[systemd-devel] resolved: does DNSSEC=allow-downgrade affect caching?
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Wed Apr 13 13:04:17 UTC 2016
On Wed, Apr 13, 2016 at 02:26:49PM +0300, Ran Benita wrote:
> OK, I just looked at the logs and figured out what happens: resolved
> crashes whenever I perform a query with allow-downgrade, and after a few
> times it doesn't restart and presumably the nss module falls back to
> direct DNS queries. Here is the log:
>
> Apr 13 13:56:31 ran systemd[1]: Started Network Name Resolution.
> Apr 13 13:56:31 ran systemd-resolved[4687]: Switching to DNS server 10.0.0.10 for interface wlp3s0.
> Apr 13 13:56:31 ran systemd-resolved[4687]: Using degraded feature set (UDP+EDNS0) for DNS server 10.0.0.10.
> Apr 13 13:56:31 ran systemd-resolved[4687]: DNSSEC validation failed for question com. IN SOA: failed-auxiliary
> Apr 13 13:56:31 ran systemd-resolved[4687]: DNSSEC validation failed for question google.com. IN DS: failed-auxiliary
> Apr 13 13:56:31 ran systemd-resolved[4687]: DNSSEC validation failed for question google.com. IN SOA: failed-auxiliary
> Apr 13 13:56:31 ran systemd-resolved[4687]: DNSSEC validation failed for question google.com. IN A: failed-auxiliary
> Apr 13 13:56:31 ran kernel: systemd-resolve[4687]: segfault at 5c ip 000055b0062a5c57 sp 00007ffee0d320a0 error 4 in systemd-resolved[55b006281000+9d000]
> Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Main process exited, code=killed, status=11/SEGV
> Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Unit entered failed state.
> Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Failed with result 'signal'.
> Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Service has no hold-off time, scheduling restart.
> Apr 13 13:56:31 ran systemd[1]: Stopped Network Name Resolution.
> Apr 13 13:56:31 ran systemd[1]: org.freedesktop.resolve1.busname: Start request repeated too quickly.
> Apr 13 13:56:31 ran systemd[1]: Failed to listen on Network Name Resolution Service Bus Name.
> Apr 13 13:56:31 ran systemd[1]: systemd-resolved.service: Start request repeated too quickly.
> Apr 13 13:56:31 ran systemd[1]: Failed to start Network Name Resolution.
>
> coredumpctl doesn't show the crash so can't say what it's about. Maybe
> it's a distro problem (archlinux) or it's fixed in git.
It's probably the bug that was fixed in https://github.com/systemd/systemd/pull/2702.
Zbyszek
More information about the systemd-devel
mailing list