I recently switched from Windows to Fedora 43. It has systemd-resolved. I’m having an issue with local DNS just on this one computer (everyone else’s Windows and Chromebook computers, all mobile devices, TVs, etc seem to be unaffected). My home router is a Firewalla, and I make use of their custom dns rules capability. I setup a home.example.com domain pointing to one IP address, and this acts as a catchall for *.home.example.com to go to my primary home server. But I have a few other specific subdomains <host>.home.example.com that I add with their correct IP. What I’m seeing with dig <host>.home.example.com is both the A record for the host pointing to the correct IP, and also a CNAME aliasing to home.example.com. So ultimately applications on my Fedora machine keep going back to the .50 IP instead of the .55 IP as resolved seems to prefer that record which doesn’t actually exist in my router config.
$ dig myapp.home.example.com
; <<>> DiG 9.18.44 <<>> myapp.home.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42761
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;myapp.home.example.com. IN A
;; ANSWER SECTION:
myapp.home.example.com. 1589 IN CNAME home.example.com.
home.example.com. 0 IN A 192.168.68.50
;; AUTHORITY SECTION:
example.com. 1589 IN SOA ns1.example.net. hostmaster.example.net. 1771471443 10800 3600 604800 10800
;; Query time: 9 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Feb 19 13:19:04 CST 2026
;; MSG SIZE rcvd: 136
But I don’t get that extra CNAME when I query direct to my router
$ dig @192.168.68.1 myapp.home.example.com
; <<>> DiG 9.18.44 <<>> @192.168.68.1 myapp.home.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48829
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;myapp.home.example.com. IN A
;; ANSWER SECTION:
myapp.home.example.com. 0 IN A 192.168.68.55
;; Query time: 10 msec
;; SERVER: 192.168.68.1#53(192.168.68.1) (UDP)
;; WHEN: Thu Feb 19 13:23:17 CST 2026
;; MSG SIZE rcvd: 65
So what gives here. Anyone know how to fix systemd-resolved?
Out of curiosity, does this machine in question have a hostname that falls under the domain you’re using for DNS resolution?
Also, what are the contents of
/etc/nsswitch.confand/etc/resolv.conf?$ hostname -f firefly $ cat /etc/resolv.conf | grep -v -e '^#' nameserver 127.0.0.53 options edns0 trust-ad search lan $ cat /etc/nsswitch.conf | grep -v -e '^#' passwd: files systemd shadow: files systemd group: files [SUCCESS=merge] systemd hosts: files myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns services: files netgroup: files automount: files aliases: files ethers: files gshadow: files systemd networks: files dns protocols: files publickey: files rpc: filesI had the same problem as you as I was starting with this as well on debian trixie. What finally worked was this.
I think you should
This should remove the 127.0.0.53 naneserver and put the real one in it.
From the man pages
systemd-resolved maintains the /run/systemd/resolve/resolv.conf file for compatibility with traditional Linux programs. This file may be symlinked from /etc/resolv.conf and is always kept up-to-date, containing information about all known DNS servers. Note the file format’s limitations: it does not know a concept of per-interface DNS servers and hence only contains system-wide DNS server definitions. Note that /run/systemd/resolve/resolv.conf should not be used directly by applications, but only through a symlink from /etc/resolv.conf.
My 2 cents
Instead of writing a novel here, tried to find a post to explain what I think is happening.
Try this