Dnf times out

Ask Fedora
,
1

hello fedora community! i can ping mirrors.fedoraproject.org and repeated traceroute to it shows nothing abnormal, i.e. no timeouts, no errors. dns.conf is set to use the fastest mirror. i don’t know when exactly this started but it is now just timing out and can’t get any updates. is there a known issue that I can’t locate? do you have any suggestions on how to troubleshoot this?

Fedora 37 - x86_64                                                                                                                                            0.0  B/s |   0  B     05:59    
Errors during downloading metadata for repository 'fedora':
  - Curl error (28): Timeout was reached for https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64 [Failed to connect to mirrors.fedoraproject.org port 443 after 29972 ms: Connection timed out]
  - Curl error (28): Timeout was reached for https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64 [Failed to connect to mirrors.fedoraproject.org port 443 after 29973 ms: Connection timed out]
  - Curl error (28): Timeout was reached for https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64 [Failed to connect to mirrors.fedoraproject.org port 443 after 29971 ms: Connection timed out]
Error: Failed to download metadata for repo 'fedora': Cannot prepare internal mirrorlist: Curl error (28): Timeout was reached for https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64 [Failed to connect to mirrors.fedoraproject.org port 443 after 29972 ms: Connection timed out]
2

For me it works.
Can you curl the url?

curl https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64

You may want to check the output of a command like:
curl -vvv --trace-time --connect-timeout 60 https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64

Is there a proxy between?

2 Likes
3

That could well be something temporary with the mirror manager. Just try again in a few minutes. It’s working for me…

2 Likes
4

Thanks @huben . There is no proxy but I saw that it was set to automatic and I changed it to disabled just in case: The result is the same. The verbose curl output hangs at below stage after the tls handshake output

11:29:27.633591 *   Trying 8.43.85.67:443...
11:29:27.657055 * Connected to mirrors.fedoraproject.org (8.43.85.67) port 443 (#0)
11:29:27.666063 * ALPN: offers h2
11:29:27.666188 * ALPN: offers http/1.1
11:29:27.760181 *  CAfile: /etc/pki/tls/certs/ca-bundle.crt
11:29:27.760328 *  CApath: none
11:29:27.760935 * TLSv1.0 (OUT), TLS header, Certificate Status (22):
11:29:27.761057 * TLSv1.3 (OUT), TLS handshake, Client hello (1):
11:29:27.826138 * TLSv1.2 (IN), TLS header, Certificate Status (22):
11:29:27.826306 * TLSv1.3 (IN), TLS handshake, Server hello (2):
11:29:27.827134 * TLSv1.2 (IN), TLS header, Finished (20):
11:29:27.827270 * TLSv1.2 (IN), TLS header, Supplemental data (23):
11:29:27.827504 * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
11:29:27.827680 * TLSv1.2 (IN), TLS header, Supplemental data (23):
11:29:27.827839 * TLSv1.3 (IN), TLS handshake, Certificate (11):
11:29:27.835059 * TLSv1.2 (IN), TLS header, Supplemental data (23):
11:29:27.835220 * TLSv1.3 (IN), TLS handshake, CERT verify (15):
11:29:27.835729 * TLSv1.2 (IN), TLS header, Supplemental data (23):
11:29:27.835885 * TLSv1.3 (IN), TLS handshake, Finished (20):
11:29:27.836101 * TLSv1.2 (OUT), TLS header, Finished (20):
11:29:27.836203 * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
11:29:27.836382 * TLSv1.2 (OUT), TLS header, Supplemental data (23):
11:29:27.836537 * TLSv1.3 (OUT), TLS handshake, Finished (20):
11:29:27.836768 * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
11:29:27.836865 * ALPN: server accepted h2
11:29:27.836970 * Server certificate:
11:29:27.837087 *  subject: C=US; ST=North Carolina; L=Raleigh; O=Red Hat, Inc.; CN=*.fedoraproject.org
11:29:27.837224 *  start date: Jan 16 00:00:00 2023 GMT
11:29:27.837327 *  expire date: Jan 16 23:59:59 2024 GMT
11:29:27.837468 *  subjectAltName: host "mirrors.fedoraproject.org" matched cert's "*.fedoraproject.org"
11:29:27.837612 *  issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G3 TLS ECC SHA384 2020 CA1
11:29:27.837733 *  SSL certificate verify ok.
11:29:27.837887 * Using HTTP2, server supports multiplexing
11:29:27.837992 * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
11:29:27.838120 * TLSv1.2 (OUT), TLS header, Supplemental data (23):
11:29:27.838298 * TLSv1.2 (OUT), TLS header, Supplemental data (23):
11:29:27.838470 * TLSv1.2 (OUT), TLS header, Supplemental data (23):
11:29:27.838661 * h2h3 [:method: GET]
11:29:27.838769 * h2h3 [:path: /metalink?repo=fedora-37]
11:29:27.838867 * h2h3 [:scheme: https]
11:29:27.838986 * h2h3 [:authority: mirrors.fedoraproject.org]
11:29:27.839085 * h2h3 [user-agent: curl/7.85.0]
11:29:27.839190 * h2h3 [accept: */*]
11:29:27.839333 * Using Stream ID: 1 (easy handle 0x556783514460)
11:29:27.839505 * TLSv1.2 (OUT), TLS header, Supplemental data (23):
11:29:27.839664 > GET /metalink?repo=fedora-37 HTTP/2
11:29:27.839664 > Host: mirrors.fedoraproject.org
11:29:27.839664 > user-agent: curl/7.85.0
11:29:27.839664 > accept: */*
11:29:27.839664 > 
11:29:27.855805 * TLSv1.2 (IN), TLS header, Supplemental data (23):
11:29:27.856074 * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
11:29:27.856318 * TLSv1.2 (IN), TLS header, Supplemental data (23):
11:29:27.856527 * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
11:29:27.856706 * old SSL session ID is stale, removing
11:29:27.856834 * TLSv1.2 (IN), TLS header, Supplemental data (23):
11:29:27.856992 * TLSv1.2 (OUT), TLS header, Supplemental data (23):
11:29:27.857223 * TLSv1.2 (IN), TLS header, Supplemental data (23):
11:29:27.865492 * TLSv1.2 (IN), TLS header, Supplemental data (23):
11:29:27.865848 < HTTP/2 200 
11:29:27.865992 < x-frame-options: SAMEORIGIN
11:29:27.866122 < x-xss-protection: 1; mode=block
11:29:27.866234 < x-content-type-options: nosniff
11:29:27.866351 < referrer-policy: same-origin
11:29:27.866511 < content-type: application/metalink+xml
11:29:27.866646 < content-length: 304
11:29:27.866776 < date: Thu, 09 Mar 2023 16:29:27 GMT
11:29:27.866907 < apptime: D=1515
11:29:27.867016 < x-fedora-proxyserver: proxy14.fedoraproject.org
11:29:27.867143 < x-fedora-requestid: ZAoJZxS3-APxAOswO0qHmQAAVgU
11:29:27.867263 < server: Apache
11:29:27.867379 < 
<?xml version="1.0" encoding="utf-8"?>
<metalink version="3.0" xmlns="http://www.metalinker.org/" type="dynamic" pubdate="Thu, 09 Mar 2023 16:29:27 GMT" generator="mirrormanager" xmlns:mm0="http://fedorahosted.org/mirrormanager">
<!-- # either path=, or repo= and arch= must be specified
-->
</metalink>
11:29:27.867612 * Connection #0 to host mirrors.fedoraproject.org left intact
5

From the corl output, it seems to work.
You get the status code 200, connected, however mine looks like this:
HTTP/1.1 200 OK (its another http version)

But I can’t really see anything in your output.
It’s all in that second.

Maybe as Flo said, waiting a bit, trying it later.

proxy14.fedoraproject.org

→ Probaly is a reverse proxy that might be busy

6

thanks Ben! i updated the curl output so it shows the entirety of it in case there was something that you needed to see. As for this being transitory, I have been trying to fix the same problem for the last 48 hours so it has something to do with my setup since you both are able to access it. In the meantime, if you guys can think of any other possibilities, I’d very much love to hear it. thanks both for your time!

7

This might be a region specific issue.
You can try using baseurl instead of metalink:

sudo sed -i -e "
/^#baseurl=/s/^#//
/^metalink=/s/^/#/
" /etc/yum.repos.d/fedora{,-updates}.repo
8

A restart of the system did the trick. Unfortunately, I have no clue on the root cause now but it is working. Thank you all for the help!

1 Like