[kwlug-disc] Systemd resolv issue ...

Khalid Baheyeldin kb at 2bits.com
Tue Feb 10 20:33:55 EST 2026 

So here is the situation.
A Linux machine refuses to communicate with the outside world.

When using an IP address, things work well.

ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=115 time=36.7 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=115 time=44.2 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=115 time=42.5 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=115 time=35.3 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 35.331/39.683/44.225/3.765 ms

But, when doing a DNS query, 127.0.0.53 times out:

$ dig google.com
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
...
;; no servers could be reached

When I explicitly specify a DNS server IP address, it resolves:

dig @1.1.1.1 google.com

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56116
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; ANSWER SECTION:
google.com.             153     IN      A       142.250.139.113
google.com.             153     IN      A       142.250.139.102
google.com.             153     IN      A       142.250.139.101
google.com.             153     IN      A       142.250.139.138
google.com.             153     IN      A       142.250.139.139
google.com.             153     IN      A       142.250.139.100

;; Query time: 49 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Tue Feb 10 20:08:30 EST 2026
;; MSG SIZE  rcvd: 135


And when checking who is listening on port 53

sudo netstat -ltunp | grep -w 53 | grep -v 54
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 2056751/systemd-res
udp 0 0 127.0.0.53:53 0.0.0.0:*        2056751/systemd-res

Note that systemd-resolved shows "LISTEN" on the tcp port, but not the udp
one.

Of course, I can restart systemd-resolved, or reboot the machine.
However, I really want to diagnose what the issue is first.
But I want to diagnose the issue first, for future cases.

So my questions are:
Why would the above happen?
And how to prevent it from happening again?
-- 
Khalid M. Baheyeldin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20260210/caba7671/attachment.htm>

More information about the kwlug-disc mailing list