Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at
Bug 1889901 - DNS Over TLS
Summary: DNS Over TLS
Alias: None
Product: Fedora
Classification: Fedora
Component: Changes Tracking
Version: rawhide
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Zbigniew Jędrzejewski-Szmek
QA Contact:
Depends On: 2006393 2054482
TreeView+ depends on / blocked
Reported: 2020-10-20 20:55 UTC by Ben Cotton
Modified: 2022-08-04 15:20 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2022-08-04 15:08:15 UTC
Type: ---

Attachments (Terms of Use)

Description Ben Cotton 2020-10-20 20:55:28 UTC
This is a tracking bug for Change: DNS Over TLS
For more details, see:

Fedora will attempt to use DNS over TLS (DoT) if supported by configured DNS servers.

Comment 1 Ben Cotton 2021-02-09 14:58:35 UTC
Today we reached the Completion deadline (testable) milestone in the Fedora schedule. All approved changes should be in a testable state. If you change is testable, please indicate this by setting the status to MODIFIED.

If you need to defer the change to Fedora 35 or withdraw the change entirely, please indicate this in a comment and NEEDINFO bcotton.

The 100% code complete deadline is Tuesday 23 February. By that date, your change should be fully implemented and the tracking bug set to ON_QA.

For other Fedora 34 milestones, see

Comment 2 Michael Catanzaro 2021-02-09 15:25:32 UTC
Uh, looks like we forgot to enable this? I see it's still disabled by default upstream, and we do not change that in Fedora.

All we need to do is change a build flag, so should be trivial to enable.

Comment 3 Michael Catanzaro 2021-02-10 19:04:11 UTC
Hi Ben, Zbigniew thinks it's best for this change to slip to F35. I've attempted to retarget the change proposal page accordingly. Please let me know if I missed anything, thanks!

Comment 4 Ben Cotton 2021-02-10 19:17:42 UTC
No need to change the category. I'll update the other trackers, thanks!

Comment 5 Ben Cotton 2021-08-10 12:32:59 UTC
Today is the "Code complete (testable)" deadline in the Fedora Linux 35 release schedule:

If this Change is complete enough to be tested, please indicate this by setting this bug to the MODIFIED status. (If it is 100% complete, you can set it to ON_QA).

If you wish to defer this Change to Fedora Linux 36, please needinfo bcotton.

Comment 6 Zbigniew Jędrzejewski-Szmek 2021-08-10 13:22:52 UTC
This is enabled since systemd-249.2-1.fc35.

Comment 7 Michael Catanzaro 2021-08-10 14:18:23 UTC
I think we're 100% complete?

Comment 8 Zbigniew Jędrzejewski-Szmek 2021-08-10 18:14:04 UTC

Comment 9 Adam Williamson 2021-10-08 22:52:18 UTC
Note we have pulled the contingency parachute on this one due to bug #2006393 . I have just sent a build which disables dns-over-tls again and will submit it as an update shortly. Not sure what the protocol is for this situation, for now returning the bug to ASSIGNED.

Comment 10 Michael Catanzaro 2021-10-08 23:50:58 UTC
I've retargeted the change proposal on Fedora wiki to F36 and resubmitted it to the change wrangler.

Comment 11 Ben Cotton 2021-10-12 12:35:06 UTC
Updated the tracking bug, too. :-)

Comment 12 Ben Cotton 2022-02-08 21:07:49 UTC
This bug appears to have been reported against 'rawhide' during the Fedora Linux 36 development cycle.
Changing version to 36.

Comment 13 Ben Cotton 2022-02-08 21:15:06 UTC
Today we reached the Code Complete (testable) milestone in the F36 schedule:

All code for this change should be complete enough for testing. You can indicate this by setting the bug status to MODIFIED. (If the code is fully complete, you can go ahead and set it to ON_QA.)

If you need to defer this Change to F37, please needinfo bcotton.

Comment 14 Ben Cotton 2022-02-22 16:30:59 UTC
We have reached the 'Change complete (100% complete) deadline in the Fedora Linux 36 release schedule.

At this time, all Changes should be fully complete. Indicate this by setting this tracking bug to ON_QA.

If you need to defer this Change to a subsequent release, please needinfo me.

Comment 15 Michael Catanzaro 2022-02-22 17:30:09 UTC
Well the change is complete, but we have unresolved bugs and have not yet decided whether or not to roll back.

Comment 16 Ben Cotton 2022-03-02 17:25:04 UTC
Setting to ON_QA per FESCo:

If this Change needs to be rolled back, please needinfo me and I'll make the appropriate tracker updates.

Comment 17 Michael Catanzaro 2022-03-09 22:31:48 UTC
Unfortunately I think it's time to activate the contingency plan and switch back to -Ddns-over-tls=no. Upstream needs more time to sort through the issues.

Comment 18 Adam Williamson 2022-03-10 00:37:22 UTC
Can we do that for Beta if we're going to do it? We are going to be no-go tomorrow, so there's a few days to get it in.

Comment 19 Michael Catanzaro 2022-03-10 01:39:48 UTC
That's up to Zbigniew, but honestly I don't think it's urgent enough to require a freeze exception.

Comment 20 Ben Cotton 2022-03-14 12:55:49 UTC
(In reply to Michael Catanzaro from comment #17)
> Unfortunately I think it's time to activate the contingency plan and switch
> back to -Ddns-over-tls=no. Upstream needs more time to sort through the
> issues.

Ack. Let me know when the switch is made and I'll shuffle the paperwork appropriately.

Comment 21 Michael Catanzaro 2022-03-14 14:50:13 UTC
(In reply to Adam Williamson from comment #18)
> Can we do that for Beta if we're going to do it? We are going to be no-go
> tomorrow, so there's a few days to get it in.

I don't have permission to touch the systemd package, but I've created merge requests:

Comment 22 Adam Williamson 2022-03-15 02:54:07 UTC
Filed as a proposed FE.

Comment 23 Fedora Update System 2022-03-17 22:09:44 UTC
FEDORA-2022-1dd97eaa2b has been submitted as an update to Fedora 36.

Comment 24 Michael Catanzaro 2022-06-07 14:02:41 UTC
Zbigniew, shall we drop this change proposal? It seems to have failed. Clearly we cannot enable opportunistic mode without more work in systemd-resolved, which has not been prioritized.

Comment 25 Michael Catanzaro 2022-08-04 13:44:16 UTC
Hi Ben, is it possible to withdraw this change proposal?

Comment 26 Ben Cotton 2022-08-04 14:14:20 UTC
Sure thing. I'll take care of the paperwork.

Note You need to log in before you can comment on or make changes to this bug.