Container host has DNS, but container does not?

Not sure how to troubleshoot this. But my container host has this in the DNS:

# resolvectl status
Global
         Protocols: LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=yes/supported
  resolv.conf mode: foreign
Current DNS Server: 9.9.9.9
       DNS Servers: 9.9.9.9

Link 2 (eth0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=yes/supported

I start my container with:

podman run --dns 9.9.9.9 --rm -it fedora cat /etc/resolv.conf
nameserver 9.9.9.9

And as you can see it uses 9.9.9.9 for DNS, but dnf cannot resolve any URLs.

This container host is freshly installed. firewall-cmd has log-denied messages on, I see nothing blocked by the firewall. Forwarding is on in firewalld. I also enabled net.ipv4.ip_forward = 1 as a test with net.ipv6.conf.all.forwarding = 1, but no difference.

Anything else I should check?

Super odd. But when using --dns 8.8.8.8 the container does have DNS. Since I’m happy it works and don’t have time to find out why, I’ll leave it like this for now. It’s strange, since the container host can use 9.9.9.9, so there is no upstream filtering going on.