Multiple dns servers set - but host on local network not found

tomasz-drozdz · August 29, 2025, 9:30am

Hello all.

*)

In my local network I have router with dhcp and dns server.

On this local network I also have machine called ‘myfedora’.

*)

On the same local network I have PC which uses network manager.

On this PC:

I use dns server that comes from dhcp server my dhcp client is connected to.

> resolvectl status

Global
         Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: foreign
Current DNS Server: 192.168.8.1
       DNS Servers: 192.168.8.1 2606:4700:4700::1111 2606:4700:4700::1001
        DNS Domain: lan

Link 2 (enp1s0)
    Current Scopes: none
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlp2s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/unsupported
       DNS Servers: 192.168.8.1
        DNS Domain: lan

Link 4 (vpn0)
    Current Scopes: none
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported

And this configuration works - it is my PC sees myfedora:

> resolvectl query myfedora

myfedora: 192.168.8.187                        -- link: wlp2s0
          (myfedora.lan)

-- Information acquired via protocol DNS in 16.3ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: network

> ping myfedora

PING myfedora.lan (192.168.8.187) 56(84) bytes of data.
64 bytes from 192.168.8.187: icmp_seq=1 ttl=64 time=6.30 ms

But when I configure it like that:

> resolvectl status

Global
         Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: foreign
Current DNS Server: 1.1.1.1
       DNS Servers: 1.1.1.1 1.0.0.1 192.168.8.1 2606:4700:4700::1111 2606:4700:4700::1001
        DNS Domain: lan

Link 2 (enp1s0)
    Current Scopes: none
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlp2s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/unsupported
       DNS Servers: 1.1.1.1 1.0.0.1 192.168.8.1
        DNS Domain: lan

Link 4 (vpn0)
    Current Scopes: none
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported

It does not work - it is my PC does not see myfedora:

> resolvectl query myfedora

myfedora: 'myfedora' not found

> ping myfedora

ping: myfedora: Name or service not known

Similar when I activate VPN on my PC:

> resolvectl status

Global
         Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: foreign
Current DNS Server: 123.XXX.XXX.XXX
       DNS Servers: 123.XXX.XXX.XXX 123.XXX.XXX.XXY 1.1.1.1 1.0.0.1 192.168.8.1 2606:4700:4700::1111 2606:4700:4700::1001
        DNS Domain: lan my.vpn.connection

Link 2 (enp1s0)
    Current Scopes: none
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlp2s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute LLMNR=resolve -mDNS +DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 1.1.1.1
       DNS Servers: 1.1.1.1 1.0.0.1 192.168.8.1
        DNS Domain: lan

Link 4 (vpn0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 123.XXX.XXX.XXX
       DNS Servers: 123.XXX.XXX.XXX 123.XXX.XXX.XXY
        DNS Domain: my.vpn.connection

============

So it seams that when fedora is asking for host then it only ask current dns server - it seams first that is online - and when this dns server responds but with “host not found” answer then fedora does not ask another dns server for this host.

Can it be somehow configured so I can use for example VPN and still be able to resolve my local net hosts names ?

barryascott · August 29, 2025, 2:13pm

I assume that the .lan is managed by your router?
Use dig @192.168.8.1 myfedora.lan to check that is still working.
If that fails I would guess that myfedora did not send its name in the DHCP request.

If you want to use the 1.1.1.1 1.0.0.1 DNS why not configure on the router?

tomasz-drozdz · August 29, 2025, 5:40pm

Yes it works:

> dig @192.168.8.1 myfedora

; <<>> DiG 9.18.33 <<>> @192.168.8.1 myfedora
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12019
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;myfedora.                      IN      A

;; ANSWER SECTION:
myfedora.               0       IN      A       192.168.8.187

;; Query time: 28 msec
;; SERVER: 192.168.8.1#53(192.168.8.1) (UDP)
;; WHEN: Fri Aug 29 19:33:36 CEST 2025
;; MSG SIZE  rcvd: 53

You are right - on my PC I may not set 1.1.1.1, 1.0.0.1, just set only 192.168.8.1 - and on my router I can set 1.1.1.1, 1.0.0.1 - and this configuration works - as I showed above in point 1).

But even then when I activate my vpn connection, then dns retrieved from it takes precedence over 192.168.8.1 what makes my PC not able to resolve local network hosts names.

barryascott · August 31, 2025, 9:10am

That is normal for a VPN. You should be able to configure how the VPN works so that hosts on your lan. domain can be accessed.
Look for setting to allow lan. lookups on your router and allowing access to the 192.168/16 addresses.

tomasz-drozdz · September 1, 2025, 10:16am

My router does not have that option/section - at least I do not see it.
It works simpler - it just “assigns” names that devices send by themselves - I can just see this names on my router but I do not have any option to configure router local lan dns.

But assuming I had such option.
Then another problems arise:

My router has only OpenVPN Client - but I connect with CiscoVPN client.
Also setting VPN on router would made it visible for all devices on my local network - and this is what I definitively do not want to happen - only my PC should have access to this VPN.

That Is why I configure and connect to VPN only on my PC - and can not do it anywhere else on my local network.

That is why I wonder if there is any solution that allows me to configure VPN locally on my PC and still be able to resolve local lan machines names.

barryascott · September 1, 2025, 10:42am

Cisco VPN is support on Fedora as far as I know.
I don’t know the details of how to do this.
Once you have teh Cisco VPn working we can help you get the DNS/Routing working so you can still access local hosts on your lan.

Turning on the VPN in you router I expect is not going to be useful.

lozenge · September 1, 2025, 10:52am

It sounds like the Cisco VPN Client configuration needs changing then.
Perhaps this helps or at least gives you clues as to a fix.

Another possible workaround might be to add the IPs and names you want to use to your
`/etc/hosts’ file, but be aware that won’t update automatically in case a device is given a different LAN IP at some time.

tomasz-drozdz · September 1, 2025, 11:20am

I do not use Cisco AnyConnect client because it wants to dirty install itself in a system directories and I use Silverblue which as immutable OS does not allows for it and I can not force AnnyConnect to install itself into /opt (at least I couldn’t before in some previous version).

And also I prefer to use default VPN client shipped with Fedora - which I already configured so it already connects to CiscoVPN and it works.

So when VPN connection is off then situation is like I described in first message in point 1).

But when I turn on VPN on my PC then situation is as I described in first message in point 3) - dns provided by VPN takes precedence over 192.168.8.1 and my PC can not resolve hosts names on local lan.

So can I somehow tell Fedora to do the following:

if first dns server does not find anything then ask another one - and so on until some dns server finds something or until there are no more dns servers to ask ?

vgaetera · September 20, 2025, 12:41pm

This only works when resolving short names with different search domains, but it queries only one random DNS from each interface, so you cannot mix LAN and Cloudflare DNS on the same interface.

tomasz-drozdz · October 7, 2025, 5:44pm

OK so

You are right:

if I set DNS as automatic (so my router 192.168.8.1 is retrieved from DHCP as DNS server)
and do not add extra DNS servers
then:

ping myfedora.lan

ssh myfedora.lan

works
even with VPN turned on.

Bu also I can use something different:

I can have mDNS configured and running (like Avahi or with systemd-resolved) on both my systems
and then use .local like that:

ping myfedora.local

ssh myfedora.local

Topic		Replies	Views
Fedora 40 Ignoring local DNS server Ask Fedora systemd-resolved , networking , dns , workstation	10	580	April 22, 2025
Fedora 40 - Split DNS Resolution(Internal/External) Issue - Favortizing External Resolution Ask Fedora network , ipv6 , ipv4 , networking , dns , server , f40	24	1685	September 10, 2025
DNS problems after upgrade Fedora 33 Ask Fedora f33	10	8143	February 28, 2021
DNS Resolution Takes 5+ seconds Fedora 34 Ask Fedora f34	13	3568	August 12, 2021
DNS resolution broken Ask Fedora f33 , f34 , networking	14	10968	January 17, 2022

Multiple dns servers set - but host on local network not found

Related topics