systemd-resolved is timing out or takes forever to respond

[Arisa-Snowbell]

systemd version the issue has been seen with

251.5

Used distribution

Arch Linux as of 13.10.2022

Linux kernel version used

6.0.1-arch1-1

CPU architectures issue was seen on

x86_64

Component

resolvectl, systemd-resolved

Expected behaviour you didn't see

The DNS query to get resolved under second without timing out 99% of the time.

Unexpected behaviour you saw

The DNS query timeouts 9 out of 10 times and the 1 time it gets resolved takes like 20 seconds or more, resolvectl query timeouts after 2 minutes exactly. Tried with other tools like dig/dog to query DNS, and it works perfectly with the same DNS providers and even settings, like DNSOverTLS. If I specify DNS 127.0.0.53 for the dig/dog tool, it just never finishes.

Steps to reproduce the problem

I tried like 5 different DNS providers, all settings default, DNSSEC on off DNSOverTLS off on Cache off on all combination of all the settings literally and nothing helps. Always same behavior. I would try to downgrade SystemD but that would be just headache for me, i can't try that. Maybe it is some dependency problem? I have no idea

Additional program output to the terminal or log subsystem illustrating the issue

No response

[poettering]

note that resolved does not lsten on the DOT port for the stub, you cannot use DOT locally to speak to resolved (also, why would you, it's local anyway).

please turn on debug logging in resolved ("resolvectl log-level debug"), then reproduce the issue, and provide the logs this generates. It should tell you exactly what is going on.

Most likely your just have DNS servers configured that are not reachable/don't implement the selected DNS features.

[Arisa-Snowbell]

Today I ran updates again and restarted device and it seems to now work if the domain is existing if not then it does the same thing as yesterday, timing out, attaching log on querying non-existing domain. (Edit: After using it for longer period of time, it still happens on existing domains too but very rarely but I can't reproduce it properly, it's kinda random, i will try to get log of it too but it's kinda funky)

For the non-existing domains log, here:

systemd-resolved log

systemd-resolved[22051]: Freeing transaction 31871.
systemd-resolved[22051]: Freeing transaction 1492.
systemd-resolved[22051]: Freeing transaction 47688.
systemd-resolved[22051]: Freeing transaction 27376.
systemd-resolved[22051]: Freeing transaction 8402.
systemd-resolved[22051]: Freeing transaction 17132.
systemd-resolved[22051]: Sent message type=error sender=n/a destination=:1.1818 path=n/a interface=n/a member=n/a cookie=454 reply_cookie=2 signature=s error-name=org.freedesktop.resolve1.Aborted error-message=Query aborted
systemd-resolved[22051]: Got message type=error sender=org.freedesktop.DBus destination=:1.280 path=n/a interface=n/a member=n/a cookie=103 reply_cookie=454 signature=s error-name=org.freedesktop.DBus.Error.ServiceUnknown error-message=The name :1.1818 was not provided by any .service files
systemd-resolved[22051]: Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
systemd-resolved[22051]: Connection failure for DNS TCP stream: Connection timed out
systemd-resolved[22051]: Got message type=method_call sender=:1.1819 destination=org.freedesktop.resolve1 path=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager member=ResolveHostname cookie=2 reply_cookie=0 signature=isit error-name=n/a error-message=n/a
systemd-resolved[22051]: idn2_lookup_u8: dusssckduckgoo.com → dusssckduckgoo.com
systemd-resolved[22051]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetConnectionUnixProcessID cookie=455 reply_cookie=0 signature=s error-name=n/a error-message=n/a
systemd-resolved[22051]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.280 path=n/a interface=n/a member=n/a cookie=104 reply_cookie=455 signature=u error-name=n/a error-message=n/a
systemd-resolved[22051]: D-Bus hostname resolution request from client PID 239066 (n/a) with UID 4294967295
systemd-resolved[22051]: Looking up RR for dusssckduckgoo.com IN A.
systemd-resolved[22051]: Looking up RR for dusssckduckgoo.com IN AAAA.
systemd-resolved[22051]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch cookie=456 reply_cookie=0 signature=s error-name=n/a error-message=n/a
systemd-resolved[22051]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetNameOwner cookie=457 reply_cookie=0 signature=s error-name=n/a error-message=n/a
systemd-resolved[22051]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.280 path=n/a interface=n/a member=n/a cookie=106 reply_cookie=457 signature=s error-name=n/a error-message=n/a
systemd-resolved[22051]: Firing regular transaction 65455 for <dusssckduckgoo.com IN AAAA> scope dns on */* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 65455.
systemd-resolved[22051]: Using DNS server 149.112.112.112#dns.quad9.net for transaction 65455.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 65455.
systemd-resolved[22051]: Announcing packet size 1472 in egress EDNS(0) packet.
systemd-resolved[22051]: Firing regular transaction 62554 for <dusssckduckgoo.com IN A> scope dns on */* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 62554.
systemd-resolved[22051]: Using DNS server 149.112.112.112#dns.quad9.net for transaction 62554.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 62554.
systemd-resolved[22051]: Announcing packet size 1472 in egress EDNS(0) packet.
systemd-resolved[22051]: Firing regular transaction 1 for <dusssckduckgoo.com IN A> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Using DNS server 2620:fe::9 for transaction 1.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Firing regular transaction 40063 for <dusssckduckgoo.com IN AAAA> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Using DNS server 2620:fe::9 for transaction 40063.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.280 path=n/a interface=n/a member=n/a cookie=105 reply_cookie=456 signature=n/a error-name=n/a error-message=n/a
systemd-resolved[22051]: Match type='signal',sender='org.freedesktop.DBus',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',arg0=':1.1819' successfully installed.
systemd-resolved[22051]: Processing incoming packet of size 1138 on transaction 65455 (rcode=NXDOMAIN).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 65455 (com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Firing regular transaction 46009 for <com IN DNSKEY> scope dns on */* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 46009.
systemd-resolved[22051]: Using DNS server 149.112.112.112#dns.quad9.net for transaction 46009.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 46009.
systemd-resolved[22051]: Announcing packet size 1472 in egress EDNS(0) packet.
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 65455 (CK0POJMG874LJREF7EFN8430QVIT8BSM.com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 65455 (P4ESBMVJ6LS60IGFJ198TF1ELO7BGOFT.com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 65455 (3RL2Q58205687C8I9KC9MV46DGHCNS45.com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting SOA (→ dusssckduckgoo.com) to validate transaction 65455 (dusssckduckgoo.com, signed empty non-SOA/NS/DS response).
systemd-resolved[22051]: Firing regular transaction 16556 for <dusssckduckgoo.com IN SOA> scope dns on */* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 16556.
systemd-resolved[22051]: Using DNS server 149.112.112.112#dns.quad9.net for transaction 16556.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 16556.
systemd-resolved[22051]: Announcing packet size 1472 in egress EDNS(0) packet.
systemd-resolved[22051]: Processing incoming packet of size 1138 on transaction 62554 (rcode=NXDOMAIN).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 62554 (com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 62554 (CK0POJMG874LJREF7EFN8430QVIT8BSM.com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 62554 (P4ESBMVJ6LS60IGFJ198TF1ELO7BGOFT.com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 62554 (3RL2Q58205687C8I9KC9MV46DGHCNS45.com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting SOA (→ dusssckduckgoo.com) to validate transaction 62554 (dusssckduckgoo.com, signed empty non-SOA/NS/DS response).
systemd-resolved[22051]: Processing incoming packet of size 957 on transaction 46009 (rcode=SUCCESS).
systemd-resolved[22051]: Requesting DS to validate transaction 46009 (com, DNSKEY with key tag: 30909).
systemd-resolved[22051]: Firing regular transaction 36268 for <com IN DS> scope dns on */* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 36268.
systemd-resolved[22051]: Using DNS server 149.112.112.112#dns.quad9.net for transaction 36268.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 36268.
systemd-resolved[22051]: Announcing packet size 1472 in egress EDNS(0) packet.
systemd-resolved[22051]: Requesting DS to validate transaction 46009 (com, DNSKEY with key tag: 32298).
systemd-resolved[22051]: Requesting DS to validate transaction 46009 (com, DNSKEY with key tag: 53929).
systemd-resolved[22051]: Processing incoming packet of size 1138 on transaction 16556 (rcode=NXDOMAIN).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 16556 (com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 16556 (CK0POJMG874LJREF7EFN8430QVIT8BSM.com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 16556 (P4ESBMVJ6LS60IGFJ198TF1ELO7BGOFT.com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 16556 (3RL2Q58205687C8I9KC9MV46DGHCNS45.com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting DS (→ dusssckduckgoo.com) to validate transaction 16556 (dusssckduckgoo.com, signed empty SOA/NS response).
systemd-resolved[22051]: Firing regular transaction 29667 for <dusssckduckgoo.com IN DS> scope dns on */* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 29667.
systemd-resolved[22051]: Using DNS server 149.112.112.112#dns.quad9.net for transaction 29667.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 29667.
systemd-resolved[22051]: Announcing packet size 1472 in egress EDNS(0) packet.
systemd-resolved[22051]: Processing incoming packet of size 367 on transaction 36268 (rcode=SUCCESS).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 36268 (com, RRSIG with key tag: 18733).
systemd-resolved[22051]: Firing regular transaction 55197 for <. IN DNSKEY> scope dns on */* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 55197.
systemd-resolved[22051]: Using DNS server 149.112.112.112#dns.quad9.net for transaction 55197.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 55197.
systemd-resolved[22051]: Announcing packet size 1472 in egress EDNS(0) packet.
systemd-resolved[22051]: Processing incoming packet of size 1138 on transaction 29667 (rcode=NXDOMAIN).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 29667 (com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 29667 (CK0POJMG874LJREF7EFN8430QVIT8BSM.com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 29667 (P4ESBMVJ6LS60IGFJ198TF1ELO7BGOFT.com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 29667 (3RL2Q58205687C8I9KC9MV46DGHCNS45.com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Requesting parent SOA (→ com) to validate transaction 29667 (dusssckduckgoo.com, signed empty DS response).
systemd-resolved[22051]: Firing regular transaction 60059 for <com IN SOA> scope dns on */* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 60059.
systemd-resolved[22051]: Using DNS server 149.112.112.112#dns.quad9.net for transaction 60059.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 60059.
systemd-resolved[22051]: Announcing packet size 1472 in egress EDNS(0) packet.
systemd-resolved[22051]: Processing incoming packet of size 864 on transaction 55197 (rcode=SUCCESS).
systemd-resolved[22051]: Requesting DS to validate transaction 55197 (., DNSKEY with key tag: 20326).
systemd-resolved[22051]: Requesting DS to validate transaction 55197 (., DNSKEY with key tag: 18733).
systemd-resolved[22051]: Validating response from transaction 55197 (. IN DNSKEY).
systemd-resolved[22051]: Looking at . IN DNSKEY 257 3 RSASHA256 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbz
systemd-resolved[22051]:                             xeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlN
systemd-resolved[22051]:                             Vz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3E
systemd-resolved[22051]:                             gVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+
systemd-resolved[22051]:                             sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXx
systemd-resolved[22051]:                             uOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555
systemd-resolved[22051]:                             KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
systemd-resolved[22051]:         -- Flags: SEP ZONE_KEY
systemd-resolved[22051]:         -- Key tag: 20326: validated
systemd-resolved[22051]: Found verdict for lookup . IN DNSKEY: secure
systemd-resolved[22051]: Added positive authenticated confidential cache entry for . IN DNSKEY 3657s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Added positive authenticated confidential cache entry for . IN DNSKEY 3657s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Regular transaction 55197 for <. IN DNSKEY> on scope dns on */* now complete with <success> from network (authenticated; confidential).
systemd-resolved[22051]: Validating response from transaction 36268 (com IN DS).
systemd-resolved[22051]: Looking at com IN DS 30909 8 2 e2d3c916f6deeac73294e8268fb5885044a833fc5459588f4a9184cfc41a5766: validated
systemd-resolved[22051]: Found verdict for lookup com IN DS: secure
systemd-resolved[22051]: Added positive authenticated confidential cache entry for com IN DS 7200s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Regular transaction 36268 for <com IN DS> on scope dns on */* now complete with <success> from network (authenticated; confidential).
systemd-resolved[22051]: Validating response from transaction 46009 (com IN DNSKEY).
systemd-resolved[22051]: Looking at com IN DNSKEY 257 3 RSASHA256 AQPDzldNmMvZFX4NcNJ0uEnKDg7tmv/F3MyQR0lpBmVcNcsIsz
systemd-resolved[22051]:                               xNFxsBfKNW9JYCYqpik8366LE7VbIcNRzfp2h9OO8HRl+H+E08
systemd-resolved[22051]:                               zauK8k7evWEmu/6od+2boggPoiEfGNyvNPaSI7FOIroDsnw/ta
systemd-resolved[22051]:                               ggzHRX1Z7SOiOiPWPNIwSUyWOZ79VmcQ1GLkC6NlYvG3HwYmyn
systemd-resolved[22051]:                               Qv6oFwGv/KELSw7ZSdrbTQ0HXvZbqMUI7BaMskmvgm1G7oKZ1Y
systemd-resolved[22051]:                               iF7O9ioVNc0+7ASbqmZN7Z98EGU/Qh2K/BgUe8Hs0XVcdPKrty
systemd-resolved[22051]:                               YnoQHd2ynKPcMMlTEih2/2HDHjRPJ2aywIpKNnv4oPo/
systemd-resolved[22051]:         -- Flags: SEP ZONE_KEY
systemd-resolved[22051]:         -- Key tag: 30909: validated
systemd-resolved[22051]: Found verdict for lookup com IN DNSKEY: secure
systemd-resolved[22051]: Added positive authenticated confidential cache entry for com IN DNSKEY 7200s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Added positive authenticated confidential cache entry for com IN DNSKEY 7200s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Added positive authenticated confidential cache entry for com IN DNSKEY 7200s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Regular transaction 46009 for <com IN DNSKEY> on scope dns on */* now complete with <success> from network (authenticated; confidential).
systemd-resolved[22051]: Processing incoming packet of size 300 on transaction 60059 (rcode=SUCCESS).
systemd-resolved[22051]: Requesting DNSKEY to validate transaction 60059 (com, RRSIG with key tag: 32298).
systemd-resolved[22051]: Validating response from transaction 60059 (com IN SOA).
systemd-resolved[22051]: Looking at com IN SOA a.gtld-servers.net nstld.verisign-grs.com 1665787087 1800 900 604800 86400: validated
systemd-resolved[22051]: Found verdict for lookup com IN SOA: secure
systemd-resolved[22051]: Added positive authenticated confidential cache entry for com IN SOA 857s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Regular transaction 60059 for <com IN SOA> on scope dns on */* now complete with <success> from network (authenticated; confidential).
systemd-resolved[22051]: Validating response from transaction 29667 (dusssckduckgoo.com IN DS).
systemd-resolved[22051]: Looking at CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 ( NS SOA RRSIG DNSKEY NSEC3PARAM ): validated
systemd-resolved[22051]: Found verdict for lookup CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3: secure
systemd-resolved[22051]: Looking at P4ESBMVJ6LS60IGFJ198TF1ELO7BGOFT.com IN NSEC3 1 1 0 - P4ESTLTLF4VOFG1BD6F57TQTE7RK63KL ( NS DS RRSIG ): validated
systemd-resolved[22051]: Found verdict for lookup P4ESBMVJ6LS60IGFJ198TF1ELO7BGOFT.com IN NSEC3: secure
systemd-resolved[22051]: Looking at 3RL2Q58205687C8I9KC9MV46DGHCNS45.com IN NSEC3 1 1 0 - 3RL2TS3JPR30HG1REVC1VL876B3RTVMT ( NS DS RRSIG ): validated
systemd-resolved[22051]: Found verdict for lookup 3RL2Q58205687C8I9KC9MV46DGHCNS45.com IN NSEC3: secure
systemd-resolved[22051]: Looking at com IN SOA a.gtld-servers.net nstld.verisign-grs.com 1665787067 1800 900 604800 86400: validated
systemd-resolved[22051]: Found verdict for lookup com IN SOA: secure
systemd-resolved[22051]: Data is NSEC3 opt-out via NSEC/NSEC3 for transaction 29667 (dusssckduckgoo.com IN DS)
systemd-resolved[22051]: Found verdict for lookup dusssckduckgoo.com IN DS: insecure
systemd-resolved[22051]: Added positive authenticated confidential cache entry for CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3 3809s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Added positive authenticated confidential cache entry for com IN SOA 857s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Added NXDOMAIN cache entry for dusssckduckgoo.com IN ANY 857s
systemd-resolved[22051]: Regular transaction 29667 for <dusssckduckgoo.com IN DS> on scope dns on */* now complete with <rcode-failure> from network (unsigned; confidential).
systemd-resolved[22051]: Validating response from transaction 16556 (dusssckduckgoo.com IN SOA).
systemd-resolved[22051]: Looking at CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 ( NS SOA RRSIG DNSKEY NSEC3PARAM ): validated
systemd-resolved[22051]: Found verdict for lookup CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3: secure
systemd-resolved[22051]: Looking at P4ESBMVJ6LS60IGFJ198TF1ELO7BGOFT.com IN NSEC3 1 1 0 - P4ESTLTLF4VOFG1BD6F57TQTE7RK63KL ( NS DS RRSIG ): validated
systemd-resolved[22051]: Found verdict for lookup P4ESBMVJ6LS60IGFJ198TF1ELO7BGOFT.com IN NSEC3: secure
systemd-resolved[22051]: Looking at 3RL2Q58205687C8I9KC9MV46DGHCNS45.com IN NSEC3 1 1 0 - 3RL2TS3JPR30HG1REVC1VL876B3RTVMT ( NS DS RRSIG ): validated
systemd-resolved[22051]: Found verdict for lookup 3RL2Q58205687C8I9KC9MV46DGHCNS45.com IN NSEC3: secure
systemd-resolved[22051]: Looking at com IN SOA a.gtld-servers.net nstld.verisign-grs.com 1665787087 1800 900 604800 86400: validated
systemd-resolved[22051]: Found verdict for lookup com IN SOA: secure
systemd-resolved[22051]: Data is NSEC3 opt-out via NSEC/NSEC3 for transaction 16556 (dusssckduckgoo.com IN SOA)
systemd-resolved[22051]: Found verdict for lookup dusssckduckgoo.com IN SOA: insecure
systemd-resolved[22051]: Added positive authenticated confidential cache entry for CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3 7200s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Added positive authenticated confidential cache entry for com IN SOA 857s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Regular transaction 16556 for <dusssckduckgoo.com IN SOA> on scope dns on */* now complete with <rcode-failure> from network (unsigned; confidential).
systemd-resolved[22051]: Validating response from transaction 65455 (dusssckduckgoo.com IN AAAA).
systemd-resolved[22051]: Looking at CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 ( NS SOA RRSIG DNSKEY NSEC3PARAM ): validated
systemd-resolved[22051]: Found verdict for lookup CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3: secure
systemd-resolved[22051]: Looking at P4ESBMVJ6LS60IGFJ198TF1ELO7BGOFT.com IN NSEC3 1 1 0 - P4ESTLTLF4VOFG1BD6F57TQTE7RK63KL ( NS DS RRSIG ): validated
systemd-resolved[22051]: Found verdict for lookup P4ESBMVJ6LS60IGFJ198TF1ELO7BGOFT.com IN NSEC3: secure
systemd-resolved[22051]: Looking at 3RL2Q58205687C8I9KC9MV46DGHCNS45.com IN NSEC3 1 1 0 - 3RL2TS3JPR30HG1REVC1VL876B3RTVMT ( NS DS RRSIG ): validated
systemd-resolved[22051]: Found verdict for lookup 3RL2Q58205687C8I9KC9MV46DGHCNS45.com IN NSEC3: secure
systemd-resolved[22051]: Looking at com IN SOA a.gtld-servers.net nstld.verisign-grs.com 1665787067 1800 900 604800 86400: validated
systemd-resolved[22051]: Found verdict for lookup com IN SOA: secure
systemd-resolved[22051]: Data is NSEC3 opt-out via NSEC/NSEC3 for transaction 65455 (dusssckduckgoo.com IN AAAA)
systemd-resolved[22051]: Found verdict for lookup dusssckduckgoo.com IN AAAA: insecure
systemd-resolved[22051]: Added positive authenticated confidential cache entry for CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3 7200s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Added positive authenticated confidential cache entry for com IN SOA 857s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Added NXDOMAIN cache entry for dusssckduckgoo.com IN ANY 857s
systemd-resolved[22051]: Regular transaction 65455 for <dusssckduckgoo.com IN AAAA> on scope dns on */* now complete with <rcode-failure> from network (unsigned; confidential).
systemd-resolved[22051]: Validating response from transaction 62554 (dusssckduckgoo.com IN A).
systemd-resolved[22051]: Looking at CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 ( NS SOA RRSIG DNSKEY NSEC3PARAM ): validated
systemd-resolved[22051]: Found verdict for lookup CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3: secure
systemd-resolved[22051]: Looking at P4ESBMVJ6LS60IGFJ198TF1ELO7BGOFT.com IN NSEC3 1 1 0 - P4ESTLTLF4VOFG1BD6F57TQTE7RK63KL ( NS DS RRSIG ): validated
systemd-resolved[22051]: Found verdict for lookup P4ESBMVJ6LS60IGFJ198TF1ELO7BGOFT.com IN NSEC3: secure
systemd-resolved[22051]: Looking at 3RL2Q58205687C8I9KC9MV46DGHCNS45.com IN NSEC3 1 1 0 - 3RL2TS3JPR30HG1REVC1VL876B3RTVMT ( NS DS RRSIG ): validated
systemd-resolved[22051]: Found verdict for lookup 3RL2Q58205687C8I9KC9MV46DGHCNS45.com IN NSEC3: secure
systemd-resolved[22051]: Looking at com IN SOA a.gtld-servers.net nstld.verisign-grs.com 1665787067 1800 900 604800 86400: validated
systemd-resolved[22051]: Found verdict for lookup com IN SOA: secure
systemd-resolved[22051]: Data is NSEC3 opt-out via NSEC/NSEC3 for transaction 62554 (dusssckduckgoo.com IN A)
systemd-resolved[22051]: Found verdict for lookup dusssckduckgoo.com IN A: insecure
systemd-resolved[22051]: Added positive authenticated confidential cache entry for CK0POJMG874LJREF7EFN8430QVIT8BSM.com IN NSEC3 5723s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Added positive authenticated confidential cache entry for com IN SOA 857s on wlan0/INET/149.112.112.112
systemd-resolved[22051]: Added NXDOMAIN cache entry for dusssckduckgoo.com IN ANY 857s
systemd-resolved[22051]: Regular transaction 62554 for <dusssckduckgoo.com IN A> on scope dns on */* now complete with <rcode-failure> from network (unsigned; confidential).
systemd-resolved[22051]: Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
systemd-resolved[22051]: Connection failure for DNS TCP stream: Connection timed out
systemd-resolved[22051]: Retrying transaction 40063, after switching servers.
systemd-resolved[22051]: wlan0: Switching to DNS server 2620:fe::fe.
systemd-resolved[22051]: Firing regular transaction 40063 for <dusssckduckgoo.com IN AAAA> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Using DNS server 2620:fe::fe for transaction 40063.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Retrying transaction 1, after switching servers.
systemd-resolved[22051]: Firing regular transaction 1 for <dusssckduckgoo.com IN A> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Using DNS server 2620:fe::fe for transaction 1.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Connection failure for DNS TCP stream: Connection timed out
systemd-resolved[22051]: Timeout reached on transaction 40063.
systemd-resolved[22051]: Retrying transaction 40063, after switching servers.
systemd-resolved[22051]: wlan0: Switching to DNS server 2620:fe::9.
systemd-resolved[22051]: Firing regular transaction 40063 for <dusssckduckgoo.com IN AAAA> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Using DNS server 2620:fe::9 for transaction 40063.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
systemd-resolved[22051]: Connection failure for DNS TCP stream: Connection timed out
systemd-resolved[22051]: Retrying transaction 1, after switching servers.
systemd-resolved[22051]: Firing regular transaction 1 for <dusssckduckgoo.com IN A> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Using DNS server 2620:fe::9 for transaction 1.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Timeout reached on transaction 40063.
systemd-resolved[22051]: Retrying transaction 40063, after switching servers.
systemd-resolved[22051]: wlan0: Switching to DNS server 2620:fe::fe.
systemd-resolved[22051]: Firing regular transaction 40063 for <dusssckduckgoo.com IN AAAA> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Using DNS server 2620:fe::fe for transaction 40063.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Timeout reached on transaction 1.
systemd-resolved[22051]: Retrying transaction 1, after switching servers.
systemd-resolved[22051]: Firing regular transaction 1 for <dusssckduckgoo.com IN A> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Using DNS server 2620:fe::fe for transaction 1.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
systemd-resolved[22051]: Connection failure for DNS TCP stream: Connection timed out
systemd-resolved[22051]: Timeout reached on transaction 40063.
systemd-resolved[22051]: Retrying transaction 40063, after switching servers.
systemd-resolved[22051]: wlan0: Switching to DNS server 2620:fe::9.
systemd-resolved[22051]: Firing regular transaction 40063 for <dusssckduckgoo.com IN AAAA> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Using DNS server 2620:fe::9 for transaction 40063.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Timeout reached on transaction 1.
systemd-resolved[22051]: Retrying transaction 1, after switching servers.
systemd-resolved[22051]: Firing regular transaction 1 for <dusssckduckgoo.com IN A> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Using DNS server 2620:fe::9 for transaction 1.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
systemd-resolved[22051]: Connection failure for DNS TCP stream: Connection timed out
systemd-resolved[22051]: Received mdns UDP packet of size 46, ifindex=2, ttl=1, fragsize=0, sender=10.0.1.1, destination=224.0.0.251
systemd-resolved[22051]: Got mDNS query packet for id 43078
systemd-resolved[22051]: Timeout reached on transaction 40063.
systemd-resolved[22051]: Retrying transaction 40063, after switching servers.
systemd-resolved[22051]: wlan0: Switching to DNS server 2620:fe::fe.
systemd-resolved[22051]: Firing regular transaction 40063 for <dusssckduckgoo.com IN AAAA> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Using DNS server 2620:fe::fe for transaction 40063.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Timeout reached on transaction 1.
systemd-resolved[22051]: Retrying transaction 1, after switching servers.
systemd-resolved[22051]: Firing regular transaction 1 for <dusssckduckgoo.com IN A> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Using DNS server 2620:fe::fe for transaction 1.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
systemd-resolved[22051]: Connection failure for DNS TCP stream: Connection timed out
systemd-resolved[22051]: Timeout reached on transaction 40063.
systemd-resolved[22051]: Retrying transaction 40063, after switching servers.
systemd-resolved[22051]: wlan0: Switching to DNS server 2620:fe::9.
systemd-resolved[22051]: Firing regular transaction 40063 for <dusssckduckgoo.com IN AAAA> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Using DNS server 2620:fe::9 for transaction 40063.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Timeout reached on transaction 1.
systemd-resolved[22051]: Retrying transaction 1, after switching servers.
systemd-resolved[22051]: Firing regular transaction 1 for <dusssckduckgoo.com IN A> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Using DNS server 2620:fe::9 for transaction 1.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
systemd-resolved[22051]: Connection failure for DNS TCP stream: Connection timed out
systemd-resolved[22051]: Received mdns UDP packet of size 40, ifindex=2, ttl=255, fragsize=0, sender=10.0.1.94, destination=224.0.0.251
systemd-resolved[22051]: Got mDNS query packet for id 0
systemd-resolved[22051]: Received mdns UDP packet of size 82, ifindex=2, ttl=255, fragsize=0, sender=10.0.1.94, destination=224.0.0.251
systemd-resolved[22051]: Got mDNS query packet for id 0
systemd-resolved[22051]: Received mdns UDP packet of size 338, ifindex=2, ttl=255, fragsize=0, sender=10.0.1.94, destination=224.0.0.251
systemd-resolved[22051]: Got mDNS reply packet
systemd-resolved[22051]: Checking for conflicts...
systemd-resolved[22051]: Received mdns UDP packet of size 149, ifindex=2, ttl=255, fragsize=0, sender=10.0.1.94, destination=224.0.0.251
systemd-resolved[22051]: Got mDNS reply packet
systemd-resolved[22051]: Checking for conflicts...
systemd-resolved[22051]: Added positive unauthenticated non-confidential cache entry for KSTB6077-4a75fbeee9ad5de90cfc595dacfbd6ff._googlecast._tcp.local IN SRV 120s on wlan0/INET/10.0.1.94
systemd-resolved[22051]: Timeout reached on transaction 40063.
systemd-resolved[22051]: Retrying transaction 40063, after switching servers.
systemd-resolved[22051]: wlan0: Switching to DNS server 2620:fe::fe.
systemd-resolved[22051]: Firing regular transaction 40063 for <dusssckduckgoo.com IN AAAA> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Using DNS server 2620:fe::fe for transaction 40063.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Timeout reached on transaction 1.
systemd-resolved[22051]: Retrying transaction 1, after switching servers.
systemd-resolved[22051]: Firing regular transaction 1 for <dusssckduckgoo.com IN A> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Using DNS server 2620:fe::fe for transaction 1.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
systemd-resolved[22051]: Connection failure for DNS TCP stream: Connection timed out
systemd-resolved[22051]: Timeout reached on transaction 40063.
systemd-resolved[22051]: Retrying transaction 40063, after switching servers.
systemd-resolved[22051]: wlan0: Switching to DNS server 2620:fe::9.
systemd-resolved[22051]: Firing regular transaction 40063 for <dusssckduckgoo.com IN AAAA> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Using DNS server 2620:fe::9 for transaction 40063.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Timeout reached on transaction 1.
systemd-resolved[22051]: Retrying transaction 1, after switching servers.
systemd-resolved[22051]: Firing regular transaction 1 for <dusssckduckgoo.com IN A> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Using DNS server 2620:fe::9 for transaction 1.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
systemd-resolved[22051]: Connection failure for DNS TCP stream: Connection timed out
systemd-resolved[22051]: Timeout reached on transaction 40063.
systemd-resolved[22051]: Retrying transaction 40063, after switching servers.
systemd-resolved[22051]: wlan0: Switching to DNS server 2620:fe::fe.
systemd-resolved[22051]: Firing regular transaction 40063 for <dusssckduckgoo.com IN AAAA> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Using DNS server 2620:fe::fe for transaction 40063.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Timeout reached on transaction 1.
systemd-resolved[22051]: Retrying transaction 1, after switching servers.
systemd-resolved[22051]: Firing regular transaction 1 for <dusssckduckgoo.com IN A> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Using DNS server 2620:fe::fe for transaction 1.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
systemd-resolved[22051]: Connection failure for DNS TCP stream: Connection timed out
systemd-resolved[22051]: Timeout reached on transaction 40063.
systemd-resolved[22051]: Retrying transaction 40063, after switching servers.
systemd-resolved[22051]: wlan0: Switching to DNS server 2620:fe::9.
systemd-resolved[22051]: Firing regular transaction 40063 for <dusssckduckgoo.com IN AAAA> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Using DNS server 2620:fe::9 for transaction 40063.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Timeout reached on transaction 1.
systemd-resolved[22051]: Retrying transaction 1, after switching servers.
systemd-resolved[22051]: Firing regular transaction 1 for <dusssckduckgoo.com IN A> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Using DNS server 2620:fe::9 for transaction 1.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
systemd-resolved[22051]: Connection failure for DNS TCP stream: Connection timed out
systemd-resolved[22051]: Timeout reached on transaction 40063.
systemd-resolved[22051]: Retrying transaction 40063, after switching servers.
systemd-resolved[22051]: wlan0: Switching to DNS server 2620:fe::fe.
systemd-resolved[22051]: Firing regular transaction 40063 for <dusssckduckgoo.com IN AAAA> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Using DNS server 2620:fe::fe for transaction 40063.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 40063.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Timeout reached on transaction 1.
systemd-resolved[22051]: Retrying transaction 1, after switching servers.
systemd-resolved[22051]: Firing regular transaction 1 for <dusssckduckgoo.com IN A> scope dns on wlan0/* (validate=yes).
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Using DNS server 2620:fe::fe for transaction 1.
systemd-resolved[22051]: Sending query via TCP since UDP isn't supported or DNS-over-TLS is selected.
systemd-resolved[22051]: Using feature level TLS+EDNS0+D0 for transaction 1.
systemd-resolved[22051]: Announcing packet size 1452 in egress EDNS(0) packet.
systemd-resolved[22051]: Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
systemd-resolved[22051]: Connection failure for DNS TCP stream: Connection timed out
systemd-resolved[22051]: Got message type=signal sender=org.freedesktop.DBus destination=n/a path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameOwnerChanged cookie=107 reply_cookie=0 signature=sss error-name=n/a error-message=n/a
systemd-resolved[22051]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RemoveMatch cookie=458 reply_cookie=0 signature=s error-name=n/a error-message=n/a
systemd-resolved[22051]: Freeing transaction 65455.
systemd-resolved[22051]: Freeing transaction 62554.
systemd-resolved[22051]: Freeing transaction 16556.
systemd-resolved[22051]: Freeing transaction 29667.
systemd-resolved[22051]: Freeing transaction 60059.
systemd-resolved[22051]: Freeing transaction 46009.
systemd-resolved[22051]: Freeing transaction 36268.
systemd-resolved[22051]: Freeing transaction 55197.
systemd-resolved[22051]: Freeing transaction 1.
systemd-resolved[22051]: Freeing transaction 40063.
systemd-resolved[22051]: Sent message type=error sender=n/a destination=:1.1819 path=n/a interface=n/a member=n/a cookie=459 reply_cookie=2 signature=s error-name=org.freedesktop.DBus.Error.Timeout error-message=Query timed out
systemd-resolved[22051]: Got message type=error sender=org.freedesktop.DBus destination=:1.280 path=n/a interface=n/a member=n/a cookie=108 reply_cookie=459 signature=s error-name=org.freedesktop.DBus.Error.ServiceUnknown error-message=The name :1.1819 was not provided by any .service files

So, when i caught it on existing domain I had other things running, personal things and it's in the log but basically everything went okay and then boom, this
In the log above is it sucesfully

Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
Connection failure for DNS TCP stream: Connection timed out
Connection failure for DNS TCP stream: Connection reset by peer
Retrying transaction 41929, after switching servers.
Switching to system DNS server 2620:fe::fe#dns.quad9.net.

Connection failure for DNS TCP stream: Connection reset by peer
Retrying transaction 41929, after switching servers.
Switching to system DNS server 149.112.112.112#dns.quad9.net.

Timeout reached on transaction 32625.
Retrying transaction 32625, after switching servers.
wlan0: Switching to DNS server 2620:fe::9.

Basically, it tries to fire transaction for the domain then the SSL_shutdown appears and says "Switching server", it basically changes to alternative IP for the DNS and that resolves but it's very slow in that case and sometimes it doesn't and timeouts.
It does the switching server extrmely often, Quad9, Cloudflare, doesn't matter.
I have feeling it's happening only when multiple queries are running at the same time for the existing domains.

For the last sentence: Nah, dog/dig tool worked perfectly with the same DNS providers also why would it be only 9 times out of 10 with resolved and i tried to disable all the extra features when testing it previously and tried 5 different DNS providers.

Another edit: today it's again horrible, almost no queries finish sucesfully, even when DNSOverTLS is disabled the SSL_shutdown still there

[Arisa-Snowbell]

I updated and rebooted today, and it doesn't happen anymore, the SSL_shutdown doesn't show anymore and works as expected, no timeouts or such, it's fast it was, but I do still get some errors in the debug log of systemd-resolved.

As such:

Received unexpected TCP reply packet with id 25034, ignoring.
Received unexpected TCP reply packet with id 53688, ignoring.
Received unexpected TCP reply packet with id 48350, ignoring.
Connection failure for DNS TCP stream: Connection timed out
Connection failure for DNS TCP stream: Connection timed out

Which seems really weird too as my understanding of it goes.
Seems like mismatch or something, but these errors don't reflect on the speed or stability of resolved.

[Arisa-Snowbell]

After yesterday's update of glibc and so on it's happening again

Failed to invoke SSL_shutdown, ignoring: error:00000001:lib(0):func(0):reason(1)
Connection failure for DNS TCP stream: Connection timed out
Connection failure for DNS TCP stream: Connection timed out

[Arisa-Snowbell]

#25585 seems related

I feel like it happens after every Glibc and OpenSSL update, does SystemD needs to be recompiled each time even though the ABI of the libs it depends on didn't change? I am really confused by this

can anyone look at this? it completely criples the functionality of resolved

[itsthejb]

EDIT: this proved to be caused by the local dns stub resolver getting overloaded

Seeing similar issues here. For example, I can do:

» host google.com
google.com has address 142.250.200.46
google.com has IPv6 address 2a00:1450:4009:820::200e
google.com mail is handled by 10 smtp.google.com.
» host google.com
google.com has address 142.250.200.46
google.com has IPv6 address 2a00:1450:4009:820::200e
google.com mail is handled by 10 smtp.google.com.
» host google.com
google.com has address 142.250.200.46
google.com has IPv6 address 2a00:1450:4009:820::200e
google.com mail is handled by 10 smtp.google.com.
» host google.com
google.com has address 142.250.200.46
google.com has IPv6 address 2a00:1450:4009:820::200e
google.com mail is handled by 10 smtp.google.com.
» host google.com
google.com has address 142.250.200.46
google.com has IPv6 address 2a00:1450:4009:820::200e
google.com mail is handled by 10 smtp.google.com.
» host google.com
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; no servers could be reached

Debug log attached:

log.txt

Edit: In my case, it may be caused by mDNS (#14735)

[kalebo]

If it's useful for anyone else in my case the timeouts were because a machine with a public ip had set DNSStubListenerExtra=0.0.0.0 and some attackers had discovered it and were sending a massive amount of TXT queries to it, probably as part of an attempted DNS amplification attack.

[YellowOnion]

I honestly don't understand why we even need "revolved", it's slower and buggier than dnsmasq on a potato router with 128MB of RAM, what ever happened to KISS? what value does it add when it can't get a DNS record in under 200ms from a router 0.4ms away?