Is your feature request related to a problem? Please describe.
systemd-resolved attempts to handle the case where an ICMP error is received in response to a DNS request to an upstream server (https://github.com/systemd/systemd/blob/master/src/resolve/resolved-dns-transaction.c#L1187)
However, systemd-resolved never sets IP_RECVERR on the fd (see ip(7),ipv6(7)), so the kernel will not report these errors back to systemd-resolved, thus causing systemd-resolved up waiting for the entire DNS timeout before continuing on to another nameserver.
This provides a terrible user experience in situations where one upstream nameserver is temporarily unreachable.
Describe the solution you'd like
I believe that somewhere (possibly in dns_scope_socket()?) should contain a line similar to:
setsockopt(fd, SOL_IP, family == AF_INET ? IP_RECVERR : IPV6_RECVERR, &one, sizeof(one));
Then unreachable ICMP errors will be returned by the kernel to systemd-resolved, which will immediately treat the packet as lost avoiding the extremely long wait time.
Describe alternatives you've considered
The obvious alternative is to do nothing, and wait for the full timeout.
Is your feature request related to a problem? Please describe.
systemd-resolved attempts to handle the case where an ICMP error is received in response to a DNS request to an upstream server (https://github.com/systemd/systemd/blob/master/src/resolve/resolved-dns-transaction.c#L1187)
However, systemd-resolved never sets IP_RECVERR on the fd (see ip(7),ipv6(7)), so the kernel will not report these errors back to systemd-resolved, thus causing systemd-resolved up waiting for the entire DNS timeout before continuing on to another nameserver.
This provides a terrible user experience in situations where one upstream nameserver is temporarily unreachable.
Describe the solution you'd like
I believe that somewhere (possibly in dns_scope_socket()?) should contain a line similar to:
setsockopt(fd, SOL_IP, family == AF_INET ? IP_RECVERR : IPV6_RECVERR, &one, sizeof(one));Then unreachable ICMP errors will be returned by the kernel to systemd-resolved, which will immediately treat the packet as lost avoiding the extremely long wait time.
Describe alternatives you've considered
The obvious alternative is to do nothing, and wait for the full timeout.