Hi,
On a fresh Fedora 41 Workstation install, I switched from the default
DNS to custom resolvers using nmcli:
nmcli con mod "Wired connection 1" ipv4.dns "1.1.1.1 9.9.9.9"
nmcli con mod "Wired connection 1" ipv4.ignore-auto-dns yes
nmcli con down "Wired connection 1" && nmcli con up "Wired
connection 1"
After this, DNS resolution works for about 30 seconds then stops
completely. Regular browsing dies but ping to IP addresses still
works, so it's clearly DNS only.
Checked resolvectl status and it shows the correct servers (1.1.1.1
and 9.9.9.9). But firewall-cmd --list-all shows the active zone is
FedoraWorkstation, and I suspect firewalld might be interfering with
outgoing DNS on port 53.
If I run systemctl stop firewalld, DNS works fine immediately.
Restarting it breaks DNS again.
I tested from an external tool at https://dnsrobot.net/dns-lookup to
confirm 1.1.1.1 itself responds fine for my domains, so the problem
is definitely local to my machine.
Has anyone seen firewalld on Fedora 41 blocking outgoing DNS queries
to custom resolvers? Is there a specific rule I need to add? I
checked the FedoraWorkstation zone and dns service is listed as
allowed, but it seems like that only covers incoming port 53.
I don't have an answer for you, but note that F41 is past its End-Of-
Life and is no longer supported. Supported versions are F42 and F43.
This may not affect your issue, but you should be aware of it.
poc
I'm not an expert in this sort of process but looking on my F43 system,
by default DNS is not a trusted service in the FedoraWorkstation
Firewall zone and specifying it as a trusted service does not add port
53 into the port ranges for networking needed to communicate with the
machine, so 53 may need to be added into that list, even though if you
look at services port 53 is specified as a port available for all
network services in and out, but I don't know if that is significant.
regards,
BEGIN:VCARD
VERSION:4.0
N:Morris;Stephen;;;
FN:Stephen Morris
EMAIL;PREF=1;TYPE=home:[email protected]
END:VCARD
--
_______________________________________________
users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new
