Error in Ubuntu server: Server returned error NXDOMAIN

2

I'm running an Ubuntu server (18.04.1) and since a couple of days I see these messages in the syslog:

systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.

At the time of those messages I'm not able to reach my server from the outside world, only from my internal lan. It takes a couple of minutes and then the server is reachable again from its domain name.

Output of syslog:

11/5/18
1:51:02.000 PM  
Nov  5 13:51:02 server systemd-resolved[1059]: message repeated 12 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:50:59.000 PM  
Nov  5 13:50:59 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:50:39.000 PM  
Nov  5 13:50:39 server snapd[1255]: stateengine.go:102: state ensure error: Get https://api.snapcraft.io/api/v1/snaps/sections: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:44:20.000 PM  
Nov  5 13:44:20 server systemd-resolved[1059]: message repeated 5 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:44:20.000 PM  
Nov  5 13:44:20 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:15:24.000 PM  
Nov  5 13:15:24 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:15:24.000 PM  
Nov  5 13:15:24 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:07:27.000 PM  
Nov  5 13:07:27 server systemd-resolved[1059]: message repeated 5 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:07:27.000 PM  
Nov  5 13:07:27 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
12:49:57.000 PM 
Nov  5 12:49:57 server systemd-resolved[1059]: message repeated 12 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]

I couldn't find a proper answer by Googling this error message.

Can anyone help me?

wtrdk

Posted 2018-11-04T11:19:48.480

Reputation: 21

For what it's worth, there is no such message in systemd either. You're looking at an Ubuntu-specific patch.

– user1686 – 2018-11-04T11:53:32.430

Answers

-2

It's how systemd works : If systemd-resolve tries to resolve a domain that doesn't resolve, it then logs that message, which can just be ignored. There may possibly be other error conditions for issuing this warning.

The NXDOMAIN error will occur when using a non-existent Internet or Intranet domain name. Its name means "Non eXistent Domain". If domain name is unable to be resolved using the DNS, the condition called the NXDOMAIN occurs. For example, calling nslookup with a non-existent name could return the error of Host whatever.com not found: 3(NXDOMAIN).

One case that could cause this problem is when a DNS record is updated on the main authoritative name-server and may take some time to propagate to the recursive DNS servers globally, and this occurs based on the DNS record's Time To Live (TTL).

Another case could be when the server you are trying to reach has gone offline.

In your case, I think the NXDOMAIN error is the symptom, but not the cause of your losing connectivity to the domain. The fact that this condition resolves itself in time, strengthens the theory that it's something to do with your DNS setup. Perhaps clearing the DNS cache on computer and browser might help.

You may observe this error in action on http://cachecheck.opendns.com when entering a non-existent domain name. This tool might help in analyzing the problem.

enter image description here

harrymc

Posted 2018-11-04T11:19:48.480

Reputation: 306 093

Downvoter - explain. – harrymc – 2018-11-04T19:04:24.343

I don't have OSSEC installed, and the strangest part is that the domain can't be reached from the outside world when this error occurs. – wtrdk – 2018-11-05T07:30:28.187

The cachecheck showed nog problems up until now, it resolves to the right IP address for all locations – wtrdk – 2018-11-05T13:05:01.800

How is the server connected to the outside world and how is its DNS published? You could also check availability with host-tracker.com.

– harrymc – 2018-11-05T14:21:11.890

Asked: 2018-11-04T11:19:48.480

Viewed: 5 283 times

Active: 2018-11-05T13:04:02.957