Ubuntu 17.04 systemd-resolved DNS lookups randomly fail

Ubuntu 17.04 can not resolve DNS servers with DNSSEC support as of 2017-04-18. Disable DNSSEC with this daemon:

sudo mkdir -p /etc/systemd/resolved.conf.d
printf "[Resolve]\nDNSSEC=no\n" | sudo tee /etc/systemd/resolved.conf.d/no-dnssec.conf

Optionally reconfigure resolvconf if you messed with it (say yes to "prepare /etc/resolve.conf for dynamic updates?"):

sudo dpkg-reconfigure resolvconf

Restart systemd-resolved:

sudo systemctl restart systemd-resolved

Your DNS should start working. You can check by trying systemd-resolve www.google.com and seeing a response.

I've been switching back and forth between systemd-resolved and manual /etc/resolv.conf management and have not found the systemd DNS resolver mechanism to be stable yet.

There is apparently at least one libnss bug in Ubuntu 16.10 and apparently still in 17.04. There are many people with DNS issues since Ubuntu 16.10 turned on systemd-resolved, here is one analysis and here is another person's workaround. None of them worked for me until I manually overwrote /etc/resolv.conf with google's DNS servers.

nameserver 8.8.8.8   << or another if you don't trust google
nameserver 8.8.4.4

This is a perfectly valid solution, if you don't need dynamic DNS configuration. Just make sure you stop and disable systemd-resolved:

sudo systemctl disable systemd-resolved.service
sudo service systemd-resolved stop