I have recently installed a Fedora 33 system on a private network and it needs to contact three specific DNS servers for internal-only DNS resolution. The DNS server addresses are configured, but the DNS servers don’t appear to support more than unicast UDP and DNS lookups have been spotty with long delays logging in via ssh.
I have been able to find the global default to disable LLMNR (LLMNR=false in /etc/systemd/resolved.conf), but the link-level setting is still present for ens192 -
[root@fedora33lab ~]# resolvectl status
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (ens192)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.x.x.x
DNS Servers: 10.x.x.x 10.x.x.x 10.x.x.x
DNS Domain: example.com ~.
I have added llmnr=no to /etc/NetworkManager/system-connections/ens192.nmconnection file and rebooted but this does not seem to have affected the resovlectl status info -
[connection]
id=ens192
uuid=ed000000-0e0e-00fd-0cfc-00cc0bf0e00f
type=ethernet
autoconnect-priority=-999
interface-name=ens192
permissions=
llmnr=no
The goal would to define a standard template for environment-wide use where LLMNR would always be disabled for all interfaces on system-wide basis using a method that would be most likely to persist between Fedora version upgrades.