FS#67276 - systemd-resolved does not work if DNSOverTLS is enabled

Attached to Project: Arch Linux
Opened by Stephane Travostino (1player) - Tuesday, 14 July 2020, 12:25 GMT
Last edited by freswa (frederik) - Tuesday, 14 July 2020, 18:18 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

A working systemd-resolved configuration stops working when DNSOverTLS=yes is set and an appropriate DNS-over-TLS server is used. DNS resolution stops working and manual query fails with:

"resolve call failed: All attempts to contact name servers or networks failed"

I am currently trying to use NextDNS (which officially support systemd-resolved and its DNSOverTLS option)

Additional info:
* package version(s): 245.6-8

Steps to reproduce:
* Install and configure systemd-resolved for normal DNS resolution as described on https://wiki.archlinux.org/index.php/Systemd-resolved
* Confirm that `resolvectl status google.com` works as expected
* Enable DNS-over-TLS as described in https://wiki.archlinux.org/index.php/Systemd-resolved#DNS_over_TLS
* Restart the service
* Notice that `resolvectl status google.com` stops working

Doesn't seem to be an upstream bug, and the fact that we have instructions for enabling this feature in our Wiki that aren't working might point to a packaging (?) bug.
This task depends upon

Closed by  freswa (frederik)
Tuesday, 14 July 2020, 18:18 GMT
Reason for closing:  Not a bug
Additional comments about closing:  User error. DNS-over-TLS wasn't working because the option "Domains=~." wasn't enabled in /etc/systemd/resolved.conf
Comment by Dave Reisner (falconindy) - Tuesday, 14 July 2020, 14:17 GMT
You neglected to mention how you configured resolved and exactly what commands you ran. I understand you're following a wiki page, but specifics matter.

Loading...