DNF and Firefox take extreemly long to start when VPN active on f40?

Hi

I upgraded from 39 to 40 and have an odd issue. I’m new to linux diagnosis.

• dnf upgrade takes 5mins at-least to load/start. However once its pulled the updates they DL at normal speed;
• Firefox takes 5mins to start. (Once its started pages load quite quickly)

I discovered the issues are occurring if my VPN Windscribe is activated! My VPN loads and connects on boot. If however I disconnect the VPN then firefox loads instantly as does DNF.
What would be causing this?

I found this post:

“Looks like the default /etc/hosts file is miss-configured changing it to the below fixes the issue 127.0.0.1 localhost 127.0.1.1 hostname(change me to whatever you set your host name to)”

I’m not sure however if this is the issue? Any assistance greatly appreciated!

My guess is that your VPN configuration makes DNS lookups be very slow.
That would likely be a misconfigured VPN if that is the case.

You can test DNS lookups using resolvectl.
Try resolvectl query google.com. Does that get you an answer quickly?

You can also get resolvectl to report on the DNS configuration on your system with resolvectl status.

Compare what resolvectl reports with and without your VPN running.

resolvectl query google.com

• without VPN: 221ms
• with VPN: 34.6ms
  (I’ve ran this a few times and consistent the VPN is quicker to resolve google.com)

DNS config:

Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (eno1)
Current Scopes: none
Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlp0s20f3)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.178.1
DNS Servers: 192.168.178.1
DNS Domain: fritz.box

Link 5 (utun420)
Current Scopes: DNS
Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.255.255.4
DNS Servers: 10.255.255.4
DNS Domain: ~.

Try moving myhostname before resolve in /etc/nsswitch.conf and check this:

time getent hosts ${HOSTNAME}
grep -e ^hosts: /etc/nsswitch.conf

WOW - this actually worked!
Originally:
hosts: files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] myhostname dns
now:
hosts: files mdns4_minimal [NOTFOUND=return] myhostname dns resolve [!UNAVAIL=return]

Can you please indicate what this change does? I generally don’t like making changes like this without knowing how it impacts the system, security, etc?

Both DNS and Firefox start instantly!

I’m not sure what to do here? Are these commands to be run? I only noticed this edit after making the above changes.

EDIT:

Ran those commands:
time getent hosts $(hostnamectl hostname)

eal 0m0.102s
user 0m0.003s
sys 0m0.008s

and
grep -e ^hosts: /etc/nsswitch.conf

hosts: files mdns4_minimal [NOTFOUND=return] myhostname dns resolve [!UNAVAIL=return]

This increases the priority of the nss-myhostname module designed to resolve the local system hostname, which is mentioned in the topic you linked.

Just for reference.
Might be related to this mention in the release notes: Authselect minimal profile replaced by local

If @spaghettiwestern manually edited the nsswitch.conf file, will it be over-written on reboots. Top of the file says there is risk it’ll be overwritten if manually changed?

If that works, you can make it persistent:

sudo authselect create-profile local -b=local \
    --symlink-meta --symlink-pam --symlink-dconf
sudo sed -i -e "/^hosts:/{s/ myhostname//;s/ files/& myhostname/}" \
    /etc/authselect/custom/local/nsswitch.conf 
sudo authselect select custom/local with-mdns4 with-silent-lastlog -f

thank you for the discussion here. I also experienced extremely slow startup of firefox after installing f40. I always use VPN and I did not have this issue in f39 and before. the fixes as described by vgaetera (both the temporary and the persistent one) solve the issue for me

I manually edited the .conf and at the time noticed it saud the changes may not persist. So far, they have not been overwritten. If it occurs and the issue persist ill run the persistent commands discussed.
This change, interestingly, has sped up DNF over my other machines which do not use a VPN or ever had the issue discussed.

I’m still on fedora 39 and was having the same issue reported here, so maybe this is not related to the problem, or just made a preexisting problem even worse.