Hello!
I’m coming from OpenSUSE (very briefly) then Arch before that for several years. Neither of which had this problem. To distill it down it takes 5 seconds for applications to resolve DNS addresses. It causes timeouts and problems and generally stunts my browsing. CDNs are not fun with DNS problems. It’s hard to build the Internet when every page you reload is slow.
Here’s a fun kicker: If I turn on ProtonVPN the DNS resolves very fast (less than 100ms in some cases).
As much as I want to be able to run a VPN 24/7, I still want the option to connect without one.
System:
OS: Fedora
Kernel: x86_64 Linux 5.13.8-200.fc34.x86_64
Uptime: 1h 25m
Packages: 1925
Shell: zsh 5.8
Resolution: 3520x1080
DE: GNOME 40.0
WM: Mutter
WM Theme:
GTK Theme: Adwaita-dark [GTK2/3]
Icon Theme: Papirus-Dark
Font: Cantarell 11
Disk: 235G / 960G (25%)
CPU: Intel Core i7-7700HQ @ 8x 3.8GHz [39.0°C]
GPU: Mesa Intel(R) HD Graphics 630 (KBL GT2)
RAM: 4183MiB / 15716MiB
Output of /etc/resolv.conf
:
nameserver 127.0.0.53
options edns0 trust-ad
search du.shawcable.net
(Search du.shawcable.net likely comes automatically from my ISP’s provided wireless gateway/router)
When VPN is off:
resolvectl status
outputs the following. Note the DNS servers. They come from my router configuration. I cannot change the domain the router is providing. I also cannot remove the 64.xx* dns options.
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (wlp2s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 64.59.161.69
DNS Servers: 1.1.1.1 1.0.0.1 64.59.160.15 64.59.161.69
DNS Domain: du.shawcable.net
Link 4 (virbr0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
If I try a resolvectl query fedoraproject.org
it takes 5+ seconds:
fedoraproject.org: 140.211.169.196 -- link: wlp2s0
// Lots of IPv4/IPv6 address. Dig the dead beef, guys - via wlp2s0
-- Information acquired via protocol DNS in 5.2557s.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: network
If I dig I resolve through my local stub.
; <<>> DiG 9.16.19-RH <<>> fedoraproject.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58509
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;fedoraproject.org. IN A
;; ANSWER SECTION:
fedoraproject.org. //lots of IPv4 only addresses...
;; Query time: 451 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Aug 11 11:49:16 PDT 2021
;; MSG SIZE rcvd: 206
If I turn my ProtonVPN ON…
Things work perfectly well
resolvectl status
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Link 2 (wlp2s0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 4 (virbr0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 11 (ipv6leakintrf0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 12 (proton0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.24.0.1
DNS Servers: 10.24.0.1
DNS Domain: ~.
resolvectl query fedoraproject.org
- 105.1ms
fedoraproject.org: 2620:52:3:1:dead:beef:cafe:fed7 -- link: proton0
// Lots more IPv4/6 addresses via link: proton0
-- Information acquired via protocol DNS in 105.1ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: network
dig does the same stub resolution
; <<>> DiG 9.16.19-RH <<>> fedoraproject.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46995
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;fedoraproject.org. IN A
;; ANSWER SECTION:
// Only IPv4 responses
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Aug 11 11:57:08 PDT 2021
;; MSG SIZE rcvd: 206
Apologies for the wall of text.
I wanted to provide as much information as I could. I want to make good use of Fedora without disabling or bypassing its new features. I feel like because the DNS will resolve fast through dig/Proton, I must be some sort of configuration step away from getting to work with my ISP/Cloudflare.
In hindsight I wonder if this is an IPv6 resolution issue?
Any help would be appreciated.