DNS Resolving strange

fritzfreund · April 24, 2025, 8:48pm

So, I’m running Fedora 42 KDE. I am trying to get to a Home Assistant server that I run in the house. There is an external DNS configuration for this as well. However, I can’t log in from Chrome on Fedora but it works fine from other system. Then I tried to ping it…
Someone please explain this to me… It resolves with dig, but not a ping.

fritz@FritzPC:~$ dig assist.freund.house

; <<>> DiG 9.18.35 <<>> assist.freund.house
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13863
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;assist.freund.house.           IN      A

;; ANSWER SECTION:
assist.freund.house.    0       IN      A       192.168.20.30

;; Query time: 2 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Apr 24 14:37:15 MDT 2025
;; MSG SIZE  rcvd: 64

fritz@FritzPC:~$ ping assist.freund.house
PING p73vixj5autepul03jkrr7gzcg9bqzvk.ui.nabu.casa (54.227.162.152) 56(84) bytes of data.
^C
--- p73vixj5autepul03jkrr7gzcg9bqzvk.ui.nabu.casa ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1031ms

fritzfreund · April 24, 2025, 9:00pm

That doesn’t really help all that much I don’t think. With dig, it comes back with the correct IP address. However, if I ping the system I get an external IP address instead of the internal address. Because of this my system won’t load the correct page for HA.

If I ping from a windows machine on the same network, it’s fine. Doesn’t have an issue. I can also access the HA no problem from the windows box.

fritzfreund · April 24, 2025, 9:05pm

Even a Curl shows that it’s using the wrong IP address…

fritz@FritzPC:~$ curl -v https://assist.freund.house
* Host assist.freund.house:443 was resolved.
* IPv6: (none)
* IPv4: 54.227.162.152
*   Trying 54.227.162.152:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
*  CApath: none
* TLS connect error: error:00000000:lib(0)::reason(0)
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to assist.freund.house:443 
* closing connection #0
curl: (35) TLS connect error: error:00000000:lib(0)::reason(0)

fritzfreund · April 24, 2025, 9:52pm

If I add the correct IP address to my hosts file, I can access HA just fine. After some research it seems to have something to do with how Fedora is talking to the DNS server on Home Assistant. Like it doesn’t know that it’s coming from a local system so it doesn’t give a local address, it forwards on the request to external DNS.

vgaetera · April 24, 2025, 11:24pm

Check the output:

resolvectl flush-caches
resolvectl reset-server-features
resolvectl query assist.freund.house
resolvectl status --no-pager
grep -e ^hosts: /etc/nsswitch.conf
grep -v -e ^# -e ^$ /etc/resolv.conf

vwbusguy · April 25, 2025, 12:47am

It’s possible your ISP doesn’t play well with systemd-resolved. Mine doesn’t. Try setting it to 1.1.1.1 and see if you still have issues.

pemensik · September 10, 2025, 7:17pm

Try getent ahosts assist.freund.house. command. Depens what order of hosts: plugins in /etc/nsswitch.conf you have, but systemd-resolved can be answering your response via resolve plugin before it tries DNS protocol. dig tool uses DNS protocol only.

Try getent ahosts -s resolve assist.freund.house. and getent ahosts -s dns assist.freund.house. commands and compare their output. dig + host commands uses only DNS packets. Try resolvectl query assist.freund.house. There is also hostname special synthetization in systemd-resolved or myhostname nss plugin. Is hostname of your machine where you have tried this different from assist.freund.house? Again getent ahosts -s myhostname assist.freund.house might show the ping target IP. hostnamectl command would print hostname of your machine.

The reason for those differences are cause by getaddrinfo system calls using /etc/nsswitch plugins in order they are enabled. But dig uses DNS protocol directly and just reads nameserver address(es) from /etc/resolv.conf. It skips reply. this would be caused by synthetising non-existent answers on localhost, instead of asking the network first.

Could be this caused by different DNS server used by resolvectl and different in /etc/resolv.conf? If you have modified local addresses for domain freund.house. in your local network, I would suggest announcing freund.house from your router DHCP as a dns-search domain. You can also set direct resolvectl domain eth0 ~freund.house domain on your network connection. That would direct your domain to local server, even if you have global DNS server configured. For example with DNS over TLS used.

You can also use nmcli to modify ipv4.dns-search on your connection to make it permanent. At least in Gnome dns-search cannot be set from GUI control panel for network.

pemensik · September 10, 2025, 7:40pm

I would say it depends whether it is asking the correct DNS server. If you have global DNS server configured but want to use server from local interface for this domain, you need to tell it to systemd-resolved by setting freund.house domain on the lan interface. Otherwise it will try to use both global and local DNS servers and cache them randomly. It would not cache the internal response, because it has TTL=0.

Anyway, we need resolvectl status command output to help you with this.

Topic		Replies	Views
DNS resolution broken Ask Fedora f33 , f34 , networking	14	10778	January 17, 2022
Behavior of Fedora DNS and resolv.conf Ask Fedora	9	5825	October 13, 2021
DNS problems after upgrade Fedora 33 Ask Fedora f33	10	8096	February 28, 2021
Name resolution stopped working Ask Fedora	5	1307	June 23, 2019
Flushing DNS cache on Fedora Project Discussion workstation-wg	10	63210	April 20, 2022

DNS Resolving strange

Related topics