New alert keeps showing up: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001

server dns systemd-resolved

I just installed a new Ubuntu Server 18.04. I set my hostname hostnamectl set-hostname ****.openbayou.biz and I set /etc/hosts:

127.0.0.1 localhost
[ip address] ****.openbayou.biz hostname
# The following lines are desirable for IPv6 capable hosts
[ip6 address] *****.openbayou.biz hostname
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

I also installed OSSEC to monitor for new files, errors and changes to my server and I'm now getting these alerts:

Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018- 
0001, retrying transaction with reduced feature level UDP.`

It's now repeating itself:

systemd-resolved[3195]: message repeated 4 times: [ Server returned error 
NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction 
with reduced feature level UDP.]

I've looked online for a solution and nobody is reporting this issue.


This warning is logged by systemd-resolved, whenever a name can not be resolved by the DNS system (e.g. nslookup www.kjfoiqaefah34876asdf.com). This can be tolerated and is no reason to be alarmed. This is no error and nothing needs to be fixed.

Redirecting /etc/resolv.conf to /run/systemd/resolve/resolv.conf is wrong, because this way systemd-resolved is skipped and the application with the faulty DNS request talks directly to the name server and not to the systemd-resolved stub anymore. This way systemd-resolved does not notice the NXDOMAIN events any more and therefore cannot log it any more.

The NXDOMAIN events are caused by packages, which try to access non-existing servers during system startup.


IMPORTANT: The solution posted here hides the problematic message by bypassing an important part of your system (the DNS resolver daemon). It may cause DNS malfunction in the future (example). For a proper way to handle the error message please refer to this answer.

Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018- 
0001, retrying transaction with reduced feature level UDP.

The same error happened to my desktop machine, I don't know if it applies to server too.

It seems that my system had the old config in the place, resulting in a conflict between two services: resolvconf and systemd-resolved.

The symlink /etc/resolv.conf pointed to ../run/resolvconf/resolv.conf

Changing it to point to /run/systemd/resolve/resolv.conf which is managed by systemd, fixed it for me.

Read more here on Ubuntu Forums

Hope that helped.

Related

How can I find the version number of an installed package via dpkg?
A start job is running for wait for network to be configured. Ubuntu server 17.10
"physical block size is 2048 bytes, but Linux says it is 512" when formatting USB - How to create a bootable USB without this error
netstat or alternative in docker ubuntu server 16.04 container
How to add a user without /home?
Can not connect to PostgreSQL listening on port 5432
How to start MongoDB server on system start?
How can I create launcher icon for PhpStorm?
How do I enable Ubuntu (using full disk encryption) to call LUKSsupend before sleeping/suspending to RAM?
Unable to format USB drive with Disks (udisks-error-quark, 0)
How do I disable the boot splash screen, and only show kernel and boot text instead? [duplicate]
Mount an external drive at boot time only if it is plugged in