Arch Linux

rmeyer

Member

Registered: 2022-11-25

Posts: 2

[SOLVED] Firefox won't start with systemd-resolved

I've recently reinstalled Arch Linux with NetworkManager and KDE Plasma, and I enabled systemd-resolved with the following configuration:

[Resolve]
DNS=8.8.8.8
FallbackDNS=1.1.1.1
Domains=~.
DNSSEC=no
DNSOverTLS=yes
#MulticastDNS=yes
#LLMNR=yes
#Cache=yes
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no

I've also created the symlink to the resolvconf stub:

 ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf 

.

And I can verify the DNS resolution over TLS and DNSSEC is being performed correctly by checking Wireshark and by doing nslookup over some domains in which DNSSEC would fail or succeed.

However, no matter what I try, be it unlinking /etc/resolv.conf for it to be the automatically generated NetworkManager resolv.conf, enabling or disabling DNSSEC, commenting or uncommenting Domains, disabling IPV6 or trying different DNS servers or enabling DoH on Firefox, firefox takes between 1 and 2 minutes to start, generating an error on the resolved dbus service with the error message:

systemd-resolved[4420]: Failed to send hostname reply: Transport endpoint is not connected

The output of resolvectl status is:

Global
           Protocols: +LLMNR +mDNS +DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
  Current DNS Server: 8.8.8.8
         DNS Servers: 8.8.8.8
Fallback DNS Servers: 1.1.1.1
          DNS Domain: ~.

Link 2 (enp7s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: fe80::e2b9:e5ff:fe68:b350
       DNS Servers: 192.168.1.254 fe80::e2b9:e5ff:fe68:b350
        DNS Domain: lan

My current NetworkManager Ethernet connection configuration is:

[connection]
id=Ethernet
uuid=f5e2aed5-8d6e-4215-9e2c-34bede11e8b1
type=ethernet

[ethernet]
auto-negotiate=true

[ipv4]
method=auto

[ipv6]
addr-gen-mode=stable-privacy
method=auto

If I stop the systemd-resolved service and start firefox, it starts in the expected time (2 seconds), and I can restart the service again and firefox works as expected, however, if I close firefox and open it again with the service open, it won't start again until I stop it (or restart it).

My router IP is 192.168.1.254 and it seems to be attempting to perform DoT over that IP, since when I change DNSOverTLS from yes to opportunistic, it starts in around 10 seconds, with the following messages output to the systemd log:

systemd-resolved[5211]: Using degraded feature set UDP+EDNS0 instead of TLS+EDNS0 for DNS server 192.168.1.254.
systemd-resolved[5211]: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 192.168.1.254.

How would I prevent it from doing DoT to the LAN DNS server (192.168.1.254) and using the provided DNS servers (8.8.8.8/1.1.1.1) or the loopback DNS server (127.0.0.53) directly or fix this issue? Every other application I run works as expected in the DNS resolution department except for firefox.

Thanks

Last edited by rmeyer (2022-11-26 11:07:22)

xerxes_

Member

Registered: 2018-04-29

Posts: 675

Re: [SOLVED] Firefox won't start with systemd-resolved

What if you set in Firefox DNS over HTTPS to 8.8.8.8 or try other Firefox settings?

cfr

Member

From: Cymru

Registered: 2011-11-27

Posts: 7,132

Re: [SOLVED] Firefox won't start with systemd-resolved

The wiki says you need /etc/systemd/resolved.conf.d/dns_over_tls.conf, but you don't mention its content. Do you have it and what's in it?

---

CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

rmeyer

Member

Registered: 2022-11-25

Posts: 2

Re: [SOLVED] Firefox won't start with systemd-resolved

What if you set in Firefox DNS over HTTPS to 8.8.8.8 or try other Firefox settings?

I did try it, but it wasn't it, since I already mentioned in the original post that I did set DoH in Firefox, it still didn't start with DoT enabled (the systemd-resolved service running).

The wiki says you need /etc/systemd/resolved.conf.d/dns_over_tls.conf, but you don't mention its content. Do you have it and what's in it?

Creating that file with content specified in the wiki page (https://wiki.archlinux.org/title/Systemd-resolved) didn't do anything of value, since the Ethernet interface still made DNS requests to the router IP.

I ended up fixing the issue by creating /etc/NetworkManager/conf.d/dns-servers.conf with the following content, forcing the created NetworkManager connections to use the loopback DNS resolver, thus preventing it from using the router DNS server.

[global-dns-domain-*]
servers=::1,127.0.0.1

Thanks for all the help.