jeremy ardley wrote: > > On 1/3/24 17:47, Victor Sudakov wrote: > > Has anybody encountered this problem using systemd-resolved as a > > resolver on Debian12? A DNS request via systemd-resolved fails, but > > fails only occasionally. A failure can happen once per a hundred > > successful requests or so. If I run: > > > I recall a similar problem with systemd-resolved. I think it was related to > DNSSEC. In my case the problem seems related to IPv6. That is, when I disable IPv6 via "sysctl net.ipv6.conf.all.disable_ipv6=1" the problem disappears. I did not enable DNSSEC in systemd-networkd. > > I ended up not using systemd-resolved > > Alternatives to systemd-resolved include dnsmasq - which doesn't support > DNSSEC - and bind9 which does. You know, the official Debian 12 AMI for AWS is built on systemd-resolved and systemd-networkd. I'd prefer not to have to modify the official AMI if I can help it, because this would probably mean also replacing the systemd-networkd with some other network manager. Anyway, if there is a bug in systemd-resolved it should be reported, right? I have been able to google up similar (though not exactly the same) issues with systemd-resolved and the caching of CNAME records which give similar random resolution errors, but they are reported as fixed. I tried enabling the debug messages in systemd-resolved and probably (just probably) the random error happens when systemd-resolved's cache for the particular entry expires, but I'm not sure. In fact the debug was not very informative, or I lack the qualification to interpret it. -- Victor Sudakov VAS4-RIPE http://vas.tomsk.ru/ 2:5005/49@fidonet
Attachment:
signature.asc
Description: PGP signature