DNS not working after upgrade to 33 (not for VPN)

Dear community,
Please help me with fixing systemd-resolved after upgrading to 33. I am not using a VPN, I have just a simple home LAN network to which my laptop connects via WiFi (interface wlp4s0). There are virtual interfaces for my VMs, but I’m not sure if they are affecting anything here.
After upgrading to Fedora 33 I noticed that hostname resolution no longer works for my LAN machines. What’s weird is that it works one way: IP → hostname, but not hostname → IP:

> resolvectl domain
Global:
Link 2 (enp0s31f6):
Link 3 (wlp4s0): ~.
Link 4 (virbr0):
Link 5 (virbr0-nic):
> resolvectl dns
Global:
Link 2 (enp0s31f6):
Link 3 (wlp4s0): 192.168.1.1
Link 4 (virbr0):
Link 5 (virbr0-nic):

One of the LAN hosts is called “dkpi”, here I can see it:

> resolvectl query 192.168.1.115
192.168.1.115: dkpi                            -- link: wlp4s0

-- Information acquired via protocol DNS in 3.4ms.
-- Data is authenticated: no

But at the same time:

> resolvectl query dkpi
dkpi: resolve call failed: 'dkpi' not found

> nslookup dkpi
Server:         127.0.0.53
Address:        127.0.0.53#53

** server can't find dkpi: SERVFAIL

There is nothing “fancy” in the network setup, just auto-DNS driven by the router.
One more output if it helps:

> resolvectl
Global
       Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp0s31f6)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlp4s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.1
       DNS Servers: 192.168.1.1
        DNS Domain: ~.

Link 4 (virbr0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 5 (virbr0-nic)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Could please anyone give a hint what could be the issue? Thanks!

2 Likes

Not sure if it is your case, I use a OpenWrt as Wifi/Router doing standard DHCP/DNS, etc.

When I want to ping a host, I need to use the Fully Qualifief Domain Name, like,

ping host.lan works
while
ping host not.

The “lan” part is a parameter on the Router side.

No special adjustment on Fedora side is needed for me.

3 Likes

Whether plain names work or only FQDN, depends on the search domains.
It’s typically provided by DHCP, but you can also specify it manually:

nmcli connection modify id CON_NAME ipv4.dns-search lan
nmcli connection down id CON_NAME
nmcli connection up id CON_NAME
1 Like

please check. Current DNS Server 192.168.1.1. [ dns address ] ,
also change your using internet company’s dns address or other dns(like that a google 8.8.8.8)

[root@nalkal simmon]# resolvectl|grep "Current DNS"
Current DNS Server: 168.126.63.2

Thanks everyone for the comments. I think now I figured out what the issue was.

I’m using my router to resolve DNS names, hence 192.168.1.1 is correct here.

What I did not realize is that systemd-resolved by design does not redirect singe-label DNS requests to a DNS server (even though it can be a private DNS like in my case) for security reasons. I looked at wireshark captures and realized that it doesn’t even try to send a DNS request to my router in the case of a single-label name (there were only LLMNR requests).
There are tons of discussions around this behavior (just as an example - re-assess the design decision to have all single-label DNS requests effectively get black-holed · Issue #13763 · systemd/systemd · GitHub), but the fact is that the issue was easily solved for me as soon as I configured my router to use a domain name for my LAN. After I applied the config on my router and re-connected the Fedora system to the WiFi, it figured out the domain name by itself and now everything works:

> resolvectl query dkpi
dkpi: 192.168.1.115                            -- link: wlp4s0
      (dkpi.home_domain)

-- Information acquired via protocol DNS in 6.6ms.
-- Data is authenticated: no
3 Likes

Did you get ping work in the end? I am in a similar situation. After I add .local to my domain name, resolvectl query and nslookup both works for me, but I want to use the names in browser, in mount commands , and in ping, still none of them works.

Btw the issue you linked mentioned a newly added setting called ResolveUnicastSingleLabel=yes, after enabling it I can make my name work without .local in nslookup commands too, but same they don’t work anywhere else. How do I use my names anywhere?

$ nslookup asustor
Server:		192.168.0.24
Address:	192.168.0.24#53

Name:	asustor
Address: 192.168.0.90

$ resolvectl query asustor
asustor: resolve call failed: 'asustor' not found

# strangely this is not a synlink for me, I upgraded from F32 too
$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.24
nameserver 192.168.0.1

$ resolvectl status
Global
         Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: foreign                                              
Current DNS Server: 192.168.0.24                                         
       DNS Servers: 192.168.0.24 192.168.0.1                             

Link 2 (enp0s25)
Current Scopes: none                                                        
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlp3s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6                                   
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.0.24                                                
       DNS Servers: 192.168.0.24 192.168.0.1                                    
        DNS Domain: ~.                                                          

Link 4 (virbr0)
Current Scopes: none                                                        
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 5 (virbr0-nic)
Current Scopes: none
1 Like

The domain .local is reserved for mDNS, so you’d best to change it to something like .lan or .home.
In addition, modify your network connection to include the search domain as mentioned above.

1 Like

But shouldn’t the search domain come from dhcp server? Then I don’t need to add it to every connection on my machine(s). I set it to home on my asus router ( stock firmware not merlin)

But it did not work, it only works when I manually add the search domain to my connection on the machine I am using. ( but I have multiple machines running fedora )

It should, and it works for me.
Try to reconnect while running this:

sudo tcpdump -vni any udp port bootps

I saw “home” in output

$ sudo tcpdump -vni any udp port bootps
dropped privs to tcpdump
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
09:21:19.325644 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 317)
    0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 34:13:e8:37:2c:06, length 289, xid 0x39f541bc, secs 1, Flags [none]
	  Client-Ethernet-Address 34:13:e8:37:2c:06
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Request
	    Client-ID Option 61, length 7: ether 34:13:e8:37:2c:06
	    Parameter-Request Option 55, length 17: 
	      Subnet-Mask, Time-Zone, Domain-Name-Server, Hostname
	      Domain-Name, MTU, BR, Classless-Static-Route
	      Default-Gateway, Static-Route, YD, YS
	      NTP, Option 119, Classless-Static-Route-Microsoft, Option 252
	      RP
	    MSZ Option 57, length 2: 576
	    Requested-IP Option 50, length 4: 192.168.0.205
	    Hostname Option 12, length 5: "t450s"
09:21:19.354395 IP (tos 0xc0, ttl 64, id 51175, offset 0, flags [none], proto UDP (17), length 337)
    192.168.0.1.bootps > 192.168.0.205.bootpc: BOOTP/DHCP, Reply, length 309, xid 0x39f541bc, secs 1, Flags [none]
	  Your-IP 192.168.0.205
	  Server-IP 192.168.0.1
	  Client-Ethernet-Address 34:13:e8:37:2c:06
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: ACK
	    Server-ID Option 54, length 4: 192.168.0.1
	    Lease-Time Option 51, length 4: 86400
	    RN Option 58, length 4: 43200
	    RB Option 59, length 4: 75600
	    Subnet-Mask Option 1, length 4: 255.255.255.0
	    BR Option 28, length 4: 192.168.0.255
	    Hostname Option 12, length 5: "t450s"
	    Domain-Name Option 15, length 4: "home"
	    Domain-Name-Server Option 6, length 8: 192.168.0.24,192.168.0.1
	    Default-Gateway Option 3, length 4: 192.168.0.1
09:21:19.355269 IP (tos 0xc0, ttl 64, id 51176, offset 0, flags [none], proto UDP (17), length 337)
    192.168.0.1.bootps > 192.168.0.205.bootpc: BOOTP/DHCP, Reply, length 309, xid 0x39f541bc, secs 1, Flags [none]
	  Your-IP 192.168.0.205
	  Server-IP 192.168.0.1
	  Client-Ethernet-Address 34:13:e8:37:2c:06
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: ACK
	    Server-ID Option 54, length 4: 192.168.0.1
	    Lease-Time Option 51, length 4: 86400
	    RN Option 58, length 4: 43200
	    RB Option 59, length 4: 75600
	    Subnet-Mask Option 1, length 4: 255.255.255.0
	    BR Option 28, length 4: 192.168.0.255
	    Hostname Option 12, length 5: "t450s"
	    Domain-Name Option 15, length 4: "home"
	    Domain-Name-Server Option 6, length 8: 192.168.0.24,192.168.0.1
	    Default-Gateway Option 3, length 4: 192.168.0.1

already tried rebooting my laptop, the router, and the dns server on pihole.

1 Like

Check the connection parameters:

PAGER= nmcli connection show id CON_NAME
IP4.ADDRESS[1]:                         192.168.0.205/24
IP4.GATEWAY:                            192.168.0.1
IP4.ROUTE[1]:                           dst = 0.0.0.0/0, nh = 192.168.0.1, mt = 600
IP4.ROUTE[2]:                           dst = 192.168.0.0/24, nh = 0.0.0.0, mt = 600
IP4.DNS[1]:                             192.168.0.24
IP4.DNS[2]:                             192.168.0.1
IP4.DOMAIN[1]:                          home

Suddenly it works now! Thanks for all the help! I did not change anything though, just rebooted everything again.

1 Like

The relevant domain-related parameters in my case:

ipv4.method:                            auto
ipv4.dns:                               --
ipv4.dns-search:                        --
ipv4.dns-options:                       --
ipv4.dns-priority:                      0
ipv4.ignore-auto-dns:                   no
IP4.DOMAIN[1]:                          lan
DHCP4.OPTION[2]:                        domain_name = lan

Note that systemd-resolved ignores the domain if you activate another connection such as VPN with a negative DNS priority.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.