I want to change DNS to Cloudflare’s 1.1.1.1 but the settings are not working.
EDIT: I also edited the Resolve.conf file, deleted everything and added:
nameserver 1.1.1.1
nameserver 1.0.0.1
How can I solve this?
I want to change DNS to Cloudflare’s 1.1.1.1 but the settings are not working.
EDIT: I also edited the Resolve.conf file, deleted everything and added:
nameserver 1.1.1.1
nameserver 1.0.0.1
How can I solve this?
Try uncheck Automatic on the right from DNS. Possible reboot or like so.
Thnx for your reply.
I turned off the Automatic option but it still doesn’t work.
Try this, please:
1st:
root# chattr +i /etc/resolv.conf
– the immutable flag.
Thank you but I don’t want to take risks (e.g., update-time breakages)
Is there someone here that has a solution?
Solution from askubuntu does not have this risks. 2nd one does.
Hi,
You need to disable automatic option. Insert your DNS server. Restart to the network device. It will work.
By the way, I want to understand what do you mean “configuration is not working”? Did you try check it with nslookup or dig? Did you try to use nmcli/nmtui or manually change the DNS server in config files.
Please send the output of nmcli con show --active
and nmcli con show "ACTIVE CONNECTION NAME
I changed DNS settings in Network Manager. And I also added them to the resolv.conf file. But I already deleted the resolv.conf file and restarted my PC.
How do you restart the network device?
I checked DNS settings using https://1.1.1.1/help in two different browsers with DNS cache flushed in the browser.
$ nmcli con show --active
NAME UUID TYPE DEVICE
Wired connection 1 2f53f371-de96-3d00-88de-46f2645fabcb ethernet enp2s0
HOME 117e56e6-3d33-479e-a880-553435ecac2e wifi wlp3s0
virbr0 68bb6e91-fd61-4ffd-93f0-3630e3fd470f bridge virbr0
$ nmcli con show "Wired connection 1"
connection.id: Wired connection 1
connection.uuid: 2f53f371-de96-3d00-88de-46f2645fabcb
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: enp2s0
connection.autoconnect: yes
connection.autoconnect-priority: -999
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0 (default)
connection.auth-retries: -1
connection.timestamp: 1579568989
connection.read-only: no
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: unknown
connection.lldp: default
connection.mdns: -1 (default)
connection.llmnr: -1 (default)
lines 1-23
[vits@localhost ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.42.129
[vits@localhost ~]$ sudo systemctl restart NetworkManager
[vits@localhost ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 1.1.1.1
nameserver 1.0.0.1
$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 1.1.1.1
nameserver 1.0.0.1
nameserver 2606:4700:4700::1111
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 2606:4700:4700::1001
Still not showing the correct DNS on https://1.1.1.1/help in two browsers.
By the way, I did receive updates for NetworkManager today (sudo dnf upgrade
). But my DNS settings are not showing on the DNS test page of Cloudflare and also not on http://www.whatsmydnsserver.com/.
Hello,
You sent 23 lines of output. It should be something like 140 lines…So I have not enough data to tell you what the problem exactly. However, I see that you have Two Active connections. Probably your wifi connection “HOME” has higher priority then Wired connection.
dig
in the terminal. You will see something like ; SERVER: 8.8.8.8#53
.I turned off WIFI
$ nmcli con show "Wired connection 1"
connection.id: Wired connection 1
connection.uuid: 2f53f371-de96-3d00-88de-46f2645fabcb
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: enp2s0
connection.autoconnect: yes
connection.autoconnect-priority: -999
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0 (default)
connection.auth-retries: -1
connection.timestamp: 1579664797
connection.read-only: no
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: unknown
connection.lldp: default
connection.mdns: -1 (default)
connection.llmnr: -1 (default)
lines 1-23...skipping...
connection.id: Wired connection 1
connection.uuid: 2f53f371-de96-3d00-88de-46f2645fabcb
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: enp2s0
connection.autoconnect: yes
connection.autoconnect-priority: -999
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0 (default)
connection.auth-retries: -1
connection.timestamp: 1579664797
connection.read-only: no
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: unknown
connection.lldp: default
connection.mdns: -1 (default)
connection.llmnr: -1 (default)
connection.wait-device-timeout: -1
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: no
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist: --
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels: --
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options: --
802-3-ethernet.wake-on-lan: default
lines 1-37
connection.id: Wired connection 1
connection.uuid: 2f53f371-de96-3d00-88de-46f2645fabcb
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: enp2s0
connection.autoconnect: yes
connection.autoconnect-priority: -999
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0 (default)
connection.auth-retries: -1
connection.timestamp: 1579664797
connection.read-only: no
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: unknown
connection.lldp: default
connection.mdns: -1 (default)
connection.llmnr: -1 (default)
connection.wait-device-timeout: -1
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: no
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist: --
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels: --
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options: --
802-3-ethernet.wake-on-lan: default
802-3-ethernet.wake-on-lan-password: --
ipv4.method: auto
ipv4.dns: 1.1.1.1,1.0.0.1
ipv4.dns-search: --
ipv4.dns-options: --
ipv4.dns-priority: 0
ipv4.addresses: --
ipv4.gateway: --
ipv4.routes: --
ipv4.route-metric: -1
ipv4.route-table: 0 (unspec)
ipv4.routing-rules: --
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: yes
ipv4.dhcp-client-id: --
ipv4.dhcp-timeout: 0 (default)
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv4.dad-timeout: -1 (default)
ipv6.method: auto
ipv6.dns: --
ipv6.dns-search: --
ipv6.dns-options: --
ipv6.dns-priority: 0
ipv6.addresses: --
ipv6.gateway: --
ipv6.routes: --
ipv6.route-metric: -1
ipv6.route-table: 0 (unspec)
ipv6.routing-rules: --
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.addr-gen-mode: stable-privacy
ipv6.dhcp-duid: --
ipv6.dhcp-send-hostname: yes
ipv6.dhcp-hostname: --
ipv6.token: --
proxy.method: none
proxy.browser-only: no
proxy.pac-url: --
proxy.pac-script: --
GENERAL.NAME: Wired connection 1
GENERAL.UUID: 2f53f371-de96-3d00-88de-46f2645fabcb
GENERAL.DEVICES: enp2s0
GENERAL.STATE: activated
GENERAL.DEFAULT: yes
GENERAL.DEFAULT6: yes
GENERAL.SPEC-OBJECT: --
GENERAL.VPN: no
GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/1
GENERAL.ZONE: --
GENERAL.MASTER-PATH: --
IP4.ADDRESS[1]: 192.168.1.85/24
IP4.GATEWAY: 192.168.1.1
IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 192.168.1.1, mt = 100
IP4.ROUTE[2]: dst = 192.168.1.0/24, nh = 0.0.0.0, mt = 100
IP4.DNS[1]: 192.168.1.1
DHCP4.OPTION[1]: dhcp_lease_time = 86400
DHCP4.OPTION[2]: dhcp_rebinding_time = 75600
DHCP4.OPTION[3]: dhcp_renewal_time = 43200
DHCP4.OPTION[4]: dhcp_server_identifier = 192.168.1.1
DHCP4.OPTION[5]: domain_name_servers = 192.168.1.1
DHCP4.OPTION[6]: expiry = 1579749098
DHCP4.OPTION[7]: ip_address = 192.168.1.85
DHCP4.OPTION[8]: requested_broadcast_address = 1
DHCP4.OPTION[9]: requested_dhcp_server_identifier = 1
DHCP4.OPTION[10]: requested_domain_name = 1
DHCP4.OPTION[11]: requested_domain_name_servers = 1
DHCP4.OPTION[12]: requested_domain_search = 1
DHCP4.OPTION[13]: requested_host_name = 1
DHCP4.OPTION[14]: requested_interface_mtu = 1
DHCP4.OPTION[15]: requested_ms_classless_static_routes = 1
DHCP4.OPTION[16]: requested_nis_domain = 1
DHCP4.OPTION[17]: requested_nis_servers = 1
DHCP4.OPTION[18]: requested_ntp_servers = 1
DHCP4.OPTION[19]: requested_rfc3442_classless_static_routes = 1
DHCP4.OPTION[20]: requested_root_path = 1
DHCP4.OPTION[21]: requested_routers = 1
DHCP4.OPTION[22]: requested_static_routes = 1
DHCP4.OPTION[23]: requested_subnet_mask = 1
DHCP4.OPTION[24]: requested_time_offset = 1
DHCP4.OPTION[25]: requested_wpad = 1
DHCP4.OPTION[26]: routers = 192.168.1.1
DHCP4.OPTION[27]: subnet_mask = 255.255.255.0
IP6.ADDRESS[1]: fe80::a636:bcc3:eae6:c4f4/64
IP6.GATEWAY: fe80::1
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 100
IP6.ROUTE[2]: dst = ::/0, nh = fe80::1, mt = 20100
IP6.ROUTE[3]: dst = ff00::/8, nh = ::, mt = 256, table=255
IP6.DNS[1]: fe80::1
DHCP6.OPTION[1]: dhcp6_name_servers = fe80::1
lines 102-135/135 (END)
$ nslookup google.com
;; Got recursion not available from 1.1.1.1, trying next server
;; Got recursion not available from 1.0.0.1, trying next server
Server: fe80::1%2
Address: fe80::1%2#53
Non-authoritative answer:
Name: google.com
Address: 216.239.38.120
;; Got recursion not available from 1.1.1.1, trying next server
Name: google.com
Address: 2404:6800:4003:c04::8a
$ dig
; <<>> DiG 9.11.14-RedHat-9.11.14-2.fc31 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19793
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 27
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518322 IN NS a.root-servers.net.
. 518322 IN NS b.root-servers.net.
. 518322 IN NS c.root-servers.net.
. 518322 IN NS d.root-servers.net.
. 518322 IN NS e.root-servers.net.
. 518322 IN NS f.root-servers.net.
. 518322 IN NS g.root-servers.net.
. 518322 IN NS h.root-servers.net.
. 518322 IN NS i.root-servers.net.
. 518322 IN NS j.root-servers.net.
. 518322 IN NS k.root-servers.net.
. 518322 IN NS l.root-servers.net.
. 518322 IN NS m.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 3599997 IN A 198.41.0.4
b.root-servers.net. 3599997 IN A 199.9.14.201
c.root-servers.net. 3599997 IN A 192.33.4.12
d.root-servers.net. 3599997 IN A 199.7.91.13
e.root-servers.net. 3599997 IN A 192.203.230.10
f.root-servers.net. 3599997 IN A 192.5.5.241
g.root-servers.net. 3599997 IN A 192.112.36.4
h.root-servers.net. 3599997 IN A 198.97.190.53
i.root-servers.net. 3599997 IN A 192.36.148.17
j.root-servers.net. 3599997 IN A 192.58.128.30
k.root-servers.net. 3599997 IN A 193.0.14.129
l.root-servers.net. 3599997 IN A 199.7.83.42
m.root-servers.net. 3599997 IN A 202.12.27.33
a.root-servers.net. 3599997 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 3599997 IN AAAA 2001:500:200::b
c.root-servers.net. 3599997 IN AAAA 2001:500:2::c
d.root-servers.net. 3599997 IN AAAA 2001:500:2d::d
e.root-servers.net. 3599997 IN AAAA 2001:500:a8::e
f.root-servers.net. 3599997 IN AAAA 2001:500:2f::f
g.root-servers.net. 3599997 IN AAAA 2001:500:12::d0d
h.root-servers.net. 3599997 IN AAAA 2001:500:1::53
i.root-servers.net. 3599997 IN AAAA 2001:7fe::53
j.root-servers.net. 3599997 IN AAAA 2001:503:c27::2:30
k.root-servers.net. 3599997 IN AAAA 2001:7fd::1
l.root-servers.net. 3599997 IN AAAA 2001:500:9f::42
m.root-servers.net. 3599997 IN AAAA 2001:dc3::35
;; Query time: 21 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Jan 22 12:11:51 WITA 2020
;; MSG SIZE rcvd: 811
As You can see your DNS settings worked. DNS requests follows to 1.1.1.1, and you receive response from 1.1.1.1.
So your problem was active wi fi connection. If you plan to use wi fi with 1.1.1.1, configure it for wi fi connection as well.
If it’s working then how come I still cannot visit Reddit? (which is blocked in this country I’m staying).
I could visit Reddit in Windows 10 using 1.1.1.1 and DNS over HTTPS enabled in Google Chrome and Edge Chromium.
I can also visit Reddit on my phone, which has Android 9 and private DNS 1.1.1.1 Settings > Connections > More connection settings > Private DNS > 1dot1dot1dot.cloudflare-dns.com.
But I cannot visit Reddit on my PC with Firefox (without its custom DNS settings) and Brave.
I cleared history in both browsers. I cleared DNS cache in Brave (brave://net-internals/dns).
And also…
$ nslookup google.com
;; Got recursion not available from 1.1.1.1, trying next server
;; Got recursion not available from 1.0.0.1, trying next server
Server: fe80::1%2
Address: fe80::1%2#53
Non-authoritative answer:
Name: google.com
Address: 216.239.38.120
;; Got recursion not available from 1.1.1.1, trying next server
;; Got recursion not available from 1.0.0.1, trying next server
Name: google.com
Address: 2404:6800:4003:c03::8b
Hello,
Kindly Next time describe what your problem exactly and what is your experience.
I am reviewed all data more attentively.
So just to summarize. Your problem can be divided into two parts:
We need to collect more data. Please send the full output of all the steps below.
For the steps below shutdown wi-fi connection.
ping -c2 192.168.1.1
ping -c2 8.8.8.8
ping -c2 1.1.1.1
nslookup fedoraproject.org
.sudo tcpdump host 1.1.1.1 and port 53
Don’t worry for sudo, It is necessary for packet capturing. It won’t do any changes.dig @1.1.1.1 google.com
Excuse me.
Add -vvn
option after tcpdump
.
Steps 1, 2 and 3:
$ ping -c2 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.537 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.459 ms
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1064ms
rtt min/avg/max/mdev = 0.459/0.498/0.537/0.039 ms
$ ping -c2 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=48 time=31.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=48 time=29.8 ms
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 29.849/30.473/31.098/0.624 ms
$ ping -c2 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=52 time=33.9 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=52 time=33.5 ms
--- 1.1.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 33.489/33.701/33.913/0.212 ms
Step 4:
$ nslookup fedoraproject.org
;; Got recursion not available from 8.8.8.8, trying next server
;; Got recursion not available from 8.8.4.4, trying next server
Server: fe80::1%2
Address: fe80::1%2#53
Non-authoritative answer:
Name: fedoraproject.org
Address: 152.19.134.198
Name: fedoraproject.org
Address: 209.132.181.16
Name: fedoraproject.org
Address: 209.132.181.15
Name: fedoraproject.org
Address: 152.19.134.142
Name: fedoraproject.org
Address: 185.141.165.254
Name: fedoraproject.org
Address: 8.43.85.67
Name: fedoraproject.org
Address: 209.132.190.2
Name: fedoraproject.org
Address: 2620:52:3:1:dead:beef:cafe:fed7
Name: fedoraproject.org
Address: 2610:28:3090:3001:dead:beef:cafe:fed3
Name: fedoraproject.org
Address: 2620:52:3:1:dead:beef:cafe:fed6
Step 5:
$ sudo tcpdump -vvn host 1.1.1.1 and port 53
[sudo] password for m:
dropped privs to tcpdump
tcpdump: listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:41:39.603613 IP (tos 0x0, ttl 64, id 33402, offset 0, flags [none], proto UDP (17), length 79)
192.168.1.85.47445 > 1.1.1.1.domain: [bad udp cksum 0xc44b -> 0x0e3c!] 22262+ [1au] A? google.com. ar: . OPT UDPsize=4096 (51)
10:41:39.609204 IP (tos 0x0, ttl 252, id 37654, offset 0, flags [DF], proto UDP (17), length 83)
1.1.1.1.domain > 192.168.1.85.47445: [udp sum ok] 22262-$ q: A? google.com. 1/0/1 google.com. A 216.239.38.120 ar: . OPT UDPsize=4096 (55)
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
$ dig @1.1.1.1 google.com
; <<>> DiG 9.11.14-RedHat-9.11.14-2.fc31 <<>> @1.1.1.1 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22262
;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 3600 IN A 216.239.38.120
;; Query time: 5 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Jan 23 10:41:39 WITA 2020
;; MSG SIZE rcvd: 55
Hello,
Sorry for the delayed response.
First of all, we see that there is bad UDP checksum, its ok.
According to tcpdump we can see the correct response with the IP address of requested A record.
I think this is a bug. The solution might be reinstall fedora.