New alert keeps showing up: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001
I just installed a new Ubuntu Server 18.04. I set my hostname hostnamectl set-hostname ****.openbayou.biz
and I set /etc/hosts
:
127.0.0.1 localhost
[ip address] ****.openbayou.biz hostname
# The following lines are desirable for IPv6 capable hosts
[ip6 address] *****.openbayou.biz hostname
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
I also installed OSSEC to monitor for new files, errors and changes to my server and I'm now getting these alerts:
Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-
0001, retrying transaction with reduced feature level UDP.`
It's now repeating itself:
systemd-resolved[3195]: message repeated 4 times: [ Server returned error
NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction
with reduced feature level UDP.]
I've looked online for a solution and nobody is reporting this issue.
This warning is logged by systemd-resolved, whenever a name can not be resolved by the DNS system (e.g. nslookup www.kjfoiqaefah34876asdf.com). This can be tolerated and is no reason to be alarmed. This is no error and nothing needs to be fixed.
Redirecting /etc/resolv.conf
to /run/systemd/resolve/resolv.conf
is wrong, because this way systemd-resolved
is skipped and the application with the faulty DNS request talks directly to the name server and not to the systemd-resolved
stub anymore. This way systemd-resolved
does not notice the NXDOMAIN events any more and therefore cannot log it any more.
The NXDOMAIN events are caused by packages, which try to access non-existing servers during system startup.
IMPORTANT: The solution posted here hides the problematic message by bypassing an important part of your system (the DNS resolver daemon). It may cause DNS malfunction in the future (example). For a proper way to handle the error message please refer to this answer.
Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-
0001, retrying transaction with reduced feature level UDP.
The same error happened to my desktop machine, I don't know if it applies to server too.
It seems that my system had the old config in the place, resulting in a conflict between two services: resolvconf
and systemd-resolved
.
The symlink /etc/resolv.conf
pointed to ../run/resolvconf/resolv.conf
Changing it to point to /run/systemd/resolve/resolv.conf
which is managed by systemd, fixed it for me.
Read more here on Ubuntu Forums
Hope that helped.