resolved[1392]: Grace period over, resuming full feature set (UDP+EDNS0+DO+LARGE) for DNS server 193.40.0.12. systemd-resolved[1392]: Grace period over, resuming full feature set (UDP+EDNS0+DO+LARGE) for DNS server 8.8.8.8. systemd-resolved[1392]: DNSSEC validation failed for question api-0.core.keybaseapi.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question api-0.core.keybaseapi.com IN AAAA: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question api-0.core.keybaseapi.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question api-0.core.keybaseapi.com IN AAAA: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question api-0.core.keybaseapi.com IN AAAA: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question api-0.core.keybaseapi.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question api-0.core.keybaseapi.com IN AAAA: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question api-0.core.keybaseapi.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question api-0.core.keybaseapi.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question api-0.core.keybaseapi.com IN AAAA: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question play.google.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question play.google.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question scontent.xx.fbcdn.net IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question scontent.xx.fbcdn.net IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question www.facebook.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question www.facebook.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question www.facebook.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question www.facebook.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question scontent.xx.fbcdn.net IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question scontent.xx.fbcdn.net IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question scontent.xx.fbcdn.net IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question scontent.xx.fbcdn.net IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question www.facebook.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question www.facebook.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question www.facebook.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question www.facebook.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question www.facebook.com IN A: incompatible-server systemd-resolved[1392]: DNSSEC validation failed for question www.facebook.com IN A: incompatible-server ```
And then I had to restart the resolver because it made the computer unusable again. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1857639 Title: DNS server capability detection is broken and has critical consequences when DNSSEC is enabled Status in systemd package in Ubuntu: Incomplete Bug description: I'm running Ubuntu 19.10 I'm on latest version available from repositories, systemd 242 I'm expecting upstream DNS server capabilities being detected correctly and DNSSEC to keep working. Alternatively I'd expect a method of disabling capability checks instead of DNSSEC. Currently instead resolved misdetect features suddenly, stops resolving all together (fails closed, which is somewhat good). Capability reset is a very temporary fix. A suggested fix could be (ordered based on how nice of a solution it is): a. The capability detection is fixed (https://github.com/systemd/systemd/issues/9384) b. Force-disabling capability detection exists (this is what I also requested here: https://github.com/systemd/systemd/issues/14435) c. Patch Ubuntu version not to allow such a foot gun, update documentation (this is theoretically what Ubuntu could do meanwhile) d. Remove DNSSEC from resolved To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1857639/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
