leowmjw
commented
6 years ago Possible resources to fix it correctly:
- Leverage Netplan (does it work in server?) a) https://www.digitalocean.com/community/tutorials/what-s-new-in-ubuntu-18-04 b) Netplan + LXD + MaaS -> http://blog.cyphermox.net/2018/05/building-local-testing-lab-with-ubuntu_16.html c) https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-configure-network-settings-in-ubuntu-18-04-bionic-beaver/ d) https://blog.ubuntu.com/2017/12/01/ubuntu-bionic-netplan e) https://netplan.io/
Less drastic way might be to use resolvconf
a) https://serverfault.com/questions/783030/resolvconf-coupled-with-dnsmasq-and-lxd
b) https://askubuntu.com/questions/1012641/dns-set-to-systemds-127-0-0-53-how-to-change-permanently
c) http://manpages.ubuntu.com/manpages/bionic/man8/resolvconf.8.html
More systemd-resolved sux resources: a) http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html b) https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624320 c) https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1628778 d) https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624320
systemd-resolved is buggy; takes up CPU; loads the dnsmasq and randomly causes kernel panic in the network driver, making it not possible to ssh into the vagrant box. Current setup to delegate to dnsmasq for domains ending with .consul; otherwise to use standard 1.1.1.1, 8.8.8.8 upstream resolver.
Short term fix: Disable systemd-resolved; point direct to dnsmasq (10.1.1.1) + 1.1.1.1. Proven to fix, no need for more hacks like increasing nf_conntrack limit or to disable iptables. It is
If have time; look at the more modern options; and possibly use sysdig/ebpf to trace the flaw in systemd-resolved