+++ This bug was initially created as a clone of Bug #1670028 +++ The Linux kernel does not forward certain ICMP errors to userspace unless IP_RECVERR/IPV6_RECVERR is specified. We should use this socket option in the DNS stub resolver, as suggested in the upstream bug.
Upstream commit: commit 08504de71813ddbd447bfbca4a325cbe8ce8bcda Author: Florian Weimer <fweimer> Date: Tue Mar 12 11:40:47 2019 +0100 resolv: Enable full ICMP errors for UDP DNS sockets [BZ #24047] The Linux kernel suppresses some ICMP error messages by default for UDP sockets. This commit enables full ICMP error reporting, hopefully resulting in faster failover to working name servers. Hurd-specific follow-on fix (optional): commit 043440e761d395e1f507d9faa6e82b3fe4536c3f Author: Florian Weimer <fweimer> Date: Wed Mar 13 14:58:58 2019 +0100 hurd: Add no-op version of __res_enable_icmp [BZ #24047] Mach does not support IP_RECVERR, so replace this function with a stub in a sysdeps override for Hurd. This fixes commit 08504de71813ddbd447bfbca4a325cbe8ce8bcda ("resolv: Enable full ICMP errors for UDP DNS sockets [BZ #24047]"). For verification, I think it is sufficient to check that strace shows the additional setsockopt call.
Verified with strace
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:3513