[User question] Unclear journal messages from systemd-resolved

Anselm Schüler <mail@xxxxxxxxxxxxxxxxxx> · Thu, 2 May 2024 11:03:41 +0200



      Hi, I hope it’s OK to ask a question here (the About section
        said as much).
      I’m receiving messages in the journal that I have difficulty
        interpreting. It appears to repeatedly switch from TCP to UDP
        and back, claiming that both are a “degraded feature set”…
      Here is a sample journal output:

        ~$ journalctl --unit
          systemd-resolved.service -r | head -n 60

          May 02 10:29:56 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:29:56 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:29:46 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:29:46 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:29:46 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:29:46 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:29:46 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:29:46 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:27:50 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:27:50 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:27:33 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:27:33 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:27:19 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:27:19 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:27:16 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:27:16 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:26:53 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:26:53 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:26:39 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:26:39 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:26:38 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:26:38 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:26:36 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:26:36 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:25:25 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:25:25 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:25:24 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:25:24 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:25:24 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:25:24 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:25:24 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:25:24 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:25:23 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:25:23 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:25:23 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:25:23 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:25:23 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:25:23 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:25:23 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:25:23 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:25:22 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:25:22 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:24:55 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:24:55 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:24:51 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:24:51 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:24:51 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:24:51 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:24:48 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:24:48 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:24:48 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:24:35 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of UDP+EDNS0 for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:24:35 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of UDP+EDNS0 for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:23:54 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:23:54 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:23:54 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:23:54 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:23:54 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.1.1.1#cloudflare-dns.com.

          May 02 10:22:56 nailbox systemd-resolved[95890]: Using
          degraded feature set TCP instead of UDP for DNS server
          1.0.0.1#cloudflare-dns.com.

          May 02 10:22:56 nailbox systemd-resolved[95890]: Using
          degraded feature set UDP instead of TCP for DNS server
          1.0.0.1#cloudflare-dns.com.
      Do you know if this is intended behavior? What am I supposed to
        make of this?
      Here is my /etc/systemd/resolved.conf:

        [Resolve]

          DNS=1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com
          2606:4700:4700::1111#cloudflare-dns.com
          2606:4700:4700::1001#cloudflare-dns.com

          
          LLMNR=true

          DNSSEC=false

          DNSOverTLS=false

      
      Here is the output of resolvectl status
        (with the local DNS redacted):

        Global

                     Protocols: +LLMNR +mDNS -DNSOverTLS
          DNSSEC=no/unsupported

              resolv.conf mode: stub

            Current DNS Server: 1.1.1.1#cloudflare-dns.com

                   DNS Servers: 1.1.1.1#cloudflare-dns.com
          1.0.0.1#cloudflare-dns.com
          2606:4700:4700::1111#cloudflare-dns.com
          2606:4700:4700::1001#cloudflare-dns.com

          Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com
          8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com
          8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com
          2001:4860:4860::8888#dns.google

                                2606:4700:4700::1001#cloudflare-dns.com
          2001:4860:4860::8844#dns.google

          
          Link 2 (docker0)

              Current Scopes: none

                   Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS
          DNSSEC=no/unsupported

          
          Link 3 (wlp4s0)

              Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4
          mDNS/IPv6

                   Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS
          DNSSEC=no/unsupported

          Current DNS Server: ███████████████

               DNS Servers: ███████████████

                  DNS Domain: intern

      
      I’m using NixOS (24.05.20240425.7bb2ccd (Uakari)) and running
        systemd 255.4. Here is the output of systemctl
          --version:

        systemd 255 (255.4)

          +PAM +AUDIT -SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT
          -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN
          +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT
          +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK
          -XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified
      Normally I have an Autocrypt header with PGP information but I
        just set up this system and haven’t configured GPG/Thunderbird
        with that yet.

        Sincerely, Anselm Schüler (email, website)