I'm running an Ubuntu server (18.04.1) and since a couple of days I see these messages in the syslog:
systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.At the time of those messages I'm not able to reach my server from the outside world, only from my internal lan. It takes a couple of minutes and then the server is reachable again from its domain name.
Output of syslog:
11/5/18
1:51:02.000 PM
Nov 5 13:51:02 server systemd-resolved[1059]: message repeated 12 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
host = server source = /var/log/syslog sourcetype = syslog
11/5/18
1:50:59.000 PM
Nov 5 13:50:59 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host = server source = /var/log/syslog sourcetype = syslog
11/5/18
1:50:39.000 PM
Nov 5 13:50:39 server snapd[1255]: stateengine.go:102: state ensure error: Get net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
host = server source = /var/log/syslog sourcetype = syslog
11/5/18
1:44:20.000 PM
Nov 5 13:44:20 server systemd-resolved[1059]: message repeated 5 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
host = server source = /var/log/syslog sourcetype = syslog
11/5/18
1:44:20.000 PM
Nov 5 13:44:20 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host = server source = /var/log/syslog sourcetype = syslog
11/5/18
1:15:24.000 PM
Nov 5 13:15:24 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host = server source = /var/log/syslog sourcetype = syslog
11/5/18
1:15:24.000 PM
Nov 5 13:15:24 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host = server source = /var/log/syslog sourcetype = syslog
11/5/18
1:07:27.000 PM
Nov 5 13:07:27 server systemd-resolved[1059]: message repeated 5 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
host = server source = /var/log/syslog sourcetype = syslog
11/5/18
1:07:27.000 PM
Nov 5 13:07:27 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host = server source = /var/log/syslog sourcetype = syslog
11/5/18
12:49:57.000 PM
Nov 5 12:49:57 server systemd-resolved[1059]: message repeated 12 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]I couldn't find a proper answer by Googling this error message.
Can anyone help me?
14 Answers
It's how systemd works : If systemd-resolve tries to resolve a domain that
doesn't resolve, it then logs that message, which can just be ignored.
There may possibly be other error conditions for issuing this warning.
The NXDOMAIN error will occur when using a non-existent Internet
or Intranet domain name. Its name means "Non eXistent Domain".
If domain name is unable to be resolved using
the DNS, the condition called the NXDOMAIN occurs. For example, callingnslookup with a non-existent name could return the error ofHost whatever.com not found: 3(NXDOMAIN).
One case that could cause this problem is when a DNS record is updated on the main authoritative name-server and may take some time to propagate to the recursive DNS servers globally, and this occurs based on the DNS record's Time To Live (TTL).
Another case could be when the server you are trying to reach has gone offline.
In your case, I think the NXDOMAIN error is the symptom, but not the cause of your losing connectivity to the domain. The fact that this condition resolves itself in time, strengthens the theory that it's something to do with your DNS setup. Perhaps clearing the DNS cache on computer and browser might help.
You may observe this error in action on when entering a non-existent domain name. This tool might help in analyzing the problem.
I have also faced the above issue, but I have found solutions and fixed
solutions:
sudo unlink /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
sudo systemctl restart systemd-resolved
sudo systemctl status systemd-resolved
0This might be a bug in systemd-resolved and/or securelogin.arubanetworks.com DNS spoofing/captivity and/or both.
From packet capture it appears that DNS query with EDNS0 DO (DNSSEC OK) bit set to zero, is responded to with NXDOMAIN.
Originally this was reports on Ubuntu bug tracker at Bug #1727237 “systemd-resolved is not finding a domain” : Bugs : systemd package : Ubuntu
Do the following:
$ sudo rm /etc/resolv.conf
$ sudo ln -s /run/resolvconf/resolv.conf /etc/resolv.conf
$ sudo systemctl restart resolvconfRefer to: Ubuntu 18.04 systemd-resolved error NXDOMAIN - Ask Ubuntu
I also experience this. I suppressed the message by editing /etc/rsyslog.d/01-blocklist.conf and adding the following line:
:msg,contains,"DVE-2018-0001" ~
