Today DNS stopped resolving. I can still ping the internet by IP address but no domain names are resolved.
I've tried
- restarting resolved
- editing resolved's config files: disable DNSSec, enter name servers manually
- rebooting the machine
- disabling the firewall
Something is coming up in journal as Using degraded feature set, not sure if that's relevant.
Any idea how to fix the issue and get DNS resolving again?
$ ip addresss
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: ens36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:6c:c8:a3 brd ff:ff:ff:ff:ff:ff altname enp2s4 inet 192.168.79.129/24 brd 192.168.79.255 scope global dynamic noprefixroute ens36 valid_lft 1248sec preferred_lft 1248sec$ ip route
default via 192.168.79.2 dev ens36 proto dhcp metric 20100 169.254.0.0/16 dev ens36 scope link metric 1000 192.168.79.0/24 dev ens36 proto kernel scope link src 192.168.79.129 metric 100 $ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=39.0 ms64 bytes from 8.8.8.8: icmp_seq=2 ttl=128 time=32.4 ms64 bytes from 8.8.8.8: icmp_seq=3 ttl=128 time=56.9 ms64 bytes from 8.8.8.8: icmp_seq=4 ttl=128 time=33.9 ms64 bytes from 8.8.8.8: icmp_seq=5 ttl=128 time=38.8 ms--- 8.8.8.8 ping statistics ---5 packets transmitted, 5 received, 0% packet loss, time 4006msrtt min/avg/max/mdev = 32.356/40.182/56.881/8.757 ms$ ping www.google.com
ping: www.google.com: Temporary failure in name resolution$ nslookup www.google.com
;; communications error to 8.8.8.8#53: timed out;; communications error to 8.8.8.8#53: timed out;; communications error to 8.8.8.8#53: timed out;; no servers could be reached$ resolvectl status
Global Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: foreign DNS Servers: 1.1.1.1Fallback DNS Servers: 8.8.8.8Link 2 (ens36) Current Scopes: DNS Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupportedCurrent DNS Server: 8.8.8.8 DNS Servers: 8.8.8.8 9.9.9.9$ journalctl
Mar 11 16:21:08 ubuntu systemd-resolved[3428]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 1.1.1.1.Mar 11 16:21:14 ubuntu systemd-resolved[3428]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 9.9.9.9.Mar 11 16:21:19 ubuntu systemd-resolved[3428]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 192.168.79.2.Mar 11 16:21:56 ubuntu systemd-resolved[3428]: Using degraded feature set TCP instead of UDP for DNS server 1.1.1.1.Mar 11 16:22:06 ubuntu systemd-resolved[3428]: Using degraded feature set TCP instead of UDP for DNS server 9.9.9.9.Mar 11 16:22:16 ubuntu systemd-resolved[3428]: Using degraded feature set TCP instead of UDP for DNS server 192.168.79.2.$ nc -v -u -z -w 3 8.8.8.8 53-53
Connection to 8.8.8.8 53 port [udp/domain] succeeded!$ nc -v -u -z -w 3 9.9.9.9 53-53
Connection to 9.9.9.9 53 port [udp/domain] succeeded!$ nc -v -u -z -w 3 1.1.1.1 53-53
Connection to 1.1.1.1 53 port [udp/domain] succeeded!$ nc -v -u -z -w 3 192.168.79.2 53-53
Connection to 192.168.79.2 53 port [udp/domain] succeeded!$ ufw status
Status: inactive$ cat /etc/systemd/resolved.conf
# This file is part of systemd.## systemd is free software; you can redistribute it and/or modify it under the# terms of the GNU Lesser General Public License as published by the Free# Software Foundation; either version 2.1 of the License, or (at your option)# any later version.## Entries in this file show the compile time defaults. Local configuration# should be created by either modifying this file, or by creating "drop-ins" in# the resolved.conf.d/ subdirectory. The latter is generally recommended.# Defaults can be restored by simply deleting this file and all drop-ins.## Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.## See resolved.conf(5) for details.[Resolve]# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com# Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google# Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.netDNS=1.1.1.1FallbackDNS=8.8.8.8Domains=DNSSEC=no#DNSOverTLS=no#MulticastDNS=no#LLMNR=no#Cache=no-negative#CacheFromLocalhost=no#DNSStubListener=yes#DNSStubListenerExtra=#ReadEtcHosts=yes#ResolveUnicastSingleLabel=no$ cat /run/systemd/resolve/resolv.conf
# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).# Do not edit.## This file might be symlinked as /etc/resolv.conf. If you're looking at# /etc/resolv.conf and seeing this text, you have followed the symlink.## This is a dynamic resolv.conf file for connecting local clients directly to# all known uplink DNS servers. This file lists all configured search domains.## Third party programs should typically not access this file directly, but only# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a# different way, replace this symlink by a static file or a different symlink.## See man:systemd-resolved.service(8) for details about the supported modes of# operation for /etc/resolv.conf.nameserver 1.1.1.1nameserver 8.8.8.8nameserver 9.9.9.9search .