Hi, I would guess your domainname is not (none), and hostname -f value is fedora.domain_failing.tld. One of fixes might be to change hostname of the machine to not contain domains suffix. Then only explicitly configured search would apply. On 3/25/21 2:51 AM, Robert Marcano via devel wrote: > Currently I am connecting to a VPN that provides a few DNS search > entries. One of these domains on the search path is having DNS > resolution problems. This is not per se the the problem I am writing > this email for. > > The problem is that starting Firefox and Thunderbird take a long time, > it took time to detect the DNS resolution problem was the origin of > these timeouts. I am not using that domain that is having resolution > problems. Would dig fedora.domain_failing.tld take long before VPN is estabilished? Does it timeout when connecting or after connected? Timeout might mean some of connection provided servers does not respond or route to it does not work. Even searches should mean just more packets, not visibly longer delay. > > The real culprit is the default `fedora` hostname, instead of localhost. > Starting a Wireshark capture there are DNS searches for > fedora.domain_failing.tld, when starting Firefox and Thunderbird. The > presence of the search path on generated /etc/resolv.conf isn't the > cause of these DNS searches, I edited them out while the VPN was still > active. Try not commenting it out, but override default system value in /etc/resolv.conf: search . > > Even 'ping fedora' start doing these searches with the search paths > appended. 'ping localhost' doesn't do that. The only workaround to this > issue is to add fedora to the localhost entries on /etc/hosts. That would be likely because localhost is in /etc/hosts, read by files in nsswitch. But dns queries (if systemd-resolved is disabled) are configured by /etc/resolv.conf. > > This in some way is a DNS leak, even on a VPN with perfectly working DNS > resolution, the fedora name should not be searched on these domains > until I am using the fedora full hostname on these domains. Even worse > when simply starting applications like Firefox o Thunderbird. Are you sure you do not have hostname set to FQDN? Have you tried setting it to relative name (no dots)? > > Maybe changing the default hostname to fedora wasn't a good idea after > all, or at least fedora should be added to the default /etc/hosts. It should not be necessary unless fqdn is used as a hostname. "fedora" value should be completely ok. But I guess even when connecting to VPN, it should not timeout. DNS settings should be changed only after VPN is connected and ready to forward packets. Are you sure no IP range conflicts with used DNS servers? Cheers, Petr -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemensik@xxxxxxxxxx PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
