Problem:

Running Ubuntu 17.10

I have been trying to resolv (hehe) this issue for about a week now and despite countless Google searches and about 20 different attempts, I can not stop dnsmasq from periodically causing my CPU to spike for about a minute with the following offenders:

systemd-resolved

systemd-journald

dnsmasq

Monitoring journalctl -f I see this every time it happens:

maximum number of concurrent dns queries reached (150)

Accompanied/preceded by a crazy loop of requests to some domain (usually ubuntu connection check) like the following:

query[A] connectivity-check.ubuntu.com from 127.0.0.1 forwarded connectivity-check.ubuntu.com to 127.0.1.1 forwarded connectivity-check.ubuntu.com to 127.0.0.53 query[A] connectivity-check.ubuntu.com from 127.0.0.1 forwarded connectivity-check.ubuntu.com to 127.0.0.53 query[AAAA] connectivity-check.ubuntu.com from 127.0.0.1 forwarded connectivity-check.ubuntu.com to 127.0.0.53 query[AAAA] connectivity-check.ubuntu.com from 127.0.0.1 forwarded connectivity-check.ubuntu.com to 127.0.0.53 query[A] connectivity-check.ubuntu.com from 127.0.0.1 forwarded connectivity-check.ubuntu.com to 127.0.0.53 query[AAAA] connectivity-check.ubuntu.com from 127.0.0.1 forwarded connectivity-check.ubuntu.com to 127.0.0.53

I've found that changing my /etc/resolv.conf to use nameserver 127.0.0.53 causes the spike to dissipate almost instantaneously.

However, as that file is updated regularly by Network Manager, I have to do this about once an hour.

Configuration:

/etc/resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 127.0.0.1 search fios-router.home

/etc/NetworkManager/NetworkManager.conf

[main] plugins=ifupdown,keyfile [ifupdown] managed=false [device] wifi.scan-rand-mac-address=no

/etc/dnsmasq.conf

// All default except this at the very end for my wildcard DNS address=/asmar.d/127.0.0.1

/run/dnsmasq/resolv.conf

nameserver 127.0.0.53

/run/resolvconf/interfaces:

lo.dnsmasq :

nameserver 127.0.0.1

systemd-resolved :

nameserver 127.0.0.53

/etc/resolvconf/interface-order:

# interface-order(5) lo.inet6 lo.inet lo.@(dnsmasq|pdnsd) lo.!(pdns|pdns-recursor) lo tun* tap* hso* em+([0-9])?(_+([0-9]))* p+([0-9])p+([0-9])?(_+([0-9]))* @(br|eth)*([^.]).inet6 @(br|eth)*([^.]).ip6.@(dhclient|dhcpcd|pump|udhcpc) @(br|eth)*([^.]).inet @(br|eth)*([^.]).@(dhclient|dhcpcd|pump|udhcpc) @(br|eth)* @(ath|wifi|wlan)*([^.]).inet6 @(ath|wifi|wlan)*([^.]).ip6.@(dhclient|dhcpcd|pump|udhcpc) @(ath|wifi|wlan)*([^.]).inet @(ath|wifi|wlan)*([^.]).@(dhclient|dhcpcd|pump|udhcpc) @(ath|wifi|wlan)* ppp* *

systemd-resolve --status :

Global DNS Servers: 127.0.0.1 DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local private test Link 5 (br-b1f5461ac410) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no Link 4 (docker0) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no Link 3 (wlp62s0) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no Link 2 (enp61s0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: 8.8.8.8 8.8.4.4 ::1

Questions:

How can I resolve this issue while still using my wildcard domain name? Optional: How can I achieve this while using Google DNS?

Please do not recommend upping the concurrent dns queries. That is not a solution.

SOLVED!