<div dir="ltr"><div>Hi, Paul<br><br>Thank you for your reply.<br><br>This is a low-probability, sporadic problem. Currently, there is no `journalctl -b` information with `debug` on the command line.<br><br>The unit information of the two services is as follows:<br>1. systemctl cat systemd-resolved<br><br># /usr/lib/systemd/system/systemd-resolved.service<br>#  SPDX-License-Identifier: LGPL-2.1-or-later<br>#<br>#  This file is part of systemd.<br>#<br>#  systemd is free software; you can redistribute it and/or modify it<br>#  under the terms of the GNU Lesser General Public License as published by<br>#  the Free Software Foundation; either version 2.1 of the License, or<br>#  (at your option) any later version.<br><br>[Unit]<br>Description=Network Name Resolution<br>Documentation=man:systemd-resolved.service(8)<br>Documentation=man:org.freedesktop.resolve1(5)<br>Documentation=<a href="https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers">https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers</a><br>Documentation=<a href="https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients">https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients</a><br><br>DefaultDependencies=no<br>After=systemd-sysctl.service systemd-sysusers.service<br>Before=sysinit.target network.target nss-lookup.target shutdown.target initrd-switch-root.target<br>Conflicts=shutdown.target initrd-switch-root.target<br>Wants=nss-lookup.target<br><br>[Service]<br>AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE<br>BusName=org.freedesktop.resolve1<br>CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE<br>ExecStart=!!/usr/lib/systemd/systemd-resolved<br>LockPersonality=yes<br>MemoryDenyWriteExecute=yes<br>NoNewPrivileges=yes<br>PrivateDevices=yes<br>PrivateTmp=yes<br>ProtectClock=yes<br>ProtectControlGroups=yes<br>ProtectHome=yes<br>ProtectKernelLogs=yes<br>ProtectKernelModules=yes<br>ProtectKernelTunables=yes<br>ProtectSystem=strict<br>Restart=always<br>RestartSec=0<br>RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6<br>RestrictNamespaces=yes<br>RestrictRealtime=yes<br>RestrictSUIDSGID=yes<br>RuntimeDirectory=systemd/resolve<br>RuntimeDirectoryPreserve=yes<br>SystemCallArchitectures=native<br>SystemCallErrorNumber=EPERM<br>SystemCallFilter=@system-service<br>Type=notify<br>User=systemd-resolve<br>ImportCredential=network.dns<br>ImportCredential=network.search_domains<br>WatchdogSec=3min<br><br>[Install]<br>WantedBy=sysinit.target<br>Alias=dbus-org.freedesktop.resolve1.service<br>2. systemctl cat systemd-sysctl.service<br># /usr/lib/systemd/system/systemd-sysctl.service<br>#  SPDX-License-Identifier: LGPL-2.1-or-later<br>#<br>#  This file is part of systemd.<br>#<br>#  systemd is free software; you can redistribute it and/or modify it<br>#  under the terms of the GNU Lesser General Public License as published by<br>#  the Free Software Foundation; either version 2.1 of the License, or<br>#  (at your option) any later version.<br><br>[Unit]<br>Description=Apply Kernel Variables<br>Documentation=man:systemd-sysctl.service(8) man:sysctl.d(5)<br>DefaultDependencies=no<br>Conflicts=shutdown.target<br>After=systemd-modules-load.service<br>Before=sysinit.target shutdown.target<br>ConditionPathIsReadWrite=/proc/sys/net/<br><br>[Service]<br>Type=oneshot<br>RemainAfterExit=yes<br>ExecStart=/usr/lib/systemd/systemd-sysctl<br>TimeoutSec=90s<br>ImportCredential=sysctl.*</div><div><br></div>Best regards,  <font color="#888888"><br>Alien Kong</font></div>