TransWikia.com

Error in Ubuntu server: Server returned error NXDOMAIN

Super User Asked by wtrdk on October 7, 2020

I’m running an Ubuntu server (18.04.1) and since a couple of days I see these messages in the syslog:

systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.

At the time of those messages I’m not able to reach my server from the outside world, only from my internal lan.
It takes a couple of minutes and then the server is reachable again from its domain name.

Output of syslog:

11/5/18
1:51:02.000 PM  
Nov  5 13:51:02 server systemd-resolved[1059]: message repeated 12 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:50:59.000 PM  
Nov  5 13:50:59 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:50:39.000 PM  
Nov  5 13:50:39 server snapd[1255]: stateengine.go:102: state ensure error: Get https://api.snapcraft.io/api/v1/snaps/sections: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:44:20.000 PM  
Nov  5 13:44:20 server systemd-resolved[1059]: message repeated 5 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:44:20.000 PM  
Nov  5 13:44:20 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:15:24.000 PM  
Nov  5 13:15:24 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:15:24.000 PM  
Nov  5 13:15:24 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:07:27.000 PM  
Nov  5 13:07:27 server systemd-resolved[1059]: message repeated 5 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:07:27.000 PM  
Nov  5 13:07:27 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
12:49:57.000 PM 
Nov  5 12:49:57 server systemd-resolved[1059]: message repeated 12 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]

I couldn’t find a proper answer by Googling this error message.

Can anyone help me?

3 Answers

I also experience this. I suppressed the message by editing /etc/rsyslog.d/01-blocklist.conf and adding the following line:

:msg,contains,"DVE-2018-0001" ~

Answered by Carl-adam Berglund on October 7, 2020

This might be a bug in systemd-resolved and/or securelogin.arubanetworks.com DNS spoofing/captivity and/or both.

From packet capture it appears that DNS query with EDNS0 DO (DNSSEC OK) bit set to zero, is responded to with NXDOMAIN.

Originally this was reports on Ubuntu bug tracker at Bug #1727237 “systemd-resolved is not finding a domain” : Bugs : systemd package : Ubuntu

Do the following:

$ sudo rm /etc/resolv.conf
$ sudo ln -s /run/resolvconf/resolv.conf /etc/resolv.conf
$ sudo systemctl restart resolvconf

Refer to: Ubuntu 18.04 systemd-resolved error NXDOMAIN - Ask Ubuntu

Answered by SparkAndShine on October 7, 2020

It's how systemd works : If systemd-resolve tries to resolve a domain that doesn't resolve, it then logs that message, which can just be ignored. There may possibly be other error conditions for issuing this warning.

The NXDOMAIN error will occur when using a non-existent Internet or Intranet domain name. Its name means "Non eXistent Domain". If domain name is unable to be resolved using the DNS, the condition called the NXDOMAIN occurs. For example, calling nslookup with a non-existent name could return the error of Host whatever.com not found: 3(NXDOMAIN).

One case that could cause this problem is when a DNS record is updated on the main authoritative name-server and may take some time to propagate to the recursive DNS servers globally, and this occurs based on the DNS record's Time To Live (TTL).

Another case could be when the server you are trying to reach has gone offline.

In your case, I think the NXDOMAIN error is the symptom, but not the cause of your losing connectivity to the domain. The fact that this condition resolves itself in time, strengthens the theory that it's something to do with your DNS setup. Perhaps clearing the DNS cache on computer and browser might help.

You may observe this error in action on http://cachecheck.opendns.com when entering a non-existent domain name. This tool might help in analyzing the problem.

enter image description here

Answered by harrymc on October 7, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP