[systemd-devel] resolved: does DNSSEC=allow-downgrade affect caching?

Wed Apr 13 11:26:49 UTC 2016

OK, I just looked at the logs and figured out what happens: resolved
crashes whenever I perform a query with allow-downgrade, and after a few
times it doesn't restart and presumably the nss module falls back to
direct DNS queries. Here is the log:

Apr 13 13:56:31 ran systemd[1]: Started Network Name Resolution.
Apr 13 13:56:31 ran systemd-resolved[4687]: Switching to DNS server 10.0.0.10 for interface wlp3s0.
Apr 13 13:56:31 ran systemd-resolved[4687]: Using degraded feature set (UDP+EDNS0) for DNS server 10.0.0.10.
Apr 13 13:56:31 ran systemd-resolved[4687]: DNSSEC validation failed for question com. IN SOA: failed-auxiliary
Apr 13 13:56:31 ran systemd-resolved[4687]: DNSSEC validation failed for question google.com. IN DS: failed-auxiliary
Apr 13 13:56:31 ran systemd-resolved[4687]: DNSSEC validation failed for question google.com. IN SOA: failed-auxiliary
Apr 13 13:56:31 ran systemd-resolved[4687]: DNSSEC validation failed for question google.com. IN A: failed-auxiliary
Apr 13 13:56:31 ran kernel: systemd-resolve[4687]: segfault at 5c ip 000055b0062a5c57 sp 00007ffee0d320a0 error 4 in systemd-resolved[55b006281000+9d000]
Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Main process exited, code=killed, status=11/SEGV
Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Unit entered failed state.
Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Failed with result 'signal'.
Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Service has no hold-off time, scheduling restart.
Apr 13 13:56:31 ran systemd[1]: Stopped Network Name Resolution.
Apr 13 13:56:31 ran systemd[1]: org.freedesktop.resolve1.busname: Start request repeated too quickly.
Apr 13 13:56:31 ran systemd[1]: Failed to listen on Network Name Resolution Service Bus Name.
Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Start request repeated too quickly.
Apr 13 13:56:31 ran systemd[1]: Failed to start Network Name Resolution.

coredumpctl doesn't show the crash so can't say what it's about. Maybe
it's a distro problem (archlinux) or it's fixed in git.

Ran