Skip to content

resolved: SERVFAIL instead of NXDOMAIN for single-label hostnames if LLMNR=no #19964

Description

@imc0

systemd version the issue has been seen with

248

Used distribution

Fedora 34

Linux kernel version used (uname -a)

5.12.5-300.fc34.x86_64

Expected behaviour you didn't see

When resolving a single-label hostname which doesn't exist, the result should be NXDOMAIN.

Unexpected behaviour you saw

The result was SERVFAIL.

Steps to reproduce the problem

  1. Set LLMNR=no in /etc/systemd/resolved.conf
$ dig -t A @127.0.0.53 host. | grep status
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 11860
$ dig -t AAAA @127.0.0.53 host. | grep status
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6262

In addition: if LLMNR=resolve but IPv6 is disabled on the system, the search for type A returns NXDOMAIN but the search for type AAAA returns SERVFAIL.

SERVFAIL generally means "try again later", but if resolved is configured not to use LLMNR then this situation is permanent. Since systemd-resolved's policy is not to use DNS to resolve single-label hostnames, the result should inform the client that the hostname truly doesn't exist.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions