dnf (Dandified YUM) is the default package manager for RHEL 9 and the successor to yum. It handles installing, updating, removing, and querying RPM packages from local and remote repositories, resolving dependencies automatically using the libsolv library, and supporting transactions that can be rolled back if something goes wrong. For Red Hat Enterprise Linux, packages come from the subscription-based Red Hat repositories, the EPEL (Extra Packages for Enterprise Linux) community repository, or private internal repositories. Understanding dnf deeply is essential for every RHEL administrator: managing software lifecycle, enabling only necessary repositories, understanding module streams for different software versions, and auditing installed packages for security. This guide covers all day-to-day dnf operations, repository management, module streams, and transaction history.
Prerequisites
- RHEL 9 server with root or sudo access
- Active RHEL subscription (for Red Hat repositories) or a RHEL 9 derivative like AlmaLinux/Rocky Linux with the standard repos configured
Step 1 — Essential dnf Commands
# Update package metadata cache
dnf makecache
# List available updates
dnf check-update
# Update all packages
dnf update -y
# Update a specific package
dnf update nginx -y
# Install a package
dnf install -y nginx
# Install multiple packages at once
dnf install -y vim curl wget git
# Remove a package
dnf remove -y apache2
# Remove package AND unused dependencies
dnf autoremove -y
# Search for packages by name or description
dnf search nginx
# Show package information
dnf info nginx
# Show which package provides a specific file or command
dnf provides /usr/sbin/nginx
dnf provides '*/nginx.conf'Step 2 — Query Installed Packages
# List all installed packages
dnf list installed
# Check if a specific package is installed
dnf list installed nginx
# List available packages in repos (not installed)
dnf list available | head -30
# Show all packages (installed + available) matching a name
dnf list '*nginx*'
# List recently installed packages
dnf history userinstalled
# List packages by installation date
rpm -qa --queryformat '%{INSTALLTIME:date} %{NAME}-%{VERSION}n' | sort | tail -20Step 3 — Repository Management
# List all configured repositories
dnf repolist
# List enabled and disabled repos
dnf repolist all
# Temporarily enable a disabled repository
dnf install --enablerepo=epel-testing nginx
# Temporarily disable a repository
dnf update --disablerepo=epel nginx
# Permanently enable/disable a repository
dnf config-manager --enable epel
dnf config-manager --disable epel
# Add the EPEL repository (common for community packages)
dnf install -y epel-release
# Add a custom repository manually
vi /etc/yum.repos.d/myrepo.repo[myrepo]
name=My Custom Repository
baseurl=https://repo.example.com/rhel9/
enabled=1
gpgcheck=1
gpgkey=https://repo.example.com/RPM-GPG-KEY-myrepodnf makecacheStep 4 — Manage Module Streams
RHEL 9 uses Application Streams to provide multiple versions of software components. For example, you can select Python 3.9 vs 3.11, or Node.js 18 vs 20, without conflicting packages:
# List available modules
dnf module list
# Show streams for a specific module
dnf module list nodejs
# Enable a specific stream
dnf module enable nodejs:20
# Install from an enabled stream
dnf module install nodejs:20/default
# Show which stream is active
dnf module info nodejs
# Reset a module to default stream
dnf module reset nodejsStep 5 — Work with Transaction History
Every dnf operation is recorded in a transaction history, enabling you to review what changed and roll back packages to their previous state:
# Show all transactions
dnf history
# Show details of a specific transaction
dnf history info 15
# Undo the last transaction
dnf history undo last
# Undo a specific transaction
dnf history undo 15
# Redo a transaction
dnf history redo 15
# Show all packages changed in a transaction
dnf history info 15 | grep -E "Install|Update|Erase"Step 6 — Security Updates
# List available security updates only
dnf updateinfo list security
# Apply security updates only
dnf update --security -y
# List critical severity updates
dnf updateinfo list critical
# Show advisory details for a specific CVE
dnf updateinfo info --cve CVE-2024-12345
# List updates fixing a specific bugzilla ID
dnf updateinfo list bugfixStep 7 — Package Groups
# List available package groups
dnf grouplist
# Show what is in a group
dnf groupinfo "Development Tools"
# Install a group
dnf groupinstall "Development Tools" -y
# Remove a group
dnf groupremove "Development Tools" -yStep 8 — Clean Up and Maintenance
# Clean all cached data
dnf clean all
# Remove cached packages only
dnf clean packages
# Find and remove broken dependencies
dnf distro-sync
# Check for dependency errors
dnf check
# Reinstall a package (useful after accidental file deletion)
dnf reinstall nginx -y
# Downgrade a package
dnf downgrade nginxStep 9 — Lock Package Versions
# Install the version lock plugin
dnf install -y python3-dnf-plugin-versionlock
# Lock a package at its current version
dnf versionlock add nginx
# List all version locks
dnf versionlock list
# Remove a version lock
dnf versionlock delete nginx
# Clear all locks
dnf versionlock clearVerification Checklist
# Enabled repositories
dnf repolist
# Pending security updates
dnf updateinfo list security
# Recent installs
dnf history | head -10
# Disk used by dnf cache
du -sh /var/cache/dnf/Conclusion
You now have a thorough understanding of dnf on RHEL 9: installing and removing packages, managing repositories with GPG verification, using Application Stream module streams for multi-version software, auditing and rolling back transactions, applying security-only updates, and locking package versions to prevent unwanted upgrades. Consistent use of dnf update --security and transaction history review keeps your RHEL 9 server patched and auditable.
Next steps: How to Configure Network Interface Settings with nmcli/ip on RHEL 9, How to Configure Automatic Security Updates on RHEL 9, and How to Perform a System Security Audit with auditd on RHEL 9.
