Websites Not Loading (dns issue) After Installing Ubuntu 17.04? [fix]

I can’t believe that I haven’t written anything for the past 4 months for my website! But I promise that I’ll add fresh content in the future (yes an Ubuntu 17.04 review is on the way). One reason why I was not able to add new ‘Linux’

was because after I switched to a new laptop few months ago, I created a ‘‘ (a especial type of partitioning method, mostly used in server environments) for testing GNU/Linux distributions, rather than creating a traditional partition (which is what I had in the old laptop). And the thing is, some distributions, don’t yet support installing into logical volumes. Therefore, I missed a number of new releases of GNU/Linux distributions that I used to write about, simply because the installers couldn’t install the operating systems to the logical volume. So, out of frustration, I took the trouble of completely changing the partition layout of the new laptop and recreated a traditional partition for testing new distributions. Therefore, I’ll be updating the site in the future with new reviews.

So anyhow, coming back to the purpose of this post… I installed the newly released Ubuntu 17.04 and have been using it for the past 2-3 days now. And after gathering the performance related data (for the upcoming review of course), one thing that I immediately noticed was that sometimes I could not visit certain websites, websites that I quite frequently use (such as Facebook, YouTube etc). This was quite irritating and every time this happened, the web browser simply complained with the “Server not found” error. Now Firefox uses this error message for reporting number of other issues, not just when its having DNS issues (for non technical people, DNS related error mostly means the web browser can’t convert the human readable addresses of a website into numbers, which is essential for properly loading any website).

But since I’ve been having this issue only with few websites that I frequently use and those websites aren’t the ones that go down easily (meaning that whatever is wrong, it was probably from my end, and it was most probably had something to do with DNS cache not being properly updated), and since other websites most of the time loaded without big issues (although, there were certain unusual delays as well), I just suspected that this was a DNS issue from the operating system’s end (yes I used command-line tools to ‘confirm’ this as well).

Now I tried few suggestions that I found on the web, but nothing worked out for me. However, with the help of couple of pointers, I realized that this issue was originating from a service called ‘systemd-resolved’. This is a DNS caching and validating service that comes pre-installed with Ubuntu 17.04. Luckily, you can use this command-line utility to figure out the causes of certain DNS related issues.

So out of curiosity, when the system was not able to load certain websites, I fired up the command-line tool and tried to resolve those websites with ‘systemd-resolved’ to see what type of errors I would get. Below screenshot includes few of those instances where I ‘systemd-resolved’ gave me the following error: resolve call failed: DNSSEC validation failed: failed-auxiliary

So obviously it is a DNSSEC validation error. Now

a DNS related security check that verifies the integrity of the DNS data. ‘systemd-resolved’ does let you turn the DNSSEC checking OFF. So that’s what I did next (it’s easy. You just have to open /etc/systemd/resolved.conf and comment out “DNSSEC” and replace “allow-downgrade” with “off“) and it worked liked a charm.

However, since DNSSEC is there to protect you from outside infiltration, it’s not recommended to turn it OFF. So what is the solution then? Well, the easiest solution I saw was to totally disable the troublesome ‘systemd-resolved’ service and replace it with a similar utility, one that actually works.

Luckily there are a few, and it’s important to choose one that is also supported by the NetworkManager to avoid further conflicts and also so that you can get away with minimal manual configuration. So I chose this other one called “” which also supports DNSSEC validation and fully supports ‘systemd’ as well.

So basically that’s what I did. I simply disabled the troublesome ‘systemd-resolved’ and replaced it ‘unbound’ and so far everything is working quite well. Sometimes I do feel a slight delay, but it’s certainly better than having the ‘systemd-resolved’ that refuses to load websites entirely.


Update: Here & there, even with ‘unbound’, I still get long delays when loading websites (15-20 seconds long), but unlike with ‘systemd-resolved’, after the delay the websites starts to load properly, at least.

However, if you’re okay with not having DNSSEC enabled at the moment (because again, with it disabled, everything seem to work just fine) then you can forget about following the rest of the guide to enable ‘unbound’ and simply disable DNSSEC in ‘systemd-resolved’ until Ubuntu comes up with a solution (Update_2: Apparently the previous version of Ubuntu came with DNSSEC set to off  , yes I too was aware of that. And they simply had decided to enable it in 17.04 which is what causing this issue. Therefore, they advice to turn off DNSSEC for ‘systemd-resolved’. You actually don’t have to do anything, including manually editing the configuration file as shown below, just update your software and reboot, because they’ve simply updated ‘systemd-resolved’ to use DNSSEC turned off by default).

For that, first use the below command which’ll open up a configuration file:

sudo nano /etc/systemd/resolved.conf

Then as shown in the below screenshot, comment out #DNSSEC=allow-downgrade and replace allow-downgrade with off .

Once done press Ctrl + x keys to save the changes, and when asked to confirm, press y and then hit Enter. Then simply restart ‘systemd-resolved’ service so the changes are applied. For that, enter the below command:

sudo systemctl restart systemd-resolved

That’s it. But remember, now you’re running DNS queries without DNSSEC which could create security risks. If you don’t feel comfortable with this, then roll back the changes you made to the configuration file and simply follow the below steps to replace ‘systemd-resolved’ with ‘unbound’.

End of Update


Now I actually completely re-wrote this entire article, because the previous answer (content) that I put here was not the most optimal one (plus, I also had slightly misconfigured one of NetworkManager’s settings which was embarrassing) because with that answer, things were not fully automated (for instance, if you travel a lot with your laptop and connect to lots of private networks that use internal DNSs, then you would’ve had to manually enter the IP of those internal DNS every time you connect, which was quite irritating. But with ‘unbound’ there is no need for such undertaking, everything is fully automated). So without any further delays, here’s how you can fix this ‘systemd-resolved’ DNS issue in Ubuntu 17.04.

Step 1: Let’s install ‘unbound’ first. However, under some conditions with our troublesome ‘systemd-resolved’ you can’t even install software application on Ubuntu 17.04 either (if you can install software from the Ubuntu servers, then skip this Step and go to Step 2).

So the easiest solution to temporarily fix the issue is to manually enter a reliable, global and trustworthy DNS server(I’ll be using ) into the system-wide configuration file that applications rely on for retrieving the DNS IPs. It’s located in /etc/resolv.conf. So let’s do that first.

For that, enter the below command. This will open up that file in a command-line editor called ‘nano’:

sudo nano /etc/resolv.conf

Once opened, delete the IP address that is put there after the ‘nameserver’ argument, by the troublesome ‘systemd-resolved’ service, and simply enter Google’s DNS IP. For IP version 4 users, use the below one:

For IP version 6 use the below one instead:


Now simply press Ctrl + x keys to save the changes. When asked whether you want to save the changes or not, simply press y and the hit the Enter key. That’s it, now you should have a working internet connection, temporarily.

Step 2: Now enter the below command to install ‘unbound’ into Ubuntu 17.04:

sudo apt-get install unbound

Step 3: Now let’s disable the troublesome ‘systemd-resolved’ first and then we’ll stop its already running instance. For that, use the below commands:

sudo systemctl disable systemd-resolved

sudo systemctl stop systemd-resolved

Step 4: Now let’s configure NetworkManager to use ‘unbound’ instead of ‘systemd-resolved’. For that we need to edit one of its main configuration files (it’s quite easy) and manually enter a single configuration setting. So let’s open up the configurtion file first by using the below command:

sudo nano /etc/NetworkManager/NetworkManager.conf

Once opened, copy the below code and simply enter it in a new field, just below the ‘plugins=…’ option (as illustrated in the below screenshot as well):


Again to save our changes, press the Ctrl + x keys and then press y and hit Enter to confirm.

Step 5: Now let’s enable the newly installed ‘unbound’ in systemd (it’s actually automatically enabled when you install it, but we’ll re-enable it just in case) using below two commands:

sudo systemctl enable unbound-resolvconf

sudo systemctl enable unbound

Step 6: Now we’re almost done. Just reboot the computer for the changes to take effect.

From next time on, those DNS issues that you were having with ‘systemd-resolved’ on Ubuntu 17.04 should be gone and websites should load without big issues with DNSSEC turned ON. Good luck.

Related Posts

An RHCE, ‘Linux’ user with 14+ years of experience. Extreme lover of Linux and FOSS. He is passionate to test every Linux distribution & compare with the previous release to write in-depth articles to help the FOSS community.

This way you lock your configuration for only one router. So you need to change your configuration each time your network connection changes. I. e. home, work, hotspot, hotel, etc.

I wish that this systemd shit should never had to been adopted by such big distributions. I’m fed of it.

I’m having “Resolving Host” issues with 17.04, which seem to be tied to DNS and the entire systemd-resolved debacle. I will try your fix and see if it ‘resolves’ my issues. Other than the wonky internet 17.04 seems pretty solid.

I tried out your latest fix, Gayan (the “unbound”‘s one). It seems to work well, at lest for now.

I have been looking for the solution and your last update works perfectly. Thank you very much.

It is a bug see

Chris Schuld’s answer said to simply replace /etc/resolv.conf

sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf


This was easy enough and seems to work for me.

But, I suppose it is bypassing the local caching and is not an optimal long term solution.

Gayan, thank you very much! You made my day. Yesterday I badly needed functional connection and I was furious and considering reinstalling the whole distribution. Fortunately I have found your blog today and with unbound installed all really works like a charm 🙂

It looks the bug has been solved by latest updates. 🙂

I had similar problems while installing and running Ubuntu 17.04 from DVD on an older desktop machine. I could ping IP addresses such as my router but DNS was failing to find anything.

The output of “sudo systemd-resolve”

was “ resolve call failed: DNSSEC validation failed: signature-expired”

The root cause of my problem was a flat battery on the motherboard which had caused the date to revert to 2005 and so, presumably, upset the DNS security check.

After replacing the failed CR2032 battery and entering a correct date in the BIOS everything works normally again.

Thanks for the systemd-resolve tip – that’s what put me on the right track!

When i run

sudo apt-get install unbound

i get Unable to locate package unboud

tnx mans,cool manual ^_^

This seems totally wrong. Instead of

using your built-in DNS resolver (and so not having to go out to the network for every domain lookup),


using Google’s—and you’re letting Google know exactly how often you look up every URL.

very good article.

Hello Gayan,

I installed Lubuntu 17.04 on an old XP machine (Pentium 4 3.08 GHz.2 GB Ram) and it had the same problem.

I followed your instructions to the letter.

Even NetworkManager needed to be written with 2 capital letters!

You forgot to mention that before getting unbound you need to restart first to have internet connection? At least I had to.

I am a newbie with Linux and this could potentially have frustrated the whole experience!

Thanks to you I am able to enjoy the new Lubuntu OS!

Thanks Man!! Saved the day.

I had a problem with the Wired connection dropping in 16.04 LTS, and I tried using unbound, as you described. Everything seemed okay but then I noticed there was no way I could find to stop running ‘dnsmasq’ instead of ‘unbound’.

Systemd_resolve isn’t running on my system.

I fallowed your instructions but when i do sudo nano /etc/resolv.conf even in nano a did the replace command (^/) and put every time i reboot the system i have ti do it again cause come back with original setting ( even as a root user (sudo su or sudo -i)

or gedit…i appreciate your advise

Great solution! Saved me a lot of time. Many thanks!

This helped me, but indirectly. I tried various solutions from other places (not yet unbound), none worked. Then I noticed your edit of NetworkManager.conf, which has dns=… in it – mine had not!

So I added a line: dns=systemd-resolved, and it works now!

No more need to open terminal after each login and type:

echo “nameserver” | sudo tee /etc/resolv.conf

Thanks God, I found this post. Help me a lot, work like a charm.

Just replaced my Lubuntu to Ubuntu Zesty today, and got this network issue.

Thank you, Gayan.

This site uses Akismet to reduce spam. .

Recent Posts


About HecticGeek Welcome to HecticGeek, it is an independent blog founded back in 2010. We cover in-depth Linux OS, product review with other all technology-related software and tools. Our mission is to provide valuable and trustful technology-related content to our users.

Leave a Reply

Your email address will not be published.