DNS and Ping Networking Broken Fedora 38

Ask Fedora
, , , ,
1

I’m on Fedora Silverblue 38 desktop but I’m not very advanced at networking.

This question is primarily about Fedora, though my use of ProtonVPN may have caused the original problem.

I was using ProtonVPN on it, but began to have connection troubles. I could ping to 1.1.1.1 but DNS wasn’t working, so I couldn’t use a URL to get to a webpage. ProtonVPN was acting as my DNS. So I uninstalled protonVPN, but now things are much worse.

In the Settings → Network → IPv4, the method is DHCP, I set DNS to be 1.1.1.1 1.0.0.1 with Automatic turned off to see if that would allow me to start using Cloudflare as my DNS.

I manually set /etc/resolv.conf to contain:
nameserver 1.1.1.1
nameserver 1.0.0.1

Rebooting did not help. I’ve followed the instructions in a number of posts with people having similar problems and they did not resolve anything. These posts include:

https://discussion.fedoraproject.org/t/dns-settings-not-working-in-fedora-31/68076/19
https://askubuntu.com/questions/191226/dnsmasq-failed-to-create-listening-socket-for-port-53-address-already-in-use#1170073

I’m connected via ethernet cable and WiFi is turned off.

At this point, the only thing I can only ping my own machine and my router. I cannot use synthing with my phone which is connected to the same router.

$ ping 1.1.1.1
ping: connect: Network is unreachable
$ ping 192.168.8.1 < my router > 
PING 192.168.8.1 (192.168.8.1) 56(84) bytes of data.
64 bytes from 192.168.8.1: icmp_seq=1 ttl=64 time=0.954 ms
...

Other devices connected to this same router via ethernet cable or WiFi have no trouble accessing webpages.

Here are some diagnostics:

$ nmcli con show --active
NAME                      UUID                                  TYPE      DEVICE         
pvpn-ipv6leak-protection  f0e9dd07-bd7b-4d05-a1e6-1054ff3d7507  dummy     ipv6leakintrf0 
enp89s0                   dd6e80aa-6176-3dd6-9d6d-47d9adef35b5  ethernet  enp89s0        
lo                        caf63793-22ec-4cae-bf3c-4e5d16c63788  loopback  lo

It looks like protonVPN left something behind here with its ipv6leak protection.

$ nmcli con show enp89s0
connection.id:                          enp89s0
connection.uuid:                        dd6e80aa-6176-3dd6-9d6d-47d9adef35b5
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              enp89s0
connection.autoconnect:                 yes
connection.autoconnect-priority:        -999
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1690414083
connection.read-only:                   no
connection.permissions:                 --
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 --
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
connection.lldp:                        default
connection.mdns:                        -1 (default)
connection.llmnr:                       -1 (default)
connection.dns-over-tls:                -1 (default)
connection.mptcp-flags:                 0x0 (default)
connection.wait-device-timeout:         -1
connection.wait-activation-delay:       -1
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:                  --
802-3-ethernet.auto-negotiate:          no
802-3-ethernet.mac-address:             --
802-3-ethernet.cloned-mac-address:      --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist:   --
802-3-ethernet.mtu:                     auto
802-3-ethernet.s390-subchannels:        --
802-3-ethernet.s390-nettype:            --
802-3-ethernet.s390-options:            --
802-3-ethernet.wake-on-lan:             default
802-3-ethernet.wake-on-lan-password:    --
802-3-ethernet.accept-all-mac-addresses:-1 (default)
ipv4.method:                            auto
ipv4.dns:                               1.1.1.1,1.0.0.1
ipv4.dns-search:                        --
ipv4.dns-options:                       --
ipv4.dns-priority:                      0
ipv4.addresses:                         --
ipv4.gateway:                           --
ipv4.routes:                            --
ipv4.route-metric:                      -1
ipv4.route-table:                       0 (unspec)
ipv4.routing-rules:                     --
ipv4.replace-local-rule:                -1 (default)
ipv4.ignore-auto-routes:                yes
ipv4.ignore-auto-dns:                   yes
ipv4.dhcp-client-id:                    --
ipv4.dhcp-iaid:                         --
ipv4.dhcp-timeout:                      0 (default)
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.dhcp-fqdn:                         --
ipv4.dhcp-hostname-flags:               0x0 (none)
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv4.required-timeout:                  -1 (default)
ipv4.dad-timeout:                       -1 (default)
ipv4.dhcp-vendor-class-identifier:      --
ipv4.link-local:                        0 (default)
ipv4.dhcp-reject-servers:               --
ipv4.auto-route-ext-gw:                 -1 (default)
ipv6.method:                            auto
ipv6.dns:                               2606:4700:4700::1111,2606:4700:4700::1001
ipv6.dns-search:                        --
ipv6.dns-options:                       --
ipv6.dns-priority:                      0
ipv6.addresses:                         --
ipv6.gateway:                           --
ipv6.routes:                            --
ipv6.route-metric:                      -1
ipv6.route-table:                       0 (unspec)
ipv6.routing-rules:                     --
ipv6.replace-local-rule:                -1 (default)
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   yes
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.required-timeout:                  -1 (default)
ipv6.ip6-privacy:                       -1 (unknown)
ipv6.addr-gen-mode:                     eui64
ipv6.ra-timeout:                        0 (default)
ipv6.mtu:                               auto
ipv6.dhcp-duid:                         --
ipv6.dhcp-iaid:                         --
ipv6.dhcp-timeout:                      0 (default)
ipv6.dhcp-send-hostname:                yes
ipv6.dhcp-hostname:                     --
ipv6.dhcp-hostname-flags:               0x0 (none)
ipv6.auto-route-ext-gw:                 -1 (default)
ipv6.token:                             --
proxy.method:                           none
proxy.browser-only:                     no
proxy.pac-url:                          --
proxy.pac-script:                       --
GENERAL.NAME:                           enp89s0
GENERAL.UUID:                           dd6e80aa-6176-3dd6-9d6d-47d9adef35b5
GENERAL.DEVICES:                        enp89s0
GENERAL.IP-IFACE:                       enp89s0
GENERAL.STATE:                          activated
GENERAL.DEFAULT:                        no
GENERAL.DEFAULT6:                       no
GENERAL.SPEC-OBJECT:                    --
GENERAL.VPN:                            no
GENERAL.DBUS-PATH:                      /org/freedesktop/NetworkManager/ActiveConnection/5
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/Settings/4
GENERAL.ZONE:                           --
GENERAL.MASTER-PATH:                    --
IP4.ADDRESS[1]:                         192.168.8.150/24
IP4.GATEWAY:                            --
IP4.ROUTE[1]:                           dst = 192.168.8.0/24, nh = 0.0.0.0, mt = 100
IP4.DNS[1]:                             1.1.1.1
IP4.DNS[2]:                             1.0.0.1
DHCP4.OPTION[1]:                        broadcast_address = 192.168.8.255
DHCP4.OPTION[2]:                        dhcp_client_identifier = 01:1c:69:7a:ab:a9:73
DHCP4.OPTION[3]:                        dhcp_lease_time = 43200
DHCP4.OPTION[4]:                        dhcp_server_identifier = 192.168.8.1
DHCP4.OPTION[5]:                        domain_name = lan
DHCP4.OPTION[6]:                        domain_name_servers = 192.168.8.1
DHCP4.OPTION[7]:                        expiry = 1690457283
DHCP4.OPTION[8]:                        host_name = silverblue38
DHCP4.OPTION[9]:                        ip_address = 192.168.8.150
DHCP4.OPTION[10]:                       next_server = 192.168.8.1
DHCP4.OPTION[11]:                       requested_broadcast_address = 1
DHCP4.OPTION[12]:                       requested_domain_name = 1
DHCP4.OPTION[13]:                       requested_domain_name_servers = 1
DHCP4.OPTION[14]:                       requested_domain_search = 1
DHCP4.OPTION[15]:                       requested_host_name = 1
DHCP4.OPTION[16]:                       requested_interface_mtu = 1
DHCP4.OPTION[17]:                       requested_ms_classless_static_routes = 1
DHCP4.OPTION[18]:                       requested_nis_domain = 1
DHCP4.OPTION[19]:                       requested_nis_servers = 1
DHCP4.OPTION[20]:                       requested_ntp_servers = 1
DHCP4.OPTION[21]:                       requested_rfc3442_classless_static_routes = 1
DHCP4.OPTION[22]:                       requested_root_path = 1
DHCP4.OPTION[23]:                       requested_routers = 1
DHCP4.OPTION[24]:                       requested_static_routes = 1
DHCP4.OPTION[25]:                       requested_subnet_mask = 1
DHCP4.OPTION[26]:                       requested_time_offset = 1
DHCP4.OPTION[27]:                       requested_wpad = 1
DHCP4.OPTION[28]:                       routers = 192.168.8.1
DHCP4.OPTION[29]:                       subnet_mask = 255.255.255.0
IP6.ADDRESS[1]:                         fdcb:b03f:c0b:10::7b9/128
IP6.ADDRESS[2]:                         fdcb:b03f:c0b:10:1e69:7aff:feab:a973/64
IP6.ADDRESS[3]:                         fe80::1e69:7aff:feab:a973/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 1024
IP6.ROUTE[2]:                           dst = fdcb:b03f:c0b:10::/64, nh = ::, mt = 100
IP6.ROUTE[3]:                           dst = fdcb:b03f:c0b::/48, nh = fe80::9683:c4ff:fe09:d882, mt = 100
IP6.ROUTE[4]:                           dst = fdcb:b03f:c0b:10::7b9/128, nh = ::, mt = 100
IP6.DNS[1]:                             2606:4700:4700::1111
IP6.DNS[2]:                             2606:4700:4700::1001
DHCP6.OPTION[1]:                        dhcp6_client_id = 00:04:4d:b9:cf:08:79:5b:80:4c:4f:01:44:9c:1e:17:64:57
DHCP6.OPTION[2]:                        dhcp6_name_servers = fdcb:b03f:c0b:10::1
DHCP6.OPTION[3]:                        iaid = 64:04:95:7c
DHCP6.OPTION[4]:                        ip6_address = fdcb:b03f:c0b:10::7b9


$ dig (after rebooting)
...
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
...

/etc/resolv.conf got written over from earlier

$ ip route
190.168.8.0/24 dev enp89s0 proto kernel scope link src 192.168.8.150 metric 100 

$ dnsmasq
dnsmasq: failed to create listening socket for 127.0.0.1: Permission denied

$ sudo ss -lp "sport = :domain"
[sudo] password for user: 
Netid   State    Recv-Q   Send-Q      Local Address:Port         Peer Address:Port   Process                                       
udp     UNCONN   0        0              127.0.0.54:domain            0.0.0.0:*       users:(("systemd-resolve",pid=6909,fd=18))   
udp     UNCONN   0        0           127.0.0.53%lo:domain            0.0.0.0:*       users:(("systemd-resolve",pid=6909,fd=16))   
tcp     LISTEN   0        4096           127.0.0.54:domain            0.0.0.0:*       users:(("systemd-resolve",pid=6909,fd=19))   
tcp     LISTEN   0        4096        127.0.0.53%lo:domain            0.0.0.0:*       users:(("systemd-resolve",pid=6909,fd=17))

I went through the whole procedure of stopping, disabling and masking systemd-resolved.service but that did not help either.

After half a day trying to fix this myself, I’m pretty lost. I’m hoping for a little help. Thanks very much!

2

At this point, I’m not trying to get protonVPN to work. I just want regular access to the internet.

3

What is shown with the network control panel? If it shows anything then possibly removing (forgetting) the connection then a reboot and reconnecting would work.

4

Thanks very much Jeff!
That solved the inability to ping 1.1.1.1.
Now I just need to solve the DNS problem, as I can’t use a URL to get to any webpage.
I went to https://1.1.1.1/help, and it gives me the following info:

Debug Information:
Connected to 1.1.1.1           No
Using DoH                           No
Using DoT                           No
Using DNS over WARP     No
AS Name                            Checking
AS Number                        Checking

Connectivity to Resolver IP Address
1.1.1.1                                   Yes
1.0.0.1                                   Yes
2606:4700:4700::1111        No
2606:4700:4700::1001       No

Any suggestions?

5

Try first using sudo systemctl restart systemd-resolved.service which will restart the resolver locally and may be all that is required. If that is not adequate then a reboot may fix it.

Also, what is the return from ls -l /etc/resolv.conf and cat /etc/resolv.conf

Finally the output of ip route may be helpful.

6

Thanks Jeff. After restarting systemd-resolved.service, I got the following data:

$ ls -l /etc/resolv.conf 
lrwxrwxrwx. 1 root root 39 Jul 18 22:46 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
(base) [user@silverblue38 ~]$ cat /etc/resolv.conf
 This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
...
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search .

$ ip route
default via 192.168.8.1 dev enp89s0 proto dhcp src 192.168.8.150 metric 100 
default via 192.168.8.1 dev wlo1 proto dhcp src 192.168.8.115 metric 600 
192.168.8.0/24 dev enp89s0 proto kernel scope link src 192.168.8.150 metric 100 
192.168.8.0/24 dev wlo1 proto kernel scope link src 192.168.8.115 metric 600

$ dnsmasq

dnsmasq: failed to create listening socket for 127.0.0.1: Permission denied
7

Also what does resolvectl report? It will tell you what systemd-resolved is configured to use for DNS.

8

Hi Barry,

My ethernet is link2. I’m not exactly sure how to read this.

$ resolvectl
Global
         Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
       DNS Servers: ::1

Link 2 (enp89s0)
    Current Scopes: LLMNR/IPv4 LLMNR/IPv6
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS
                    DNSSEC=no/unsupported

Link 3 (wlo1)
    Current Scopes: LLMNR/IPv4 LLMNR/IPv6
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS
                    DNSSEC=no/unsupported

Link 4 (ipv6leakintrf0)
    Current Scopes: DNS
         Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS
                    DNSSEC=no/unsupported
Current DNS Server: ::1
       DNS Servers: ::1
        DNS Domain: ~.
9

Are you using DHCP?
Looks like DHCP did not provide DNS config.

For example this is what I see on a VM on my home network (172.16.2.254 is my router+dns):

$ resolvectl
Global
         Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub

Link 2 (enp0s5)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 172.16.2.254
       DNS Servers: 172.16.2.254
        DNS Domain: chelsea.private

Oh maybe you are not using DHCP?

On my router (a fedora box) I see a config a bit like yours.
My router is running bind deamon as I do not trust ISP DNS.
That setup is why I have resolve.conf mode: stub I think.

$ resolvectl
Failed to execute 'pager', will try 'less' next: Not a directory
Global
         Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
       DNS Servers: 127.0.0.1

Link 2 (external)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
       DNS Servers: 127.0.0.1
        DNS Domain: chelsea.private

Link 3 (internal)
    Current Scopes: LLMNR/IPv4 LLMNR/IPv6
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
10

Thanks Barry. After I reset my connection above (before you joined the conversation), under Settings → Network → Wired → IPv4, the IPv4 method is Automatic (DHCP), DNS is Automatic and Routes are Automatic.

The router had always worked, and it’s working right now with my macOS machine.

11

This seems the error.
You have 2 interfaces with default routing that is identical. Even if the metric is different the routing conflicts.

I suggest you disconnect either the ethernet interface or the wifi interface (your choice) then check and see if that changes the performance. It has long been known that having 2 different interfaces on the same LAN can cause communication problems.

12

Thanks Jeff, I disconnected WiFi and rebooted. I get the following result from ip route, but still can’t access web pages due to a DNS issue.

$ ip route
default via 192.168.8.1 dev enp89s0 proto dhcp src 192.168.8.150 metric 100
192.168.8.0/24 dev enp89s0 proto kernel scope link src 192.168.8.150 metric 100
13

From Barry’s advice above, it seems at this point that I’m not getting a DNS Server from DHCP, as seen with the resolvectl command.

14

Since ping seems to work one might check the network control panel and possibly add dns servers there with 1.1.1.1, 8.8.8.8, or similar to manually designate the dns servers.

Before adding those though one might disconnect then reconnect the remaining network interface just in case the dual interfaces might have interfered with dhcp.

15

Thanks Jeff. Unfortunately, reconnecting the ethernet cable and adding the 3 DNS addresses manually: 1.1.1.1, 1.0.0.1, 8.8.8.8 with the Automatic button turned off did not help. WiFi is still turned off.

Could this be relevant?

$ dnsmasq

dnsmasq: failed to create listening socket for 127.0.0.1: Permission denied
16

After reconnecting the network and adding those addresses did you restart the resolved service?
sudo systemctl restart systemd-resolved.service

17

I had a lot of issues with protonvpn lately on various flavours of fedora. I contacted support and it seems to be an issue with the last update of the NetworkManager-OpenVpn package. That’s what they told me.
They are also telling me they are working on it.

For now I have a desktop with kde spin where protonvpn mostly works, a laptop with vanilla fedora where protonvpn barely works and a vanilla fedora laptop where protonvpn doesn’t work at all.

Dunno if this helps.

18

Thanks Jeff. I hadn’t restarted the service, but I just did it. Unfortunately, it did not help.

19

Thanks @galure ! Since I have a VPN on my router, I’m just un-installing protonVPN. It’s good to know that it’s an issue they are working on.

20

Oh you have dnsmasq! Yes that is almost certainly very important.

What do want dnsmasq to do for you?