Websites Not Loading (dns issue) After Installing Ubuntu 17.04? [fix]

I can’t believe that I haven’t written anything for the past 4 months for my website! But I promise that I’ll add fresh content in the future (yes an Ubuntu 17.04 review is on the way). One reason why I was not able to add new ‘Linux’ operating system reviews was because after I switched to a new laptop few months ago, I created a ‘logical volume‘ (a especial type of partitioning method, mostly used in server environments) for testing GNU/Linux distributions, rather than creating a traditional partition (which is what I had in the old laptop). And the thing is, some distributions, don’t yet support installing into logical volumes. Therefore, I missed a number of new releases of GNU/Linux distributions that I used to write about, simply because the installers couldn’t install the operating systems to the logical volume. So, out of frustration, I took the trouble of completely changing the partition layout of the new laptop and recreated a traditional partition for testing new distributions. Therefore, I’ll be updating the site in the future with new reviews.

So anyhow, coming back to the purpose of this post… I installed the newly released Ubuntu 17.04 and have been using it for the past 2-3 days now. And after gathering the performance related data (for the upcoming review of course), one thing that I immediately noticed was that sometimes I could not visit certain websites, websites that I quite frequently use (such as Facebook, YouTube etc). This was quite irritating and every time this happened, the web browser simply complained with the “Server not found” error. Now Firefox uses this error message for reporting number of other issues, not just when its having DNS issues (for non technical people, DNS related error mostly means the web browser can’t convert the human readable addresses of a website into numbers, which is essential for properly loading any website).

But since I’ve been having this issue only with few websites that I frequently use and those websites aren’t the ones that go down easily (meaning that whatever is wrong, it was probably from my end, and it was most probably had something to do with DNS cache not being properly updated), and since other websites most of the time loaded without big issues (although, there were certain unusual delays as well), I just suspected that this was a DNS issue from the operating system’s end (yes I used command-line tools to ‘confirm’ this as well).

Now I tried few suggestions that I found on the web, but nothing worked out for me. However, with the help of couple of pointers, I realized that this issue was originating from a service called ‘systemd-resolved’. This is a DNS caching and validating service that comes pre-installed with Ubuntu 17.04. Luckily, you can use this command-line utility to figure out the causes of certain DNS related issues.

So out of curiosity, when the system was not able to load certain websites, I fired up the command-line tool and tried to resolve those websites with ‘systemd-resolved’ to see what type of errors I would get. Below screenshot includes few of those instances where I ‘systemd-resolved’ gave me the following error:

www.facebook.com: resolve call failed: DNSSEC validation failed: failed-auxiliary

So obviously it is a DNSSEC validation error. Now DNSSEC is a DNS related security check that verifies the integrity of the DNS data. ‘systemd-resolved’ does let you turn the DNSSEC checking OFF. So that’s what I did next (it’s easy. You just have to open /etc/systemd/resolved.conf and comment out “DNSSEC” and replace “allow-downgrade” with “off“) and it worked liked a charm.

However, since DNSSEC is there to protect you from outside infiltration, it’s not recommended to turn it OFF. So what is the solution then? Well, the easiest solution I saw was to totally disable the troublesome ‘systemd-resolved’ service and replace it with a similar utility, one that actually works.

Luckily there are a few, and it’s important to choose one that is also supported by the NetworkManager to avoid further conflicts and also so that you can get away with minimal manual configuration. So I chose this other one called “unbound” which also supports DNSSEC validation and fully supports ‘systemd’ as well.

So basically that’s what I did. I simply disabled the troublesome ‘systemd-resolved’ and replaced it ‘unbound’ and so far everything is working quite well. Sometimes I do feel a slight delay, but it’s certainly better than having the ‘systemd-resolved’ that refuses to load websites entirely.

__________________________

Update: Here & there, even with ‘unbound’, I still get long delays when loading websites (15-20 seconds long), but unlike with ‘systemd-resolved’, after the delay the websites starts to load properly, at least.

However, if you’re okay with not having DNSSEC enabled at the moment (because again, with it disabled, everything seem to work just fine) then you can forget about following the rest of the guide to enable ‘unbound’ and simply disable DNSSEC in ‘systemd-resolved’ until Ubuntu comes up with a solution (Update_2: Apparently the previous version of Ubuntu came with DNSSEC set to off according to Ubuntu developers , yes I too was aware of that. And they simply had decided to enable it in 17.04 which is what causing this issue. Therefore, they advice to turn off DNSSEC for ‘systemd-resolved’. You actually don’t have to do anything, including manually editing the configuration file as shown below, just update your software and reboot, because they’ve simply updated ‘systemd-resolved’ to use DNSSEC turned off by default).

For that, first use the below command which’ll open up a configuration file:

sudo nano /etc/systemd/resolved.conf

Then as shown in the below screenshot, comment out #DNSSEC=allow-downgrade and replace allow-downgrade with off .

 

Once done press Ctrl + x keys to save the changes, and when asked to confirm, press y and then hit Enter. Then simply restart ‘systemd-resolved’ service so the changes are applied. For that, enter the below command:

sudo systemctl restart systemd-resolved

That’s it. But remember, now you’re running DNS queries without DNSSEC which could create security risks. If you don’t feel comfortable with this, then roll back the changes you made to the configuration file and simply follow the below steps to replace ‘systemd-resolved’ with ‘unbound’.

End of Update

___________________________

Now I actually completely re-wrote this entire article, because the previous answer (content) that I put here was not the most optimal one (plus, I also had slightly misconfigured one of NetworkManager’s settings which was embarrassing) because with that answer, things were not fully automated (for instance, if you travel a lot with your laptop and connect to lots of private networks that use internal DNSs, then you would’ve had to manually enter the IP of those internal DNS every time you connect, which was quite irritating. But with ‘unbound’ there is no need for such undertaking, everything is fully automated). So without any further delays, here’s how you can fix this ‘systemd-resolved’ DNS issue in Ubuntu 17.04.

Step 1: Let’s install ‘unbound’ first. However, under some conditions with our troublesome ‘systemd-resolved’ you can’t even install software application on Ubuntu 17.04 either (if you can install software from the Ubuntu servers, then skip this Step and go to Step 2).

So the easiest solution to temporarily fix the issue is to manually enter a reliable, global and trustworthy DNS server(I’ll be using Google’s free DNS service) into the system-wide configuration file that applications rely on for retrieving the DNS IPs. It’s located in /etc/resolv.conf. So let’s do that first.

For that, enter the below command. This will open up that file in a command-line editor called ‘nano’:

sudo nano /etc/resolv.conf

Once opened, delete the IP address that is put there after the ‘nameserver’ argument, by the troublesome ‘systemd-resolved’ service, and simply enter Google’s DNS IP. For IP version 4 users, use the below one:

8.8.8.8

For IP version 6 use the below one instead:

2001:4860:4860::8888

Now simply press Ctrl + x keys to save the changes. When asked whether you want to save the changes or not, simply press y and the hit the Enter key. That’s it, now you should have a working internet connection, temporarily.

Step 2: Now enter the below command to install ‘unbound’ into Ubuntu 17.04:

sudo apt-get install unbound

Step 3: Now let’s disable the troublesome ‘systemd-resolved’ first and then we’ll stop its already running instance. For that, use the below commands:

sudo systemctl disable systemd-resolved

sudo systemctl stop systemd-resolved

Step 4: Now let’s configure NetworkManager to use ‘unbound’ instead of ‘systemd-resolved’. For that we need to edit one of its main configuration files (it’s quite easy) and manually enter a single configuration setting. So let’s open up the configurtion file first by using the below command:

sudo nano /etc/NetworkManager/NetworkManager.conf

Once opened, copy the below code and simply enter it in a new field, just below the ‘plugins=…’ option (as illustrated in the below screenshot as well):

dns=unbound

Again to save our changes, press the Ctrl + x keys and then press y and hit Enter to confirm.

Step 5: Now let’s enable the newly installed ‘unbound’ in systemd (it’s actually automatically enabled when you install it, but we’ll re-enable it just in case) using below two commands:

sudo systemctl enable unbound-resolvconf

sudo systemctl enable unbound

Step 6: Now we’re almost done. Just reboot the computer for the changes to take effect.

From next time on, those DNS issues that you were having with ‘systemd-resolved’ on Ubuntu 17.04 should be gone and websites should load without big issues with DNSSEC turned ON. Good luck.

38 thoughts on “Websites Not Loading (dns issue) After Installing Ubuntu 17.04? [fix]

  1. This way you lock your configuration for only one router. So you need to change your configuration each time your network connection changes. I. e. home, work, hotspot, hotel, etc.

    I wish that this systemd shit should never had to been adopted by such big distributions. I’m fed of it.

    • Hi Elin,

      I actually completely re-wrote the entire article and came up with a different solution, one that should totally automate DNS resolving issue. In simple terms I replaced ‘systemd-resolved’ with ‘unbound’ and it’s working perfectly well for me so far. Try it out.

  2. I’m having “Resolving Host” issues with 17.04, which seem to be tied to DNS and the entire systemd-resolved debacle. I will try your fix and see if it ‘resolves’ my issues. Other than the wonky internet 17.04 seems pretty solid.

    • Hi Jason,

      I completely re-wrote the entire article basically. The previous solution was not the ideal one for users who travel a lot, and I think I somewhat entered the wrong option into NetworkManager’s configuration file. So I came up with a new solution which is to basically get rid of the troublesome ‘systemd-resolved’ and replace it with something very similar. Try it if you’re having issues with ‘systemd-resolved’. It working quite well for me so far at least.

  3. Gayan, thank you very much! You made my day. Yesterday I badly needed functional connection and I was furious and considering reinstalling the whole distribution. Fortunately I have found your blog today and with unbound installed all really works like a charm 🙂

  4. I had similar problems while installing and running Ubuntu 17.04 from DVD on an older desktop machine. I could ping IP addresses such as my router but DNS was failing to find anything.
    The output of “sudo systemd-resolve google.com”
    was “google.com: resolve call failed: DNSSEC validation failed: signature-expired”
    The root cause of my problem was a flat battery on the motherboard which had caused the date to revert to 2005 and so, presumably, upset the DNS security check.
    After replacing the failed CR2032 battery and entering a correct date in the BIOS everything works normally again.
    Thanks for the systemd-resolve tip – that’s what put me on the right track!

    • If you’ve installed the latest updates, this ‘fix’ is not necessary. However, if you still want to install ‘unbound’ then try the below command first:

      sudo apt-get update

      Then run:

      sudo apt-get install unbound

  5. This seems totally wrong. Instead of using your built-in DNS resolver (and so not having to go out to the network for every domain lookup), you’re using Google’s—and you’re letting Google know exactly how often you look up every URL.

    • It’s only enabled for a few moments until the user sets up ‘unbound’. Once ‘unbound’ is enabled, it’ll remove Google’s DNS servers.

  6. Hello Gayan,
    I installed Lubuntu 17.04 on an old XP machine (Pentium 4 3.08 GHz.2 GB Ram) and it had the same problem.
    I followed your instructions to the letter.
    Even NetworkManager needed to be written with 2 capital letters!
    You forgot to mention that before getting unbound you need to restart first to have internet connection? At least I had to.
    I am a newbie with Linux and this could potentially have frustrated the whole experience!
    Thanks to you I am able to enjoy the new Lubuntu OS!

  7. I had a problem with the Wired connection dropping in 16.04 LTS, and I tried using unbound, as you described. Everything seemed okay but then I noticed there was no way I could find to stop running ‘dnsmasq’ instead of ‘unbound’.

    Systemd_resolve isn’t running on my system.

  8. I fallowed your instructions but when i do sudo nano /etc/resolv.conf even in nano a did the replace command (^/) and put 8.8.8.8 every time i reboot the system i have ti do it again cause come back with original setting (127.0.0.1) even as a root user (sudo su or sudo -i) or gedit…i appreciate your advise

    • Follow the steps fully and don’t worry about the DNS being changed to 127.0.0.1 (unless your internet connection isn’t working) because it’s quite deliberately done automatically by the system.

  9. This helped me, but indirectly. I tried various solutions from other places (not yet unbound), none worked. Then I noticed your edit of NetworkManager.conf, which has dns=… in it – mine had not!
    So I added a line: dns=systemd-resolved, and it works now!
    No more need to open terminal after each login and type:
    echo “nameserver 192.168.0.1” | sudo tee /etc/resolv.conf

  10. Thanks God, I found this post. Help me a lot, work like a charm.
    Just replaced my Lubuntu to Ubuntu Zesty today, and got this network issue.
    Thank you, Gayan.

  11. Today, after updaring my packs (‘sudo apt-get update and upgrade’)….the internet has gone))). And it’s stupid 127.0.0.1:53 in resolv.conf…. Shortly speaking, THANKS man. You’ve helped a lot. Great job!!!!!

Leave a Comment