Error in Ubuntu server: Server returned error NXDOMAIN

Question

I'm running an Ubuntu server (18.04.1) and since a couple of days I see these messages in the syslog:

systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.

At the time of those messages I'm not able to reach my server from the outside world, only from my internal lan.
It takes a couple of minutes and then the server is reachable again from its domain name.

Output of syslog:

11/5/18
1:51:02.000 PM  
Nov  5 13:51:02 server systemd-resolved[1059]: message repeated 12 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:50:59.000 PM  
Nov  5 13:50:59 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:50:39.000 PM  
Nov  5 13:50:39 server snapd[1255]: stateengine.go:102: state ensure error: Get https://api.snapcraft.io/api/v1/snaps/sections: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:44:20.000 PM  
Nov  5 13:44:20 server systemd-resolved[1059]: message repeated 5 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:44:20.000 PM  
Nov  5 13:44:20 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:15:24.000 PM  
Nov  5 13:15:24 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:15:24.000 PM  
Nov  5 13:15:24 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:07:27.000 PM  
Nov  5 13:07:27 server systemd-resolved[1059]: message repeated 5 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
1:07:27.000 PM  
Nov  5 13:07:27 server systemd-resolved[1059]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
host =  server source = /var/log/syslog sourcetype =    syslog
11/5/18
12:49:57.000 PM 
Nov  5 12:49:57 server systemd-resolved[1059]: message repeated 12 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]

I couldn't find a proper answer by Googling this error message.

Can anyone help me?

Carl-adam Berglund · Answer

I also experience this. I suppressed the message by editing /etc/rsyslog.d/01-blocklist.conf and adding the following line:
:msg,contains,"DVE-2018-0001" ~

SparkAndShine · Answer

This might be a bug in systemd-resolved and/or securelogin.arubanetworks.com DNS spoofing/captivity and/or both.

From packet capture it appears that DNS query with EDNS0 DO (DNSSEC OK) bit set to zero, is responded to with NXDOMAIN.

Originally this was reports on Ubuntu bug tracker at Bug #1727237 “systemd-resolved is not finding a domain” : Bugs : systemd package : Ubuntu

Do the following:

$ sudo rm /etc/resolv.conf
$ sudo ln -s /run/resolvconf/resolv.conf /etc/resolv.conf
$ sudo systemctl restart resolvconf

Refer to: Ubuntu 18.04 systemd-resolved error NXDOMAIN - Ask Ubuntu

harrymc · Answer

It's how systemd works : If systemd-resolve tries to resolve a domain that
doesn't resolve, it then logs that message, which can just be ignored.
There may possibly be other error conditions for issuing this warning.

The NXDOMAIN error will occur when using a non-existent Internet
or Intranet domain name. Its name means "Non eXistent Domain".
If domain name is unable to be resolved using
the DNS, the condition called the NXDOMAIN occurs. For example, calling
nslookup with a non-existent name could return the error of
Host whatever.com not found: 3(NXDOMAIN).

One case that could cause this problem is when a DNS record is
updated on the main authoritative name-server
and may take some time to propagate to the recursive DNS servers
globally, and this occurs based on the DNS record's Time To Live (TTL).

Another case could be when the server you are trying to reach has
gone offline.

In your case, I think the NXDOMAIN error is the symptom,
but not the cause of your losing connectivity to the domain.
The fact that this condition resolves itself in time,
strengthens the theory that it's something to do with your
DNS setup. Perhaps clearing the DNS cache on computer and browser
might help.

You may observe this error in action on
http://cachecheck.opendns.com
when entering a non-existent domain name. This tool might
help in analyzing the problem.

Error in Ubuntu server: Server returned error NXDOMAIN

3 Answers

Add your own answers!

Ask a Question