You are not logged in.
Hey all,
I've been using the default resolver in NetworkManager for a long time, but I thought I'd try out systemd-resolved recently. As per the wiki (https://wiki.archlinux.org/index.php/Ne … d-resolved), I
symlinked /etc/resolv.conf to /run/systemd/resolve/stub-resolv.conf
start+enabled systemd-resolved
disabled+stopped avahi
changed the hosts line in /etc/nsswitch.conf to "hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname"
I didn't modify /etc/systemd/resolved.conf, it's empty.
After the above, name resolution slowed to a crawl, and the issue remained after a reboot.
I tried capturing traffic on port 53 to see if it was sending requests at all and found some interesting behavior:
traffic for "resolvectl query google.com", returns quickly
Capturing on 'wlp2s0'
1 0.000000000 10.0.0.247 → 1.1.1.1 DNS 104 Standard query 0xcb8e AAAA google.com OPT
2 0.104683154 1.1.1.1 → 10.0.0.247 DNS 109 Standard query response 0xcb8e AAAA google.com AAAA 2607:f8b0:4005:80b::200e OPT
3 0.104967357 10.0.0.247 → 1.1.1.1 DNS 104 Standard query 0xc9e9 SOA google.com OPT
4 0.120734178 1.1.1.1 → 10.0.0.247 DNS 131 Standard query response 0xc9e9 SOA google.com SOA ns1.google.com OPT
traffic for "getent hosts google.com", returns quickly
Capturing on 'wlp2s0'
1 0.000000000 10.0.0.247 → 1.1.1.1 DNS 104 Standard query 0x52dc AAAA google.com OPT
2 0.016910015 1.1.1.1 → 10.0.0.247 DNS 109 Standard query response 0x52dc AAAA google.com AAAA 2607:f8b0:4005:80b::200e OPT
3 0.017067031 10.0.0.247 → 1.1.1.1 DNS 104 Standard query 0xcba6 SOA google.com OPT
4 0.035052619 1.1.1.1 → 10.0.0.247 DNS 131 Standard query response 0xcba6 SOA google.com SOA ns1.google.com OPT
5 0.035307965 10.0.0.247 → 1.1.1.1 DNS 104 Standard query 0xc9f6 DS google.com OPT
6 0.051224979 1.1.1.1 → 10.0.0.247 DNS 805 Standard query response 0xc9f6 DS google.com NSEC3 RRSIG SOA a.gtld-servers.net RRSIG NSEC3 RRSIG OPT
7 0.051590244 10.0.0.247 → 1.1.1.1 DNS 97 Standard query 0xe804 DNSKEY com OPT
8 0.066831067 1.1.1.1 → 10.0.0.247 DNS 785 Standard query response 0xe804 DNSKEY com DNSKEY DNSKEY RRSIG OPT
9 0.067133448 10.0.0.247 → 1.1.1.1 DNS 97 Standard query 0x0fbe DS com OPT
10 0.082965987 1.1.1.1 → 10.0.0.247 DNS 409 Standard query response 0x0fbe DS com DS RRSIG OPT
11 0.083287684 10.0.0.247 → 1.1.1.1 DNS 93 Standard query 0x9b7e DNSKEY <Root> OPT
12 0.099846508 1.1.1.1 → 10.0.0.247 DNS 1467 Standard query response 0x9b7e DNSKEY <Root> DNSKEY DNSKEY DNSKEY RRSIG RRSIG OPT
traffic for "ping google.com", takes 15+ s:
So yeah, applications take a long time to resolve names, but systemd-resolved appears to be working correctly, and the server is responding quickly. I'm guessing this is a config issue somehow?
Do you guys have any advice? Why is systemd-resolved sending 100 queries?
EDIT: More info
/etc/NetworkManager/conf.d/ and /etc/NetworkManager/NetworkManager.conf are both empty, in case that's relevant.
Tried gathering "resolvectl statistics" after reset and 1 query by
"resolvectl query google.com"
DNSSEC supported by current servers: yes
Transactions
Current Transactions: 0
Total Transactions: 7Cache
Current Cache Size: 8
Cache Hits: 0
Cache Misses: 7DNSSEC Verdicts
Secure: 6
Insecure: 4
Bogus: 0
Indeterminate: 0
"getent hosts google.com"
DNSSEC supported by current servers: yes
Transactions
Current Transactions: 0
Total Transactions: 19Cache
Current Cache Size: 18
Cache Hits: 3
Cache Misses: 16DNSSEC Verdicts
Secure: 11
Insecure: 13
Bogus: 0
Indeterminate: 0
"ping google.com"
DNSSEC supported by current servers: yes
Transactions
Current Transactions: 0
Total Transactions: 66Cache
Current Cache Size: 43
Cache Hits: 2
Cache Misses: 64DNSSEC Verdicts
Secure: 15
Insecure: 100
Bogus: 0
Indeterminate: 0
Last edited by Brocellous (2019-02-04 20:32:15)
Offline