DNF not working behind a proxy

ploffeler · January 27, 2023, 6:12pm

I’ve been trying to figure this out for a few days now and was hoping someone here could help me before I end up re-installing my OS and spending another 3 hours setting everything back up again.

I cannot, for the life of me, get sudo dnf update to work for ANY repo, regardless of settings I’ve tried. dnf was working before a recent Fedora37 update, and now things seem to be broken.

Here’s an example of what the dnf error looks like:

Errors during downloading metadata for repository 'fedora':
  - Curl error (28): Timeout was reached for https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64 [Proxy CONNECT aborted due to timeout]
Error: Failed to download metadata for repo 'fedora': Cannot prepare internal mirrorlist: Curl error (28): Timeout was reached for https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64 [Proxy CONNECT aborted due to timeout]

Here’s what I see in the dnf.log file:

2023-01-27T11:59:13-0600 DEBUG error: Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64 [Could not resolve host: mirrors.fedoraproject.org] (https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64).
2023-01-27T11:59:13-0600 WARNING Errors during downloading metadata for repository 'fedora':
  - Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64 [Could not resolve host: mirrors.fedoraproject.org]
2023-01-27T11:59:13-0600 DDEBUG Cleaning up.
2023-01-27T11:59:13-0600 SUBDEBUG 
Traceback (most recent call last):
  File "/usr/lib/python3.11/site-packages/dnf/repo.py", line 573, in load
    ret = self._repo.load()
          ^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.11/site-packages/libdnf/repo.py", line 331, in load
    return _repo.Repo_load(self)
           ^^^^^^^^^^^^^^^^^^^^^
libdnf._error.Error: Failed to download metadata for repo 'fedora': Cannot prepare internal mirrorlist: Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64 [Could not resolve host: mirrors.fedoraproject.org]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.11/site-packages/dnf/cli/main.py", line 67, in main
    return _main(base, args, cli_class, option_parser_class)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/dnf/cli/main.py", line 106, in _main
    return cli_run(cli, base)
           ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/dnf/cli/main.py", line 122, in cli_run
    cli.run()
  File "/usr/lib/python3.11/site-packages/dnf/cli/cli.py", line 1057, in run
    return self.command.run()
           ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/dnf/cli/commands/makecache.py", line 50, in run
    return self.base.update_cache(timer)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/dnf/base.py", line 377, in update_cache
    self.fill_sack(load_system_repo=False, load_available_repos=True)  # performs the md sync
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/dnf/base.py", line 406, in fill_sack
    self._add_repo_to_sack(r)
  File "/usr/lib/python3.11/site-packages/dnf/base.py", line 141, in _add_repo_to_sack
    repo.load()
  File "/usr/lib/python3.11/site-packages/dnf/repo.py", line 580, in load
    raise dnf.exceptions.RepoError(str(e))
dnf.exceptions.RepoError: Failed to download metadata for repo 'fedora': Cannot prepare internal mirrorlist: Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64 [Could not resolve host: mirrors.fedoraproject.org]
2023-01-27T11:59:13-0600 CRITICAL Error: Failed to download metadata for repo 'fedora': Cannot prepare internal mirrorlist: Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64 [Could not resolve host: mirrors.fedoraproject.org]

I can run curl https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64 normally and I get a valid response, so it doesn’t seem like my proxies or certificates are messed up (although I’m on a corporate network with a proxy and certificates, so it’s possible):

curl https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64
[1] 6636
[user@system log]$ <?xml version="1.0" encoding="utf-8"?>
<metalink version="3.0" xmlns="http://www.metalinker.org/" type="dynamic" pubdate="Fri, 27 Jan 2023 18:07:43 GMT" generator="mirrormanager" xmlns:mm0="http://fedorahosted.org/mirrormanager">
<!-- # either path=, or repo= and arch= must be specified
-->
</metalink>

I’ve tried a bunch of combinations of things for the dnf.conf file (proxy, ssl insecure, fastestmirror, zchunk). Nothing seems to make a difference. I’ve tried on different days, I’ve rebooted about 5 times, nothing.

ploffeler · January 27, 2023, 6:16pm

I should note that every other network-related thing I do still works: web browser, git, curl, samba share, etc.

computersavvy · January 27, 2023, 7:40pm

Have you checked with corporate IT to see if they may have made some changes that now block your updates?

ploffeler · January 30, 2023, 6:25pm

If this is the case, I shouldn’t be able to ‘curl’ the URL and get a valid response… right?

ploffeler · May 4, 2023, 5:01pm

Same issue on Fedora 38. I guess Fedora has become unusable to me. Very disappointing. At least apt works on debian-based systems.

vgaetera · May 4, 2023, 5:21pm

I used to work in a corporate network with the following configs:

# System-wide profile
sudo tee /etc/profile.d/proxy.sh << "EOF" > /dev/null
PROXY="http://proxy.example.org:3128/"
NOPROXY="10.0.0.0/8,127.0.0.0/8,172.16.0.0/12,\
192.168.0.0/16,::1,localhost,*.example.org"
export ftp_proxy="${PROXY}"
export FTP_PROXY="${PROXY}"
export http_proxy="${PROXY}"
export HTTP_PROXY="${PROXY}"
export https_proxy="${PROXY}"
export HTTPS_PROXY="${PROXY}"
export no_proxy="${NOPROXY}"
export NO_PROXY="${NOPROXY}"
EOF

# DNF
sudo dnf config-manager --save \
    --setopt proxy=http://proxy.example.org:3128/

# PKI
sudo trust anchor --store /path/to/ca.crt
sudo update-ca-trust

ploffeler · May 4, 2023, 6:46pm

Thanks for that concise script. I did set all those manually already (and used your script), but for some reason I get the error above. I also messed with the DNS quite a bit and nothing changed the behavior. I’ve restarted the system a ton after most of my attempts.

Even though curl/wget work on the same repos, even though my web browser works. I can install packages using pip. Pretty much every internet-based thing I can think of I’m able to do except VIA dnf. I’m shocked this hasn’t been fixed since I know dnf is used by many companies. Maybe I’m somehow some crazy anomaly? You’d think reinstalling fedora would fix that but I guess not.

Unfortunately it looks like some change was made to dnf around the beginning of this year that breaks it for me. It’s like it no longer uses the system proxy or DNS or something (even though i’ve set the proxy manually with no luck).

ilikelinux · May 5, 2023, 12:46am

what does the command resolvectl show?