Changing DNS server

Ask Fedora
, , , ,
1

Hi guys,

I’m new to all this linux thing, and I’m currently using fedora38.
So my problem is after I run sudo dnf upgrade command it shows curl error 6, and I’ve read that is DNS problem, but I don’t know how to change my DNS. And I’ve used the settings, but I don’t think it’s working correctly.
So, any helps that I can get from you guys?

2

Personally I recommend you use the default dns that should be configured by your dhcp server/router when you connect.

To check if it is dns then open a terminal window and do the following.
ping -c 5 google.com. If it begins returning a response then dns is working properly. If not then it should give an error message.

If the ping fails above then check network connection with ping -c 5 8.8.8.8

If the ping works with hostname then dns is working. If it only works with the ip address then dns is not working properly and we will need more info. If neither work then it seems something else is wrong.

1 Like
3

Please include exact error message you have got, if it is possible. Ideally whole command output, including parameters used and all messages it printed. Into preformatted text box. Like this, basic network status from nmcli:

$ nmcli 
enp9s0u1: connected to Drátové připojení Dock
        "Lenovo ThinkPad TBT3"
        ethernet (r8152), 00:50:B6:B4:17:B2, hw, mtu 1500
        ip4 default, ip6 default
        inet4 10.43.2.229/24
        route4 10.43.2.0/24 metric 100
        route4 default via 10.43.2.254 metric 100
        inet6 2620:52:0:2b02:b3ba:7320:65f8:1fff/64
        inet6 fe80::b2f:65c5:d743:524b/64
        route6 fe80::/64 metric 1024
        route6 2620:52:0:2b02::/64 metric 100
        route6 default via fe80::2aa2:4b00:645f:dfc1 metric 20100

enp0s31f6: unavailable
        "Intel I219-LM"
        ethernet (e1000e), XX:75:A4:XX:XX:XX, hw, mtu 1500

lo: unmanaged
        "lo"
        loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536

DNS configuration:
        servers: 10.0.0.15 10.0.0.26
        domains: redhat.com
        interface: enp9s0u1

        servers: 10.0.1.245 10.0.1.245

I don’t think you want or need to change DNS. First, you should know what exactly is wrong. Try curl -v to example.org and share the output:

$ curl -v https://example.org
*   Trying 2606:2800:220:1:248:1893:25c8:1946:443...
* connect to 2606:2800:220:1:248:1893:25c8:1946 port 443 failed: Síť není dostupná
*   Trying 93.184.216.34:443...
* Connected to example.org (93.184.216.34) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=Los Angeles; O=Internet�Corporation�for�Assigned�Names�and�Numbers; CN=www.example.org
*  start date: Jan 13 00:00:00 2023 GMT
*  expire date: Feb 13 23:59:59 2024 GMT
*  subjectAltName: host "example.org" matched cert's "example.org"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: example.org]
* h2h3 [user-agent: curl/7.85.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x55d27fcf0540)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: example.org
> user-agent: curl/7.85.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200 
< age: 406934
< cache-control: max-age=604800
< content-type: text/html; charset=UTF-8
< date: Tue, 31 Oct 2023 18:09:53 GMT
< etag: "3147526947+gzip+ident"
< expires: Tue, 07 Nov 2023 18:09:53 GMT
< last-modified: Thu, 17 Oct 2019 07:18:26 GMT
< server: ECS (dcb/7EA2)
< vary: Accept-Encoding
< x-cache: HIT
< content-length: 1256
< 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
<!doctype html>
<html>
<head>
    <title>Example Domain</title>

    <meta charset="utf-8" />
    <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <style type="text/css">
    body {
        background-color: #f0f0f2;
        margin: 0;
        padding: 0;
        font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
        
    }
    div {
        width: 600px;
        margin: 5em auto;
        padding: 2em;
        background-color: #fdfdff;
        border-radius: 0.5em;
        box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02);
    }
    a:link, a:visited {
        color: #38488f;
        text-decoration: none;
    }
    @media (max-width: 700px) {
        div {
            margin: 0 auto;
            width: auto;
        }
    }
    </style>    
</head>

<body>
<div>
    <h1>Example Domain</h1>
    <p>This domain is for use in illustrative examples in documents. You may use this
    domain in literature without prior coordination or asking for permission.</p>
    <p><a href="https://www.iana.org/domains/example">More information...</a></p>
</div>
</body>
</html>
* Connection #0 to host example.org left intact

That provides a lot of content, but can be debugged. If the machine you are trying has no working connection altogether, try appending >command_output.txt to the command. That saves output into file, which you can upload to flash drive and share from a working system. At least photo of error would be much more helping than describing it as “curl error 6”.

If you are unsure whether you have got working connectivity, share output of these commands:

  • ip address
  • ip route
  • resolvectl
  • ping -c 5 _gateway

If you are sure you want to change dns servers permanently for this connection, nmcli connection edit $CONNECTION_ID, followed by set ipv4.dns 8.8.8.8 and activate should help. But usually autoconfiguration is the best option unless you know what and why you are doing. Network settings applet allows similar thing.

4

Screenshot from 2023-10-31 23-50-48
Screenshot from 2023-10-31 23-50-48868×651 44.8 KB

so this is what is says

5

What about trying this as asked above?

6

So agree, first check if the issue is somewhere else. But if you do need or want to change the DNS server (also for privacy reasons, you can do this:

sudo -i

mkdir /etc/systemd/resolved.conf.d
cp /etc/systemd/resolved.conf /etc/systemd/resolved.conf.d/override1.conf
# you should not change the original but create an override like this
nano /etc/systemd/resolved.conf.d/override1.conf

In here you can change the default DNS server to something you want. Privacytools List for encrypted DNS Servers, German PrivacyHandbuch for Europe Servers.

Example:

DNS=94.140.14.14 2a10:50c0::ad1:ff 94.140.15.15 2a10:50c0::ad2:ff
FallbackDNS=194.242.2.3 2a07:e340::3 194.242.2.4 2a07:e340::4

Cite from manpage: "A space-separated list of IPv4 and IPv6 addresses to use as system DNS servers. "

Of course you can also try 1.1.1.1, 9.9.9.9 or the like, but they are not any good for privacy, just for testing.

Manpage for resolved.conf

Know that when using a private DNS captive portals mostly dont work anymore.

Edit: Did this solve the problem?

7

What is status of your network connection? What is reported by nmcli general and resolvectl commands?

Best analysis of DNS connectivity would be with dig command. What would dig mirrors.fedoraproject.org command print? Will dig @8.8.8.8 mirrors.fedoraproject.org work better? If yes, then changing DNS servers would help you.

8

This is quite old so I cannot edit this.

For security reasons you should not use “sudo nano” but instead “sudoedit”.

This copies the file to an unprivileged directory, you edit it there, and when closing the file it moves it to the privileged directory again.