DNS fails with "Using degraded feature set" in logs until resolved is restarted

[jakajancar]

systemd version the issue has been seen with
242 (debian testing)
No problems before upgrading to testing. Stretch worked ok (232).

Used distribution
Debian testing

Problem
DNS resolution stops working. Logs around the time show

Aug 29 10:09:38 homebot systemd-resolved[2191]: Using degraded feature set (UDP) for DNS server 1.1.1.1.
Aug 29 10:09:39 homebot systemd-resolved[2191]: Using degraded feature set (UDP) for DNS server 1.0.0.1.
Aug 29 10:10:12 homebot systemd-resolved[2191]: Using degraded feature set (UDP) for DNS server 1.1.1.1.
Aug 29 10:10:18 homebot systemd-resolved[2191]: Using degraded feature set (UDP) for DNS server 1.0.0.1.
Aug 29 10:10:20 homebot systemd-resolved[2191]: Using degraded feature set (TCP) for DNS server 1.1.1.1.
Aug 29 10:10:24 homebot systemd-resolved[2191]: Using degraded feature set (TCP) for DNS server 1.0.0.1.

Around the same time, wan interface has some problems, loses DHCP lease, IPs/routes etc. are changing. Perhaps resolved doesn't pick up some changes and is tied to old ones?

Broken state persists for 10 hours.
systemctl restart systemd-resolved fixes the problem immediately.

Configuration

[Resolve]
DNS=1.1.1.1 1.0.0.1
FallbackDNS=
DNSSEC=no

I don't think it affects anything, and this works fine (when DNS is working locally that is), but just in case: I'm exposing the stub listener as the DNS server on the LAN:

# cat /etc/systemd/system/home-dns-proxy.service
[Unit]
After=sys-subsystem-net-devices-home.device
BindsTo=sys-subsystem-net-devices-home.device

[Service]
Type=exec
ExecStart=socat UDP6-RECVFROM:53,fork,reuseaddr,interface=home,ipv6only=0 UDP6-SENDTO:127.0.0.53:53
Restart=on-failure

[Install]
WantedBy=multi-user.target

[wavexx]

Likewise, on debian unstable using systemd 242.
Upstream caching resolver is dumb. I have DNSSEC=no set too (this doesn't really prevent EDNS0 being requeried over and over -- should I plug #11849, #5352 and a chain of others).

First requests works, until the grace period is over:

systemd-resolved[15411]: Grace period over, resuming full feature set (UDP+EDNS0) for DNS server X.Y.Z.E.
systemd-resolved[15411]: Using degraded feature set (UDP) for DNS server X.Y.Z.E.

At which point requests start to fail until resolved is restarted.

[wavexx]

Also reproduces on 243.

[wavexx]

This has more implications than I previously realized. On a connection which suffers from packet loss (gsm), resolved will downgrade the probed featureset and by returning to normal will also stop working.

[ripefig]

Can no longer connect to any openvpn server on ubuntu 19.10, and the logs are flooded with these messages.

[ishanjain28]

I also have this issue on systemd 246.1-1

my /etc/systemd/resolved.conf looks like,

[Resolve]
DNS=1.1.1.1 1.0.0.1
FallbackDNS=
Domains=~.
LLMNR=yes
MulticastDNS=yes
DNSSEC=no
DNSOverTLS=yes
Cache=no
#DNSStubListener=no
ReadEtcHosts=yes

[TriMoon]

Maybe makeing use of either one of the below, in a drop-in of the units involved, would fix things:

1. PartOf=
2. PropagatesReloadTo=
3. ReloadPropagatedFrom=

[AlphaHot]

systemd 239 Help me please

~$ systemctl status systemd-resolved.service

06:36:59 ubuntu systemd-resolved[821]: Using system hostname 'ubuntu'.
06:36:59 ubuntu systemd[1]: Started Network Name Resolution.
06:37:12 ubuntu systemd-resolved[821]: Using degraded feature set (UDP) for DNS server 8.8.8.8.
06:37:23 ubuntu systemd-resolved[821]: Using degraded feature set (UDP) for DNS server 1.1.1.1.
06:44:56 ubuntu systemd-resolved[821]: Grace period over, resuming full feature set (UDP+EDNS0) for DNS server 1.1.1.1.

~$ cat /etc/systemd/resolved.conf

[Resolve]
DNS=8.8.8.8 1.1.1.1
#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=yes
#DNSStubListener=yes

[jpcuzz]

I have this same issue after changing my mxlinux from sysvinit to systemd v241.

`cat /etc/systemd/resolved.conf

[Resolve]
#DNS=
#FallbackDNS=
#Domains=
#LLMNR=yes
#MulticastDNS=yes
#DNSSEC=allow-downgrade
#DNSOverTLS=no
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes
`

[lahwaacz]

With this config:

[Resolve]
# CZ.NIC https://www.nic.cz/odvr/
DNS=193.17.47.1#odvr.nic.cz 185.43.135.1#odvr.nic.cz 2001:148f:ffff::1#odvr.nic.cz 2001:148f:fffe::1#odvr.nic.cz
FallbackDNS=
Domains=local
DNSSEC=yes
DNSOverTLS=yes
MulticastDNS=no
LLMNR=no
Cache=yes

Trying to resolve an invalid domain:

$ resolvectl query foo
foo: resolve call failed: Received invalid reply

Triggers the "Using degraded feature set" message in the logs:

systemd-resolved[2939091]: Using degraded feature set UDP instead of TLS+EDNS0+D0 for DNS server 193.17.47.1#odvr.nic.cz.

[simontunnat]

Same issue here using Systemd version 248.3-2-arch

With this config:

[Resolve]
#DNS=
FallbackDNS=1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
#Domains=~.
DNSSEC=allow-downgrade
#DNSOverTLS=no
#MulticastDNS=yes
#LLMNR=yes
#Cache=yes
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no

[muppet3000]

Same issue here on Fedora 34 running systemd-248.7-1
Completely fresh VM installation, it works fine, until I open vscode at which point the DNS immediately drops out.
Restart systemd-resolved and it's back to life again.
Going to attempt another clean VM install to see if the same happens.

[q-thla]

I'm having the same issue for years now, observed with Virtualbox on Windows 10, hosting either ubuntu 18.04 and I recently did a new VM install with ubuntu 20.04 (systemd 245 (245.4-4ubuntu3.11))

The journal contains lines like below, it lists an ipv6 address now, but before I also observed ipv4 addresses.

Aug 19 09:52:21 thla-linux systemd-resolved[114188]: Failed to send hostname reply: Invalid argument
Aug 19 09:53:38 thla-linux systemd-resolved[114188]: Using degraded feature set (TCP) for DNS server 2a02:1800:100::42:2.
Aug 19 09:53:41 thla-linux systemd-resolved[114188]: Using degraded feature set (TCP) for DNS server 2a02:1800:100::42:1.
Aug 19 09:53:50 thla-linux systemd-resolved[114188]: Using degraded feature set (UDP) for DNS server 2a02:1800:100::42:2.

I had the same already being attached to my openwrt router or my ISP (Telenet)'s gateway. I am using the Virtualbox NAT network adapter as a network device, and also a virtualbox network device bridged to my laptop's wired ethernet. There are a few DNS servers configured:

Link 4 (enp0s9) (the ethernet bridge vbox interface)
      Current Scopes: DNS
DefaultRoute setting: yes
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 2a02:1800:100::42:2
         DNS Servers: 2a02:1800:100::42:2
                      2a02:1800:100::42:1
          DNS Domain: ~.
                      telenet.be

Link 3 (enp0s8) (the virtualbox host NAT interface)
      Current Scopes: DNS
DefaultRoute setting: yes
       LLMNR setting: yes
MulticastDNS setting: no           
  DNSOverTLS setting: no           
      DNSSEC setting: no           
    DNSSEC supported: no           
  Current DNS Server: 10.197.2.201 
         DNS Servers: 10.197.2.201 
                      10.197.2.200 
                      195.130.130.2
                      195.130.131.2
          DNS Domain: ~.           
                      home     

[Eonfge]

I have similar symptoms, but I also discovered something else: The issue disappears for me when I switch to a VPN.

Test case

I have to update PIP dependencies. Not exactly an unknown thing in the world of Linux, but for some reason it takes very long to the point that I abort. Then, when I enable the VPN and restart the PIP update, it goes very fast.

Other processes, like Firefox or video games, don't seem to suffer from this problem.

Base setup

Global
       Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp34s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: fd00::eadf:70ff:fea4:9833
       DNS Servers: 192.168.178.1 fd00::eadf:70ff:fea4:9833
        DNS Domain: fritz.box

Link 3 (wlo1)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

With VPN

Global
       Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp34s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.178.1
       DNS Servers: 192.168.178.1
        DNS Domain: fritz.box

Link 3 (wlo1)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 4 (tun0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.9.0.1
       DNS Servers: 10.9.0.1

Logs

-- Journal begins at Fri 2021-07-23 20:18:24 CEST. --
sep 23 16:43:45 kevin-at-fedora systemd-resolved[1029]: Positive Trust Anchors:
sep 23 16:43:45 kevin-at-fedora systemd-resolved[1029]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
sep 23 16:43:45 kevin-at-fedora systemd-resolved[1029]: Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
sep 23 16:43:45 kevin-at-fedora systemd-resolved[1029]: Using system hostname 'kevin-at-fedora'.
sep 23 16:43:45 kevin-at-fedora systemd[1]: Started Network Name Resolution.
sep 23 16:43:48 kevin-at-fedora systemd-resolved[1029]: enp34s0: Bus client set search domain list to: fritz.box
sep 23 16:43:48 kevin-at-fedora systemd-resolved[1029]: enp34s0: Bus client set default route setting: yes
sep 23 16:43:48 kevin-at-fedora systemd-resolved[1029]: enp34s0: Bus client set DNS server list to: 192.168.178.1
sep 23 16:43:48 kevin-at-fedora systemd-resolved[1029]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 192.168.178.1.
sep 23 16:43:50 kevin-at-fedora systemd-resolved[1029]: enp34s0: Bus client set DNS server list to: 192.168.178.1, fd00::eadf:70ff:fea4:9833
sep 23 16:49:52 kevin-at-fedora systemd-resolved[1029]: enp34s0: Bus client set default route setting: no
sep 23 16:49:52 kevin-at-fedora systemd-resolved[1029]: enp34s0: Bus client set DNS server list to: 192.168.178.1
sep 23 16:49:52 kevin-at-fedora systemd-resolved[1029]: tun0: Bus client set default route setting: yes
sep 23 16:49:52 kevin-at-fedora systemd-resolved[1029]: tun0: Bus client set DNS server list to: 10.9.0.1

System

System:    Host: kevin-at-fedora Kernel: 5.13.16-200.fc34.x86_64 x86_64 bits: 64 compiler: gcc v: 2.35.2-5.fc34 
           Desktop: GNOME 40.4 Distro: Fedora release 34 (Thirty Four) 
Machine:   Type: Desktop Mobo: Micro-Star model: B450 GAMING PRO CARBON AC (MS-7B85) v: 1.0 serial: <superuser required> 
           UEFI: American Megatrends LLC. v: 1.F4 date: 04/22/2021 
CPU:       Info: 8-Core model: AMD Ryzen 7 2700 bits: 64 type: MT MCP arch: Zen+ rev: 2 cache: L2: 4 MiB 
           flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 116797 
           Speed: 3650 MHz min/max: N/A Core speeds (MHz): 1: 3650 2: 3650 3: 3650 4: 3650 5: 3650 6: 3650 7: 3650 8: 3650 
           9: 3650 10: 3650 11: 3650 12: 3506 13: 3650 14: 3650 15: 3650 16: 3650 
Graphics:  Device-1: NVIDIA GM204 [GeForce GTX 970] vendor: Micro-Star MSI driver: nvidia v: 470.63.01 bus-ID: 26:00.0 
           Display: x11 server: X.Org 1.20.11 driver: loaded: nvidia resolution: 1: 1280x1024~60Hz 2: 2560x1440~60Hz 
           OpenGL: renderer: NVIDIA GeForce GTX 970/PCIe/SSE2 v: 4.6.0 NVIDIA 470.63.01 direct render: Yes 
Audio:     Device-1: NVIDIA GM204 High Definition Audio vendor: Micro-Star MSI driver: snd_hda_intel v: kernel bus-ID: 26:00.1 
           Device-2: Advanced Micro Devices [AMD] Family 17h HD Audio vendor: Micro-Star MSI driver: snd_hda_intel v: kernel 
           bus-ID: 28:00.3 
           Device-3: Cooler Master Sirus Headset type: USB driver: hid-generic,snd-usb-audio,usbhid bus-ID: 1-8:3 
           Sound Server-1: ALSA v: k5.13.16-200.fc34.x86_64 running: yes 
           Sound Server-2: JACK v: 1.9.17 running: no 
           Sound Server-3: PulseAudio v: 14.2-rebootstrapped running: no 
           Sound Server-4: PipeWire v: 0.3.36 running: yes 
Network:   Device-1: Intel Wireless-AC 9260 driver: iwlwifi v: kernel bus-ID: 21:00.0 
           IF: wlo1 state: down mac: 26:53:d0:d3:33:92 
           Device-2: Intel I211 Gigabit Network vendor: Micro-Star MSI driver: igb v: kernel port: f000 bus-ID: 22:00.0 
           IF: enp34s0 state: up speed: 1000 Mbps duplex: full mac: 00:d8:61:55:f1:dc 
           IF-ID-1: tun0 state: unknown speed: 10 Mbps duplex: full mac: N/A 
Bluetooth: Device-1: Intel Wireless-AC 9260 Bluetooth Adapter type: USB driver: btusb v: 0.8 bus-ID: 3-4:4 
           Report: rfkill ID: hci0 rfk-id: 0 state: down bt-service: enabled,running rfk-block: hardware: no software: yes 
           address: see --recommends 
Drives:    Local Storage: total: 6.37 TiB used: 1.9 TiB (29.8%) 
           ID-1: /dev/nvme0n1 vendor: Western Digital model: WDS100T2B0C-00PXH0 size: 931.51 GiB temp: 39.9 C 
           ID-2: /dev/sda vendor: Seagate model: ST6000VN001-2BB186 size: 5.46 TiB 
Partition: ID-1: / size: 895.22 GiB used: 704.49 GiB (78.7%) fs: ext4 dev: /dev/dm-0 mapped: fedora_localhost--live-root 
           ID-2: /boot size: 3.87 GiB used: 258.2 MiB (6.5%) fs: ext4 dev: /dev/nvme0n1p2 
           ID-3: /boot/efi size: 1022 MiB used: 16.1 MiB (1.6%) fs: vfat dev: /dev/nvme0n1p1 
Swap:      ID-1: swap-1 type: partition size: 16 GiB used: 0 KiB (0.0%) dev: /dev/dm-1 mapped: fedora_localhost--live-swap 
           ID-2: swap-2 type: zram size: 8 GiB used: 0 KiB (0.0%) dev: /dev/zram0 
Sensors:   System Temperatures: cpu: 43.8 C mobo: 37.0 C gpu: nvidia temp: 57 C 
           Fan Speeds (RPM): fan-1: 0 fan-2: 1150 fan-3: 636 fan-4: 0 fan-5: 578 fan-6: 579 gpu: nvidia fan: 0% 
Info:      Processes: 387 Uptime: 11m Memory: 31.27 GiB used: 3.37 GiB (10.8%) Init: systemd runlevel: 5 Compilers: 
           gcc: 11.2.1 clang: 12.0.1 Packages: 153 Shell: Bash v: 5.1.0 inxi: 3.3.06 

[Findarato]

Just started to run into this recently as well. Seams to start when I open up a specific game Elder Scrolls Online Though steam and Proton, Does not matter the version of proton.

systemctl --version                                            0.48 
systemd 248 (v248.7-1.fc34)
+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified

Oct 05 14:10:51 tear systemd-resolved[14085]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server {DNS1}.
Oct 05 14:10:56 tear systemd-resolved[14085]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server {DNS2}.
Oct 05 14:11:12 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:11:12 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS2}.
Oct 05 14:11:15 tear systemd-resolved[14085]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server {DNS1}.
Oct 05 14:11:26 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:11:26 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:11:36 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:11:36 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:11:46 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:11:46 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:11:51 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:11:51 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:12:01 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:12:01 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:12:11 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:12:11 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:12:16 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:12:21 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:12:31 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:12:31 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:12:41 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:12:41 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:12:41 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:12:51 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:12:51 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:12:51 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:13:01 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:13:01 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:13:06 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:13:16 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:13:16 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:13:16 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:13:26 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:13:26 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:13:32 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:13:42 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:13:42 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:13:42 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:14:55 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:14:55 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:14:56 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:16:25 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:16:30 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:16:35 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:16:51 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:16:51 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:16:56 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:17:02 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:19:55 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:19:55 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:22:12 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:22:12 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:22:23 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:22:23 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:22:33 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:22:33 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:22:43 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:22:43 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:22:48 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:22:48 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:24:56 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:25:01 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:26:25 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:26:25 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:27:59 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:27:59 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:28:04 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:28:15 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:28:15 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:28:15 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:29:55 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:29:55 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:33:25 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:33:36 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:33:36 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:33:36 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:33:46 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:33:46 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:33:51 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:35:01 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:35:01 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:38:57 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:39:07 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:39:07 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:39:12 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:39:23 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:39:23 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:39:23 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:40:01 tear systemd-resolved[14085]: Using degraded feature set TCP instead of UDP for DNS server {DNS1}.
Oct 05 14:40:01 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.
Oct 05 14:41:30 tear systemd-resolved[14085]: Using degraded feature set UDP instead of TCP for DNS server {DNS1}.

[peterdk]

Same issue, on multiple machines using Ubuntu 20.04.

systemd 245 (245.4-4ubuntu3.13)
+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid

Grace period over, resuming full feature set (UDP+EDNS0) for DNS server a.b.c.d.
jan 02 15:17:27  systemd-resolved[508625]: Using degraded feature set (UDP) for DNS server a.b.c.d.
jan 02 19:18:11  systemd-resolved[508625]: Grace period over, resuming full feature set (UDP+EDNS0) for DNS server a.b.c.d.
jan 02 19:18:17  systemd-resolved[508625]: Using degraded feature set (UDP) for DNS server a.b.c.d.
jan 02 23:19:10  systemd-resolved[508625]: Grace period over, resuming full feature set (UDP+EDNS0) for DNS server a.b.c.d.
jan 02 23:19:14  systemd-resolved[508625]: Using degraded feature set (UDP) for DNS server a.b.c.d.
jan 03 07:21:31  systemd-resolved[508625]: Grace period over, resuming full feature set (UDP+EDNS0) for DNS server a.b.c.d.
jan 03 07:21:42  systemd-resolved[508625]: Using degraded feature set (UDP) for DNS server a.b.c.d.
jan 03 13:24:10  systemd-resolved[508625]: Grace period over, resuming full feature set (UDP+EDNS0) for DNS server a.b.c.da.b.c.d

Restarting systemd-resolved fixes it, but even when setting caching to no, it still fails regurarly again.

[qwertyiop]

Recently encountered the same issue on Fedora 35. Use systemd-resolved, systemd-networkd and iwd.

> ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp14s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 4c:72:b9:b5:c6:f1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.5/24 metric 10 brd 192.168.0.255 scope global enp14s0
       valid_lft forever preferred_lft forever
    inet6 fe80::4e72:b9ff:feb5:c6f1/64 scope link 
       valid_lft forever preferred_lft forever
4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 20:68:9d:25:4e:9c brd ff:ff:ff:ff:ff:ff
    altname wlp13s0
    inet6 fe80::2268:9dff:fe25:4e9c/64 scope link 
       valid_lft forever preferred_lft forever
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:75:2b:57 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever

> ip r
default via 192.168.0.1 dev enp14s0 proto dhcp src 192.168.0.5 metric 10 
192.168.0.0/24 dev enp14s0 proto kernel scope link src 192.168.0.5 metric 10 
192.168.0.1 dev enp14s0 proto dhcp scope link src 192.168.0.5 metric 10 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

> resolvectl status
Global
       Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
      DNS Domain: Fcname
 
Link 2 (enp14s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.0.1
       DNS Servers: 192.168.0.1
 
Link 4 (wlan0)
Current Scopes: LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
 
Link 5 (virbr0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported 

> journalctl -b -u systemd-resolved
-- Journal begins at Sat 2022-01-01 22:23:41 +06, ends at Tue 2022-01-04 23:01:59 +06. --
янв 04 22:50:17 localhost.localdomain systemd[1]: Starting Network Name Resolution...
янв 04 22:50:17 localhost.localdomain systemd-resolved[532]: Positive Trust Anchors:
янв 04 22:50:17 localhost.localdomain systemd-resolved[532]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
янв 04 22:50:17 localhost.localdomain systemd-resolved[532]: Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
янв 04 22:50:17 localhost.localdomain systemd-resolved[532]: Defaulting to hostname 'fedora'.
янв 04 22:50:17 localhost.localdomain systemd[1]: Started Network Name Resolution.
янв 04 22:50:39 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 192.168.0.1.
янв 04 22:50:50 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:51:21 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:51:26 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:51:46 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:51:52 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:52:12 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:52:17 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:52:29 localhost.localdomain systemd-resolved[532]: Failed to send hostname reply: Transport endpoint is not connected
янв 04 22:52:38 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:52:43 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:53:04 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:53:09 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:53:25 localhost.localdomain systemd-resolved[532]: Failed to send hostname reply: Transport endpoint is not connected
янв 04 22:53:29 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:53:35 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:53:45 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:53:50 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:54:00 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:54:05 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:54:15 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:54:21 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:54:41 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:54:46 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:54:49 localhost.localdomain systemd-resolved[532]: Failed to send hostname reply: Transport endpoint is not connected
янв 04 22:54:57 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:55:02 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:55:22 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:55:28 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:55:45 localhost.localdomain systemd-resolved[532]: Failed to send hostname reply: Transport endpoint is not connected
янв 04 22:55:48 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:55:53 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:56:04 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:56:09 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:56:19 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:56:24 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:56:35 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:56:40 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:57:00 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:57:06 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:57:09 localhost.localdomain systemd-resolved[532]: Failed to send hostname reply: Transport endpoint is not connected
янв 04 22:57:16 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:57:21 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:57:42 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:57:47 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:58:07 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:58:13 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:58:23 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:58:28 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:58:38 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:58:44 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:58:54 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:58:59 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:59:19 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:59:25 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 22:59:29 localhost.localdomain systemd-resolved[532]: Failed to send hostname reply: Transport endpoint is not connected
янв 04 22:59:45 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 22:59:50 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 23:00:01 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 23:00:05 localhost.localdomain systemd-resolved[532]: Failed to send hostname reply: Transport endpoint is not connected
янв 04 23:00:06 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 23:00:16 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 23:00:21 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 23:00:42 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 23:00:47 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 23:00:57 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 23:01:03 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 23:01:13 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 23:01:18 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 23:01:28 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 23:01:34 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
янв 04 23:01:49 localhost.localdomain systemd-resolved[532]: Failed to send hostname reply: Transport endpoint is not connected
янв 04 23:01:54 localhost.localdomain systemd-resolved[532]: Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1.
янв 04 23:01:59 localhost.localdomain systemd-resolved[532]: Using degraded feature set TCP instead of UDP for DNS server 192.168.0.1.
-- Journal begins at Sat 2022-01-01 22:23:41 +06, ends at Tue 2022-01-04 23:02:25 +06. --

> journalctl -b -u systemd-networkd
янв 04 22:50:12 localhost.localdomain systemd[1]: Starting Network Configuration...
янв 04 22:50:12 localhost.localdomain systemd-networkd[468]: lo: Link UP
янв 04 22:50:12 localhost.localdomain systemd-networkd[468]: lo: Gained carrier
янв 04 22:50:12 localhost.localdomain systemd-networkd[468]: Enumeration completed
янв 04 22:50:12 localhost.localdomain systemd[1]: Started Network Configuration.
янв 04 22:50:15 localhost.localdomain systemd-networkd[468]: eth0: Interface name change detected, renamed to enp14s0.
янв 04 22:50:15 localhost.localdomain systemd-networkd[468]: enp14s0: Link UP
янв 04 22:50:16 localhost.localdomain systemd-networkd[468]: wlan0: Interface name change detected, renamed to wlp13s0.
янв 04 22:50:16 localhost.localdomain systemd-networkd[468]: enp14s0: Gained carrier
янв 04 22:50:17 localhost.localdomain systemd-networkd[468]: wlp13s0: Link UP
янв 04 22:50:18 localhost.localdomain systemd-networkd[468]: enp14s0: Gained IPv6LL
янв 04 22:50:21 localhost.localdomain systemd-networkd[468]: enp14s0: DHCPv4 address 192.168.0.5/24 via 192.168.0.1
янв 04 22:50:28 localhost.localdomain systemd-networkd[468]: wlp13s0: Link DOWN
янв 04 22:50:28 localhost.localdomain systemd-networkd[468]: wlan0: Link UP
янв 04 22:50:28 localhost.localdomain systemd-networkd[468]: wlan0: Connected WiFi access point: HOME5000 (98:da:c4:8d:93:f1)
янв 04 22:50:29 localhost.localdomain systemd-networkd[468]: wlan0: Gained carrier
янв 04 22:50:31 localhost.localdomain systemd-networkd[468]: wlan0: Gained IPv6LL
янв 04 22:50:36 localhost.localdomain systemd-networkd[468]: virbr0: Link UP

> journalctl -b -u iwd
-- Journal begins at Sat 2022-01-01 22:23:41 +06, ends at Tue 2022-01-04 23:02:35 +06. --
янв 04 22:50:22 localhost.localdomain systemd[1]: Starting Wireless service...
янв 04 22:50:26 localhost.localdomain iwd[582]: Wireless daemon version 1.20
янв 04 22:50:26 localhost.localdomain iwd[582]: Loaded configuration from /etc/iwd/main.conf
янв 04 22:50:26 localhost.localdomain systemd[1]: Started Wireless service.
янв 04 22:50:26 localhost.localdomain iwd[582]: station: Network configuration is disabled.
янв 04 22:50:28 localhost.localdomain iwd[582]: rfkill id 0 can't be matched to a wiphy
янв 04 22:50:28 localhost.localdomain iwd[582]: Wiphy: 0, Name: phy0
янв 04 22:50:28 localhost.localdomain iwd[582]:         Permanent Address: 20:68:9d:25:4e:9c
янв 04 22:50:28 localhost.localdomain iwd[582]:         2.4Ghz Band:
янв 04 22:50:28 localhost.localdomain iwd[582]:                 Bitrates (non-HT):
янв 04 22:50:28 localhost.localdomain iwd[582]:                          1.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                          2.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                          5.5 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                         11.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                          6.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                          9.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                         12.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                         18.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                         24.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                         36.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                         48.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                         54.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                 HT Capabilities:
янв 04 22:50:28 localhost.localdomain iwd[582]:                         HT40
янв 04 22:50:28 localhost.localdomain iwd[582]:                         Short GI for 20Mhz
янв 04 22:50:28 localhost.localdomain iwd[582]:                         Short GI for 40Mhz
янв 04 22:50:28 localhost.localdomain iwd[582]:                 HT RX MCS indexes:
янв 04 22:50:28 localhost.localdomain iwd[582]:                         0-15
янв 04 22:50:28 localhost.localdomain iwd[582]:         5Ghz Band:
янв 04 22:50:28 localhost.localdomain iwd[582]:                 Bitrates (non-HT):
янв 04 22:50:28 localhost.localdomain iwd[582]:                          6.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                          9.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                         12.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                         18.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                         24.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                         36.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                         48.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                         54.0 Mbps
янв 04 22:50:28 localhost.localdomain iwd[582]:                 HT Capabilities:
янв 04 22:50:28 localhost.localdomain iwd[582]:                         HT40
янв 04 22:50:28 localhost.localdomain iwd[582]:                         Short GI for 20Mhz
янв 04 22:50:28 localhost.localdomain iwd[582]:                         Short GI for 40Mhz
янв 04 22:50:28 localhost.localdomain iwd[582]:                 HT RX MCS indexes:
янв 04 22:50:28 localhost.localdomain iwd[582]:                         0-15
янв 04 22:50:28 localhost.localdomain iwd[582]:         Ciphers: CCMP TKIP BIP
янв 04 22:50:28 localhost.localdomain iwd[582]:         Supported iftypes: ad-hoc station ap p2p-client p2p-go
янв 04 22:50:29 localhost.localdomain iwd[582]: Unexpected connection related event -- is another supplicant running?
янв 04 22:50:29 localhost.localdomain iwd[582]: hardware_rekey not supported

[zesty]

Here's what worked for me on ubuntu 20.04.4 LTS, and survived a reboot :)

In firefox, while using vpn and not, I was getting a lot of pr_end_of_file_error errors, or pages -- esp. smile.amazon.com -- would not load completely, or my first click on a page would seem to go nowhere (???).

Then I found the degraded messages in the logs:
sudo journalctl -r -u systemd-resolved

Previously I was trying to use google dns 8.8.8.8 and 8.8.4.4, and was getting the degraded log message only for the latter. I switched to cloudflare below.

(Side note: I think my rotation of vpn providers helped mess things up, but enabling and disabling (current: surfshark) vpn now does not mess things up for me.)

---

sudo vim /etc/systemd/resolved.conf

the part changed:

[Resolve]
DNS=1.1.1.1
FallbackDNS=1.0.0.1

I wasn't sure if this one was generated from somewhere else, but it seems needed to fix the network interface device (see below):
sudo vim /etc/NetworkManager/system-connections/Wired*

the part changed:

[ipv4]
dns=1.1.1.1;1.0.0.1;

I don't use ipv6 because vpn, but in case you want them:

2606:4700:4700::1111
2606:4700:4700::1001

restart the things, and check the result:

sudo service systemd-resolved restart
sudo systemctl restart NetworkManager
sudo systemd-resolve --flush-caches
sudo systemd-resolve --status

at this point, per the last command, my internet ethernet device was stuck on the old dns settings, so...

sudo ifconfig enp4s0 down # your device name is probably different
sudo ifconfig enp4s0 up

should be OK now:

sudo systemd-resolve --status
ping -c 1 google.com

should be OK now:
sudo journalctl -r -u systemd-resolved

just for fun:
sudo systemd-resolve --statistics

dnssec test page:
https://dnscheck.tools/#advanced

[zesty]

addendum to previous for 22.04 LTS:
replace sudo systemd-resolve commands with variants of sudo resolvectl

[Rick1029]

Note when replacing systemd-resolve with resolvectl to forego the "--" dashes behind the commands. So instead of treating them as flags just do sudo resolvectl flush-caches

I had a very similar issue to this on 22.04, my truncated logs are below. Restarting systemd didn't help, only stopping the service completely and putting nameserver 1.1.1.1 in /etc/resolv.conf helped - but that came with the slew of problems disabling systemd-resolv does - "Could not find local hostname" among other problems. I'd consider this a hack to only use when you really need internet (Like to reconect to a VPN service to fix your DNS). Turning systemd-resolv back on reverts whatever changes you made.

Prior to my issue I'd been using ProtonVPN and OpenVPN (not simultaneously). My laptop died while ProtonVPN was connected and when restarting it the issue came up - all I had to do was reconnect to ProtonVPN (See above how to initially connect to wifi) and then turning it off, enabling systemd-resolve again and all works fine. I'm not getting my below error messages anymore.

Using degraded feature set UDP instead of UDP+EDNS0 for DNS server ::1.
Using degraded feature set TCP instead of UDP for DNS server ::1.
Using degraded feature set UDP instead of TCP for DNS server ::1.
Using degraded feature set TCP instead of UDP for DNS server ::1.
Using degraded feature set UDP instead of TCP for DNS server ::1.
Logs above repeat indefinitely

[rquinlivan]

Still getting burned by this. None of the resolved hacks mentioned above work for me.

[rquinlivan]

@Rick1029 Did you have any luck fixing this issue? I also was using ProtonVPN and I believe something interrupted the connection.

[rquinlivan]

@Rick1029 Update: I was able to resolve this at least temporarily by manually downing the "ipv6leak" network interface created by ProtonVPN.

[ahofstetter]

Does anyone think this issue will ever be fixed?
Getting this error in Ubuntu 18.04 and none of the suggestions work
systemd-resolved[813]: Using degraded feature set (UDP) for DNS server 1.1.1.1.

[sryze]

Same problem in elementaryOS 6.1 (i.e. Ubuntu 20.04) with systemd 245

journalctl logs:

Using degraded feature set (TCP) for DNS server ::1.
Using degraded feature set (UDP) for DNS server ::1.

/etc/resolv.conf:

nameserver 127.0.0.53

Restarting systemd-resolved doesn't fix it for me. The only thing that's been working so far is manually editing /etc/resolv.conf and THEN restarting the service.

[JamesLIAOHJ]

I faced this trouble when install a new Ubuntu Jammy on vm, but after some operate, it now working good without those annoying logs.

I tried some steps bellow:

1. comment nameservers config in /etc/netplan/*.yaml
2. add DNS=192.168.0.1 in config file /etc/systemd/resolved.conf
3. add DNSSEC=no DNSOverTLS=no DNSStubListener=yes in config file /etc/systemd/resolved.conf
4. remove /etc/resolv.conf
5. run sudo netplan generate sudo netplan apply
6. run sudo systemctl restart systemd-networkd
7. run sudo systemctl restart systemd-resolved
8. reboot vm machine
9. relink /etc/resolv.conf to /run/systemd/resolve/resolv.conf
10. cat /etc/resolv.conf now get nameserver 192.168.0.1 \n search . , there is no options edns0
11. sudo journalctl -b -f -u systemd-resolved then Those annoying logs gone

content of file /etc/netplan/00-installer-config.yaml

network:
  ethernets:
    ens33:
      dhcp6: false
      addresses:
      - 192.168.0.222/24
      #gateway4: 192.168.0.1
      routes:
        - to: default
          via: 192.168.0.1
        - to: 192.168.1.0/24
          via: 192.168.0.254
          metric: 100
      #nameservers:
        #addresses: [192.168.0.1]
        #search: []
  version: 2

content of file /etc/systemd/resolved.conf

[Resolve]
DNS=192.168.0.1
#FallbackDNS=
#Domains=
DNSSEC=no
DNSOverTLS=no
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no

[ankostis]

• I'm on Debian SID, and being bugged by this immediately after i installed systemd-resolved :-(
• My home router has IPv6, and without /etc/systemd/resolved.conf:DNSSEC=no my DNS resolution takes awfully lot of time to settle, and probably this log msg is related:
  • Failed to send hostname reply: Transport endpoint is not connected
• I'm missing a diagnosis, what is the problem? Which activity is affected and why?

[JamesLIAOHJ]

I am not sure its a good solution, by it works for me:

1. remove the link file /etc/resolv.conf
2. create a real file /etc/resolv.conf, add two line in it

nameserver YOUR LOCAL NAMESERVER ADDRESS
search .

3. add DNSSEC=no to /etc/systemd/resolved.conf
4. restart systemd-resolved.service or reboot

[TriMoon]

@JamesLIAOHJ you can already change those settings per .network configuration, no need to do that with removing a file etc...

• systemd.network.html#DNS=
• systemd.network.html#DNSSEC=

[floviolleau]

Hi,

On my side, I moved from 192.168.0.X to 192.168.2.X on my router because none of the solutions above worked.

When I tried to go with a browser to http://192.168.0.1, I got a 404 despite having the router web interface... Something seem to catch and redirect to a 404, but what? I dunno
In logs, I have a lot of Using degraded feature set UDP instead of TCP for DNS server 192.168.0.1 and Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 192.168.0.1.. Don't know if it is related.

Now after the change, if go with a browser to http://192.168.2.1, I've got the router web interface.
With 192.168.2.X it is working fine....

Don't know why suddenly it stopped to work on Ubuntu 22.10.

If I go on another network and IP is 192.168.1.X, no issues (and never had issues).

Any clues?

[ankostis]

In my case i think i what is causing the problem (but not yet why),
since the IP of the logs i'm receiving belongs to the tailscale service (probably tailscale/tailscale#3639):

systemd-resolved[596]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 100.100.100.100.

Indeed when i disable tailscale service i do not get this log anymore.
And this is my configuration with tailscale enabled.

$ resolvectl status
...
Link 4 (tailscale0)
    Current Scopes: DNS
         Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 100.100.100.100
       DNS Servers: 100.100.100.100

Any idea if this is fixable, and how?

[TriMoon]

UDP instead of UDP+EDNS0

Means that your tailscale doesn't support or is not configured for UDP+EDNS0 🤷‍♀️
So you might want to check that...

At moment i don't even know what that protocol is, just rewording the message for you...

edit: It might also mean your *.network config doesn't have DNSOverTLS / DNSSEC enabled for it, just by looking at the output of resolvectl you gave....
Example:

• -DefaultRoute ⇒ not enabled for the link.
• -LLMNR ⇒ not enabled for the link.
• DNSSEC=no/unsupported ⇒ not enabled for the link.
• -DNSOverTLS ⇒ not enabled for the link.
  +DNSOverTLS would mean DNSOverTLS is enabled for the link. (Note the sign before the tag)

[ankostis]

It might also mean your *.network config doesn't have DNSOverTLS / DNSSEC enabled for it, just by looking at the

I though /etc/systemd/resolved.conf is where DNSOverTLS is defined.
Specifically this is my config:

[Resolve]
DNS= 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
#FallbackDNS=
#Domains=
#DNSSEC=no
DNSOverTLS=opportunistic
#MulticastDNS=yes
#LLMNR=yes
#Cache=yes
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no

• Tailscale, to my understanding, is a zero-configurations "rendezvous" vpn-like networking daemon, installed on all your personal devices and they can all see echother without a VPN server.

[TriMoon]

I though /etc/systemd/resolved.conf is where DNSOverTLS is defined.

It is for the global setting, but not for the per-link if so needed. (resolved.conf.html#DNSOverTLS=)

In addition to this global DNSOverTLS= setting systemd-networkd.service(8) also maintains per-link DNSOverTLS= settings. For system DNS servers (see above), only the global DNSOverTLS= setting is in effect. For per-link DNS servers the per-link setting is in effect, unless it is unset in which case the global setting is used instead.

---

DNSOverTLS=opportunistic

See the bolded lines for a hint.

When set to "opportunistic" DNS request are attempted to send encrypted with DNS-over-TLS.
If the DNS server does not support TLS, DNS-over-TLS is disabled.
Note that this mode makes DNS-over-TLS vulnerable to "downgrade" attacks, where an attacker might be able to trigger a downgrade to non-encrypted mode by synthesizing a response that suggests DNS-over-TLS was not supported.
If set to false, DNS lookups are send over UDP.

[ankostis]

If i understand correct what you implied, the bolded line means that the error i'm receiving happens only once, when the downgrade of the tailscale DNS is first contacted, correct?

Could the above description explain by the timing of the logs i'm receiving?

Dec 20 11:10:33 hostname systemd-resolved[596]: Using degraded feature set UDP+EDNS0 instead of TLS+EDNS0 f>
Dec 20 11:10:39 hostname systemd-resolved[596]: Using degraded feature set UDP+EDNS0 instead of TLS+EDNS0 f>
Dec 20 11:41:00 hostname systemd-resolved[596]: Using degraded feature set UDP+EDNS0 instead of TLS+EDNS0 f>
Dec 20 11:41:02 hostname systemd-resolved[596]: Using degraded feature set UDP+EDNS0 instead of TLS+EDNS0 f>
Dec 20 13:07:07 hostname systemd-resolved[596]: Using degraded feature set UDP+EDNS0 instead of TLS+EDNS0 f>

[TriMoon]

Well i suppose queries do not use a "keep-alive" that long or at all, maybe thats why you get repeated log messages 🤷‍♀️

PS: your last output shows it's using the UDP+EDNS0 instead of TLS+EDNS0 which is new info also wrt to previous info you posted....

[franziskahahn]

I do also have this problem again and again.

Jan 20 15:48:26 *** systemd-resolved[1939]: Using degraded feature set UDP instead of TCP for DNS server 192.168.21.19.
Jan 20 15:48:31 *** systemd-resolved[1939]: Using degraded feature set TCP instead of UDP for DNS server 192.168.20.5.

Sometimes, the "+EDNS0" also shows up (but I can not reproduce when which error message occurs).

DNSSEC is set to no but this did not change anything.

Is there anything else I could provide to help finding a solution? It is really annoying because I need VPN to work :(

[heis2201]

I still see this on a Fedora 36 host; IPs are from DHCP server (incl DNS).
If I point my client to the DNS server directly, all is good.

Jan 23 21:55:44 fedora systemd-resolved[1672]: enp0s25: Bus client set search domain list to: fritz.box
Jan 23 21:55:44 fedora systemd-resolved[1672]: enp0s25: Bus client set default route setting: yes
Jan 23 21:55:44 fedora systemd-resolved[1672]: enp0s25: Bus client set DNS server list to: 10.7.8.8

...but when I point it to my router (which distributes a list with two local DNS resolvers), I get:

Jan 23 22:12:24 fedora systemd-resolved[1672]: enp0s25: Bus client set search domain list to: fritz.box
Jan 23 22:12:24 fedora systemd-resolved[1672]: enp0s25: Bus client set default route setting: yes
Jan 23 22:12:24 fedora systemd-resolved[1672]: enp0s25: Bus client set DNS server list to: 10.7.8.1
Jan 23 22:12:24 fedora systemd-resolved[1672]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server

restarting systemd-resolved.service makes the message disappear. Is this hardware related? (@fritzbox)

[R3DRUN3]

@Rick1029 Update: I was able to resolve this at least temporarily by manually downing the "ipv6leak" network interface created by ProtonVPN.

I suspected that in my case it had something to do with ProtonVPN, however the downing of the interface doesn't survive the reboot.
What definitely fixed it for me was to delete the interface with the following command (on Ubuntu 22.04 LTS):

cd /etc/NetworkManager/system-connections \
&& sudo rm -r pvpn-ipv6leak-protection.nmconnection \
&& sudo systemctl restart NetworkManager

[oluceps]

Sometimes, the "+EDNS0" also shows up (but I can not reproduce when which error message occurs).

DNSSEC is set to no but this did not change anything.

Same on 253.3

[acidDrain]

Sometimes, the "+EDNS0" also shows up (but I can not reproduce when which error message occurs).

DNSSEC is set to no but this did not change anything.

Same on 253.3

Same on 253.5, as far as I can tell.

• Arch Linux
• I run my own
  • DHCP server (isc-dhcp-server on debian 11)
  • named/bind server (same box as DHCP) for authoritative DNS server for my local domains
  • and a separate DNS server for recursive lookups that uses adguard DNS (inside a docker container using their published image, uses a bridge network/interface and exposes tcp and udp/53)
• I do not currently use DNS over TLS or DNS over HTTPS or anything fancy, just vanilla UDP port 53, cleartext.

Jun 09 18:30:16 myhost systemd-resolved[687]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 192.168.0.1.
Jun 09 18:52:51 myhost systemd-resolved[687]: Grace period over, resuming full feature set (UDP+EDNS0) for DNS server 192.168.0.1.
Jun 09 18:52:51 myhost systemd-resolved[687]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 192.168.0.1.
Jun 09 18:58:05 myhost systemd-resolved[687]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 192.168.0.1.

[octylFractal]

Try setting SYSTEMD_LOG_LEVEL=debug as indicated by the ArchWiki.

[robogeek]

I moved from 192.168.0.X to 192.168.2.X

Just an FYI - I have Ubuntu 22.04 and ran into this issue with a Tenda N300 WiFi router. I've been using my cellphone as a WiFi hotspot, and the Ubuntu machine worked great that way. But, switching to this router it failed with the messages shown here about downgrading and using UDP instead of TCP or whatnot.

I've read a bunch of postings all asking about the same problem, and have tried many of the advice, all of which is mentioned on this issue thread.

The above suggestion to switch from the NNN.NNN.0.NNN network to the NNN.NNN.2.NNN network, that worked. This router was configured by default for the .0. network, switching to .2. fixed the problems.

The problem I observed is primarily about DNS resolution - in that DNS names wouldn't resolve, and in /var/log/syslog the error messages shown elsewhere on this page would be logged. Sometimes I'd be able to ping remote addresses, other times not.

FYI

[bordenc]

Try setting SYSTEMD_LOG_LEVEL=debug as indicated by the ArchWiki.

With respect, when the only way to troubleshoot defective software is to activate developer mode (and flood the logs with messages), the bug is still with the software. What happened to the principles of "break loud" and "give useful error messages"?

Notwithstanding an actual software patch with useful troubleshooting messages, I guess debug mode will have to suffice.

My particular problem with resolved seemed to resolve magically, so I'm of no more use other than "keep running updates and hope."

[ml4]

I'm on an Ubuntu 22.04.3 LTS Jammy ARM guest on Parallels/M1max and have recently started experiencing the same - ping shows randomised drop outs and checking iTerm on the host, ping/browser processes no problem, so its def the Ubuntu guest not the host and thus not the hardware. Would be good to work out what's causing it, as my network access is interrupted constantly.

Reproduced on systemd 249.

[ankitsinghaniyaz]

@robogeek I'm having exactly the same symptoms as you. I'll try to change to 0.2 and see if that works for me.

---

Update: just did that it worked.

[zelch]

Reading through this bug report, and reading through the code in dns_server_possible_feature_level in resolvd-dns-server.c, I have to say that I'm generally disturbed by the logic.

Just looking at the logic, the obvious failure modes are:

1. If the configured DNS server doesn't support a given feature set, resolved will periodically expire the degradation, resulting in DNS breaking until we once again degrade down to a supported feature set.
2. If the link has the right pattern of packet loss, we are almost guaranteed to downgrade the feature sets at some point. It looks like item 1 is designed to help handle this case... But that really doesn't help as much as it should.
3. It sure looks like a domain with a misbehaving DNS server can get us to mark our local DNS server as not supporting a given feature set. After all, if we attempt to look something up, and the authoritative DNS server doesn't respond in a timely manner, then retries will also fail, and if there isn't any other DNS traffic during the retries, we will end up marking our DNS server as having problems.

That is, quite frankly, a nasty mixture of issues. I'm not sure how other resolvers such as unbound handle these cases, but someone should take a hard look at how this can be done better.

At a guess, it's probably safe to assume that the server isn't going to change to become less capable on us. Sure, in theory it could, but that should be an extremely rare event.

As such, remembering that we have successfully done X in the past should mean that we don't simply disable X when something doesn't work later on.

As an example, if we have previously gotten successful responses for DNSSEC queries, then there's a pretty solid chance that disabling DNSSEC later for reasons aside from packet size isn't going to do us any good.

Likewise, if we have been doing DNS over TCP successfully, and DNS over TCP starts timing out, disabling TCP is unlikely to help. On the other hand, if we start getting connection refused, then we shouldn't wait for multiple retries before disabling it.

And if we want to potentially reset our degraded state after some time, perhaps we should do something like remember why we downgraded, and use that to choose a query that should trigger the same failure to cause us to send the query twice, once with the current feature set, and once with the full feature set, and only reenable the full feature set if we now get a proper response for the test query.

I'm not saying that these would all be simple to implement, but this ticket has been open for over 4 years now. It might be worth trying some of them.

[Xuntar]

I'm experiencing this issue on a Proxmox machine atm on a new Fedora installation and I genuinely don't understand how there is no solution to this problem yet.
Admittedly, I'm not extremely experienced with Linux, but I've wasted literally dozens of hours on this already and I still don't understand what exactly is causing this. I do apologize for my frustration on this subject.

As extra information:
The Fedora (or Debian, same thing happens) is setup behind an OPNsense installation. Immediately after a reboot of OPNsense (or PFsense, same thing happens) the connection is restored. At least for a short while. Rebooting Fedora immediately breaks everything again. Pinging from outside to the VM works with no issues. A Windows VM on the same LAN works with no issues.

[peter-hank]

I moved from 192.168.0.X to 192.168.2.X

Lol.

It shouldn't make any difference, but it fixed the problem here as well.

Dynamic DHCP
Kernel 6.2.0-39-generic
Ubuntu 22.04
192.168.0.x network
dig google.com returns random communications error to
Wifi and eth the same behaviour
On Windows fine

The same with
192.168.20.x network
dig google.com totally ok

I have no idea what is exactly wrong, but it's worth trying if you have the same issue.

@robogeek thank you, just ~2h wasted instead of many more.

[xivanc]

my 2 cents for slow DNS on Ubuntu 22.04.3 LTS, I simply needed to install resolvconf:

sudo apt install resolvconf

that suddenly solved my issue, some details here https://askubuntu.com/a/1012648

[sagarkhushalani]

Can confirm that we saw this issue with systemd version 254, and private DNS server on Fedora 39 last night/this morning. Restarting systemd-resolved fixed it.

Some notes:

• We do not have a 0 TTL.
• /etc/resolv.conf only has two nameserver entries and a search list with 3 subdomains/domains
• /etc/systemd/resolved.conf does not have any active entries. All options under [Resolve] are commented out.

Saw this in the journal:

Feb 22 00:14:07 node-2 systemd-resolved[1832]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server <server IP>.
Feb 22 00:14:28 node-2 systemd-resolved[1832]: Using degraded feature set TCP instead of UDP for DNS server <server IP>.

[rpigott]

I don't see any debug log, or packet capture, or steps to reproduce in this thread.

[zelch]

@rpigott See my comment (#13432 (comment)) that goes into the logic issues.

To reproduce you need a network environment with a packet loss rate which is high enough to periodically drop DNS packets to/from the DNS server, but low enough that the connection is otherwise usable.

I suspect that iffy wifi connections account for a decent number of the reports, but it should be reasonably practical to setup an environment to simulate this.

https://stackoverflow.com/questions/614795/simulate-delayed-and-dropped-packets-on-linux has some halfway decent instructions on setting up a network interface to have a configurable percentage of packet loss and/or delayed packets.

Like most people who get enough of networking to be able to easily work on the problem, I have a wired connection with no packet loss to speak of between my system and the DNS server. So it's not a bug which I run into in my day to day, but it is one that I've seen in the wild with my spouse's laptop every now and then.

[rpigott]

Sorry, but your comment is wrong. sd-resolved remembers the features it observed the remote server reply to and doesn't downgrade past that for packet loss, only if replies are mangled (missing or malformed options etc). Anyway even if that behavior is broken, the claim in this report is that sd-resolved "stops working", which I understand to mean that no queries succeed at any feature level for an indefinite period of time. That isn't the result of intermittent packet loss. The log messages are innocuous or symptomatic of something else.

If you think there is an unresolved bug here, and you want to see progress, then please reproduce it, preferably on 255 or later, and provide a debug log. It shouldn't be difficult to obtain if you can reproduce. You can enable debug logging at runtime with systemctl service-log-level systemd-resolved debug or you can capture dns traffic with tcpdump -ni eth0 port domain -w dns.pcap. To share sd-resolved configuration, give the resolvectl status output.

And, please, describe whatever behavior you actually observe with more detail than "stops working".

[schildbach]

I've hit this issue as well. I'm fairly confident that the root cause in my case is slight packet loss on an (inevitable) powerline connection in my home LAN.

Thus, I'd like to configure systemd-resolved to always use TCP rather than UDP (note: not TLS, because my fritzbox DNS forwarder doesn't support it). However man resolved.conf doesn't seem to explain how to do this. Also, I haven't found how information on how to increase response timeouts and/or UDP retries. Can anyone help?

FWIW, I think the DNSSEC setting is entirely unrelated to this issue, it will suffer from the same problems when loosing UDP packets.

[NeonWizard]

I'm getting this issue on a single machine out of hundreds of other identical, healthy machines on the same network. Cable/port and other external connectivity issues have been tentatively ruled out. We believe it may be caused by OS corruption.