Firefox slow to start due to waiting for systemd-resolved

tvannahl · June 30, 2023, 8:44am

Problem

After starting Firefox I’m missing any feedback for a starting application. After 2 minutes or more the browser appears and seems to be working just fine.

Analysis so far

The issue seems to be related to systemd-resolved. I’ve watched Firefox syscalls:

$ strace firefox
[…]
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 15
connect(15, {sa_family=AF_UNIX, sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = 0
sendto(15, "{\"method\":\"io.systemd.Resolve.Re"..., 100, MSG_DONTWAIT|MSG_NOSIGNAL, NULL, 0) = 100
recvfrom(15, 0x7f26d5544000, 131072, MSG_DONTWAIT, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
ppoll([{fd=15, events=POLLIN}], 1, {tv_sec=119, tv_nsec=999945000}, NULL, 8

this ppoll does take long until the browser does continue.

As you’ll have questions regarding systemd-resolved:

$ resolvectl
Global
         Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub

Link 2 (wlp0s20f3)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.87.77.1
       DNS Servers: 10.87.77.1 fd00::2e91:abff:fe8c:e9c0
        DNS Domain: fritz.box

During the startup time the following logs are being generated by systemd-resolved:

Jun 30 10:35:52 hamlet systemd-resolved[6207]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server fd00::2e91:abff:fe8c:e9c0.

But in my history I do find different yet similar messages:

Jun 30 10:01:03 hamlet systemd-resolved[6207]: Using degraded feature set UDP instead of TCP for DNS server fd00::2e91:abff:fe8c:e9c0.
Jun 30 10:01:34 hamlet systemd-resolved[6207]: Using degraded feature set TCP instead of UDP for DNS server fd00::2e91:abff:fe8c:e9c0.
Jun 30 10:02:21 hamlet systemd-resolved[6207]: Using degraded feature set UDP instead of TCP for DNS server fd00::2e91:abff:fe8c:e9c0.
Jun 30 10:02:53 hamlet systemd-resolved[6207]: Using degraded feature set TCP instead of UDP for DNS server fd00::2e91:abff:fe8c:e9c0.
Jun 30 10:03:39 hamlet systemd-resolved[6207]: Using degraded feature set UDP instead of TCP for DNS server fd00::2e91:abff:fe8c:e9c0.
Jun 30 10:04:11 hamlet systemd-resolved[6207]: Using degraded feature set TCP instead of UDP for DNS server fd00::2e91:abff:fe8c:e9c0.
Jun 30 10:24:41 hamlet systemd-resolved[6207]: Using degraded feature set UDP instead of TCP for DNS server fd00::2e91:abff:fe8c:e9c0.
Jun 30 10:25:13 hamlet systemd-resolved[6207]: Using degraded feature set TCP instead of UDP for DNS server fd00::2e91:abff:fe8c:e9c0.
Jun 30 10:25:38 hamlet systemd-resolved[6207]: Using degraded feature set UDP instead of TCP for DNS server fd00::2e91:abff:fe8c:e9c0.
Jun 30 10:30:50 hamlet systemd-resolved[6207]: Grace period over, resuming full feature set (UDP+EDNS0) for DNS server fd00::2e91:abff:fe8c:e9c0.

Workaround

I would love to help in th underlying general issue and will attempt to workaround the issue short term by disabling systemd-resolved according to Changes/systemd-resolved:

If you do not wish to use systemd-resolved, then manual intervention will be required to disable it:

Disable and stop systemd-resolved.service.

Delete /etc/resolv.conf

Restart the NetworkManager service. NetworkManager will then create a traditional /etc/resolv.conf. (If you are not using NetworkManager, you may create your own /etc/resolv.conf and configure it to your liking.)

vgaetera · June 30, 2023, 9:10am

Can you reproduce the issue when using Google DNS or Cloudflare DNS exclusively?

tvannahl · June 30, 2023, 10:30am

Thank you, I missed checking that. I used my NetworkManager connection to enforce 1.1.1.1 as exclusive DNS and I cannot reproduce the issue.

$ resolvectl 
Global
         Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: foreign
Current DNS Server: 1.1.1.1
       DNS Servers: 1.1.1.1

Link 2 (wlp0s20f3)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 1.1.1.1
       DNS Servers: 1.1.1.1

My local DNS server is provided by a fritz.box, really common router in german housholds and the issue occured first today. I am providing this additional info to communicate that I would consider setting another DNS server to be another workaround, not a solution.

jn64 · June 30, 2023, 11:23am

There are various issues caused by fritz.box behaviour. I don’t follow the details, but search systemd upstream.

vgaetera · June 30, 2023, 1:40pm

This indicates the issue is not so common, and most likely specific to some router’s firmware, so it’s problematic to reproduce, and a workaround might be your best option.

tvannahl · July 4, 2023, 7:49am

If found multiple bug reports that could be related to my issue - given the combination that the the DNS query done by Firefox during startup is added to the mix.

DNSSEC still getting downgraded when going through local fritz box even under NTA · Issue #19289 · systemd/systemd · GitHub
systemd-resolved using wrong interface to reach DNS servers · Issue #23655 · systemd/systemd · GitHub
all dnssec gets downgraded when local fritz box gets involved · Issue #10570 · systemd/systemd · GitHub

And there might be more - but I realized that I would not be able to help here due to me being stuck at the 90s state of DNS.

So I do agree that the best way currently is to just set an external DNS server like Cloudflare or Google in such connections. Currently I did pin the DNS server for my Fritzbox Wifi connection only.