🟡 Medium   ⏱ 5–30 min  Last verified: 19 May 2026

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Running dnf update hangs or fails with timeout errors while downloading repomd.xml or metalink data.

Environment & Reproduction

You see Curl error 28, mirrorlist failures, or very slow metadata refresh on rhel-9 hosts.

Root Cause Analysis

DNS latency, firewall egress restrictions, unstable proxy settings, or a poor mirror selection can trigger the issue.

Quick Triage

Test name resolution and route health: resolvectl status, ping mirror host, curl -I repository URL, and review /etc/dnf/dnf.conf.

Step-by-Step Diagnosis

Clean local caches and force a fresh sync: sudo dnf clean all && sudo dnf makecache –refresh.

Illustrative mockup for rhel-9 — rhel9-dnf-timeout-01.webp
DNF timing out while refreshing repository metadata — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Adjust DNF behavior by setting timeout and retries in /etc/dnf/dnf.conf, then retry with sudo dnf -v update.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for rhel-9 — rhel9-dnf-timeout-02.webp
Successful metadata refresh after mirror and timeout tuning — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Verify firewalld and perimeter ACLs allow HTTPS to cdn.redhat.com and mirror endpoints used by enabled repositories.

Verification & Acceptance Criteria

SELinux rarely blocks dnf directly, but constrained proxy services may need proper contexts and booleans; inspect denials with ausearch -m avc -ts recent.

Rollback Plan

Confirm metadata age and repository status using dnf repolist -v and run one non-interactive update check.

Prevention & Hardening

Revert temporary dnf.conf changes if they reduce security or conflict with enterprise standards.

Use local mirrors, Red Hat Satellite, or a validated proxy path for predictable update performance.

Related tutorial: View the step-by-step tutorial for rhel-9.

View all rhel-9 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

dnf clean all; dnf makecache –refresh; dnf repolist -v; journalctl -u rhsmcertd –no-pager

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.