I upgraded to Ubuntu 17.04 and it appears to now have a new DNS resolver mechanism first introduced in Ubuntu 16.10.
I am now getting DNS lookup failures 50% of the time. Every other call to nslookup is failing, with half the calls resolving fine and half giving this:
watch -n 1 nslookup google.com
Server: 127.0.0.53
Address: 127.0.0.53#53
** server can't find google.com: SERVFAIL
From what I understand, that DNS server IP address is now used to represent systemd-resolved, which does some kind of meta lookup to avoid slower DNS queries (or something…). I am seeing the exact same behavior on two machines I have upgraded to 17.04 in the past week.
Any idea what the problem is here, and the correct way to address it?
Things were working fine before the upgrade (from 16.04 or 16.10, I don't remember which, sorry). I THOUGHT 17.04 was a LTS release but now I see that I jumped the gun and it won't be considered stable until April. So… here I am.
Also of note… browsers don't seem to exhibit problems, but nslookup, ping, git, etc. do.
Update
In my particular case, my /etc/hosts file was a symlink (as I am a fanatic stow user). Systemd HATES this for some reason, and considers it a "permissions failure". Once I replaced the symlink with the actual file, systemd stopped malfunctioning.
Best Answer
Ubuntu 17.04 can not resolve DNS servers with DNSSEC support as of 2017-04-18. Disable DNSSEC with this daemon:
Optionally reconfigure resolvconf if you messed with it (say yes to "prepare /etc/resolve.conf for dynamic updates?"):
Restart systemd-resolved:
Your DNS should start working. You can check by trying
systemd-resolve www.google.comand seeing a response.