How to Install DNF Automatic on Fedora Linux

Keeping your Fedora Linux system current is vital for security, performance, and peace of mind. If manual updates feel like a chore, or if you’re concerned about missing crucial patches, learning how to install DNF Automatic on Fedora is your solution. Whether you manage a single workstation, run a home server that needs overnight security patches, or maintain multiple Fedora systems that benefit from synchronized update schedules, DNF Automatic handles the repetitive work.

You will learn how to install and configure DNF Automatic, choose between notification-only mode and fully automated updates, schedule update checks using systemd timers, apply security-only patches to minimize risk, and troubleshoot common issues. By the end of this guide, you can maintain a secure and efficient Fedora system with minimal manual intervention.

Understanding DNF Automatic on Fedora

How DNF Automatic Works on Fedora

If you are new to DNF Automatic, think of it as a scheduled assistant for your Fedora package manager. Instead of manually running sudo dnf upgrade every few days (note: dnf is DNF5 in Fedora 41+ by default), DNF Automatic checks for updates on a timer, downloads them if available, and can even apply them without your involvement. It extends the standard DNF package manager’s functionality with scheduling and notification capabilities tailored for hands-off system maintenance.

At its simplest, DNF Automatic runs in the background via a systemd timer (similar to a cron job) and executes the update checks you configure. The tool reads your configuration from /etc/dnf/automatic.conf where you control three main behaviors: whether to only notify you about updates, whether to download them, and whether to install them automatically. For example, a cautious approach might notify you when security patches arrive, while a fully automated setup installs all updates overnight and reboots if the kernel changed.

DNF Automatic Syntax and Options

DNF Automatic follows this basic syntax:

sudo dnf automatic [options]

• sudo: Runs the command with root privileges so DNF can read system repositories and install updates.
• dnf automatic: Invokes the DNF Automatic plugin instead of the interactive dnf subcommands.
• [options]: Optional flags such as --installupdates or --no-downloadupdates to override settings in /etc/dnf/automatic.conf.

For example, the simplest dry run that checks for updates without downloading them is:

sudo dnf automatic --no-downloadupdates

This command reports what updates are available while leaving your configuration untouched, making it safe for a first test on any Fedora host.

Key features include:

• Flexible automation levels: Notify only, download only, or fully install updates based on your comfort level and system role.
• Selective update types: Apply all available updates or restrict to security-only patches, reducing risk on production systems.
• Notification options: Receive alerts via email, message of the day (MOTD), or standard output when updates are available or applied.
• Customizable schedule: Use systemd timers to run update checks daily, weekly, or at specific times that match your maintenance windows.
• Network-aware operation: Wait for network availability and stagger update times across multiple servers to avoid simultaneous load.

Task	Options	What They Do
Send notifications only	--no-downloadupdates or set download_updates = False	Skips downloads so you can approve updates manually while still getting alerts.
Download updates for review	--no-installupdates or keep apply_updates = False	Caches packages locally but leaves installation for a scheduled maintenance window.
Install everything automatically	--installupdates or set apply_updates = True	Fetches and installs all available updates on each run.
Apply security fixes only	Set upgrade_type = security	Limits automation to advisories tagged as security updates.
Stagger multiple servers	Set random_sleep = <seconds> and use --timer	Adds a random delay before execution to reduce simultaneous load.
Force an immediate run	sudo dnf automatic	Executes the configured behavior right away instead of waiting for the timer.

How to Install DNF Automatic on Fedora Linux

Prerequisites for Installing DNF Automatic on Fedora

Before you begin, ensure you have:

• Root or sudo privileges on your Fedora Linux system to install and configure system packages.
• An active internet connection to download packages from Fedora repositories.
• A supported Fedora release with the dnf package manager available (current releases ship DNF5 by default).

You can verify your Fedora and DNF version:

cat /etc/fedora-release
dnf --version

Current Fedora releases print DNF5 version information, confirming you’re using the modern package manager.

Step 1: Installing DNF Automatic on Fedora

Before you install anything, confirm whether DNF Automatic is already present on your system:

rpm -q dnf-automatic

If the package is already installed, the command prints its version and you can jump ahead to the configuration steps. When it reports that the package is missing, install it with:

sudo dnf install dnf-automatic

This pulls in the dnf-automatic package which adds automated update features on top of DNF. Fedora 41 and newer map the dnf command to DNF5 by default, while Fedora 40 and earlier still use the legacy DNF4 interface. The dnf-automatic package works with both generations, so the installation process remains the same.

Step 2: Verifying DNF Automatic Installation

After installation, verify the dnf-automatic package is installed:

rpm -q dnf-automatic

Run the command again after your installation. When it prints the package name and version (for example, dnf-automatic-5.2.0-1.fc41.noarch), you know DNF Automatic is ready to configure.

Configuring DNF Automatic on Fedora

DNF Automatic’s configuration file is located at /etc/dnf/automatic.conf and defines how your system handles updates. By default, the package only downloads updates but does not install them. Editing this file lets you customize notification methods, update types, download behavior, and installation policies to match your specific needs.

Step 3: Editing the DNF Automatic Configuration File

Open the configuration file in your preferred text editor:

sudo nano /etc/dnf/automatic.conf

The configuration file contains several sections with key settings and their default values:

[commands] section (behavior control):

• apply_updates (default: False): Set to True to automatically install updates. When False, updates are only downloaded if download_updates is True.
• download_updates (default: True): Controls whether updates are downloaded automatically. Set to False for notification-only mode.
• upgrade_type (default: default): Choose default for all updates or security to apply only security patches.
• reboot (default: never): Options are never, when-changed (reboot after any upgrade), or when-needed (reboot only for kernel/systemd updates).
• reboot_command (default: shutdown -r +5 'Rebooting after applying package updates'): Customize the reboot command if needed.
• network_online_timeout (default: 60 seconds): Maximum time to wait for network availability. Set to 0 to skip network detection.
• random_sleep (default: 0 seconds): Random delay before downloading. Note that systemd timers also add up to 1 hour of random delay by default.

[emitters] section (notification method):

• emit_via (default: stdio): List of emitters such as stdio (standard output), motd (message of the day), email (SMTP), command (custom command), or command_email (email via command).
• system_name (default: system hostname): Override the hostname used in reports.
• emit_no_updates (default: False): Set to True to emit notifications even when no updates are available.

Here’s a minimal example configuration for automatic security-only updates with MOTD notifications:

[commands]
upgrade_type = security
apply_updates = True
reboot = when-needed

[emitters]
emit_via = motd

[base]
debuglevel = 1

Save and close the file when finished (in nano, press Ctrl+X, then Y, then Enter).

Configuration Examples for Common Use Cases

The /etc/dnf/automatic.conf file offers extensive options to tailor DNF Automatic to your specific needs. Below are configuration examples demonstrating common scenarios. Remember to uncomment lines (remove the leading # if present) and adjust values as needed.

Example 1: Security-Only Updates with Automatic Reboot

When managing servers or systems where minimizing downtime is crucial but applying security patches promptly is a priority, this configuration installs only updates marked with security advisories and reboots the system if an update (like a kernel update) requires it:

[commands]
# What kind of upgrades to look at:
# default - All available updates
# security - Only security updates
upgrade_type = security

# Whether packages comprising the available updates should be applied (default: False)
# This implies download_updates is also True
apply_updates = True

# When the system should reboot (default: never)
# never - Do not reboot the system
# when-changed - Reboot after any upgrade
# when-needed - Reboot only if necessary (e.g., kernel or systemd update)
reboot = when-needed

# Maximal random delay before downloading, in seconds (default: 0)
# Useful to stagger updates on multiple systems
# Note: systemd timers also add up to 1 hour random delay
random_sleep = 0

# Maximal time dnf automatic will wait until the system is online (default: 60)
# 0 means skip network availability detection
network_online_timeout = 60

[emitters]
# How to report results (default: stdio)
# Available: stdio, motd, email, command, command_email
emit_via = motd

[base]
# Debug level for DNF (default: 2)
debuglevel = 1

Example 2: Download All Updates, Notify by Email, Do Not Apply

When you want to review updates before applying them, this setup downloads all available updates and sends email notifications. You would then need to apply the updates manually using sudo dnf upgrade. This approach works well for workstations where you want awareness without automatic installation:

[commands]
upgrade_type = default
download_updates = True  # Default: True
apply_updates = False    # Default: False - only download, don't install

[emitters]
emit_via = email
system_name = MyFedoraServer # Optional: Custom name for this system in reports

[email]
# Email address to send notifications from (default: root)
email_from = root@$(hostname -f)

# List of email addresses to send notifications to (default: root)
# Separate multiple emails with a comma or space
email_to = your-email@example.com

# Hostname of the SMTP server (default: localhost)
email_host = localhost

# Port number for the SMTP server (default: 25)
email_port = 25

# Whether to use TLS, STARTTLS, or no encryption (default: no)
# Options: no, yes, starttls
email_tls = no

[base]
debuglevel = 1

For email notifications to work, your Fedora system must have a configured mail transfer agent (MTA) like Postfix or Sendmail, or be able to relay mail through an external SMTP server.

Example 3: Stagger Updates Across Multiple Servers

If you manage multiple Fedora servers, preventing them from all updating simultaneously avoids network congestion and reduces the impact of a problematic update. The random_sleep option adds a random delay before DNF Automatic starts its process. Note that systemd timers already add up to 1 hour of random delay by default, so additional randomization may not be necessary for most setups:

[commands]
apply_updates = True
# Maximal random delay, in seconds (default: 0)
# 3600 seconds = 1 hour additional delay beyond systemd's built-in randomization
random_sleep = 3600

# The --timer flag must be used when running manually to apply random_sleep
# The systemd timer automatically uses this option

This setting makes DNF Automatic wait for a random period up to one hour (in addition to systemd’s default randomization) before checking for and applying updates, helping distribute network load and reducing the chance of simultaneous updates causing widespread issues if a problematic update is released.

Step 4: Enabling and Starting the DNF Automatic Timer

DNF Automatic uses systemd timers (a modern alternative to cron jobs) to schedule update checks. Enable and start the timer with this command:

sudo systemctl enable --now dnf-automatic.timer

The --now flag starts the timer immediately, while enable ensures it runs automatically on boot. To confirm the timer is active and see when it will run next:

sudo systemctl status dnf-automatic.timer

The timer respects your /etc/dnf/automatic.conf configuration file settings for whether to download and/or install updates. Note that systemd adds up to 1 hour of random delay by default to prevent all systems from updating simultaneously.

Prior to Fedora 40, variant timers like dnf-automatic-notifyonly.timer, dnf-automatic-download.timer, and dnf-automatic-install.timer existed. These were merged into the single dnf-automatic.timer with the DNF5 transition. Instead of separate timers, you now use command-line options (covered in Step 5) to override behavior when needed.

Step 5: Using Command-Line Overrides for Testing

DNF Automatic supports command-line options that override your configuration file settings. These are useful for testing different behaviors without editing your config file, and they replace the specialized timer units that existed before Fedora 40:

• --timer: Apply the random_sleep delay from your configuration file (normally only used by systemd timers).
• --installupdates: Force installation of updates regardless of apply_updates setting (implies --downloadupdates). This replaces the old dnf-automatic-install.timer.
• --no-installupdates: Prevent installation even if apply_updates = True in config. This replaces the old dnf-automatic-download.timer.
• --downloadupdates: Force download of updates regardless of configuration.
• --no-downloadupdates: Prevent downloading (notification-only mode). This replaces the old dnf-automatic-notifyonly.timer.

Example usage to test notification-only mode without changing your config:

sudo dnf automatic --no-downloadupdates

Or to force a full update check, download, and install for testing:

sudo dnf automatic --installupdates

These overrides are particularly useful when testing your setup before committing to automated execution via the systemd timer.

Step 6: Customizing the Timer Schedule

By default, the dnf-automatic.timer runs daily. If you need to customize this schedule, the recommended method is to override the default timer unit using a drop-in snippet. Directly editing files in /usr/lib/systemd/system/ is discouraged because system updates might overwrite your changes.

First, create the necessary directory for the drop-in snippet if it doesn’t exist, then create an override file (for example, override.conf) using a text editor:

sudo mkdir -p /etc/systemd/system/dnf-automatic.timer.d/
sudo nano /etc/systemd/system/dnf-automatic.timer.d/override.conf

In the override.conf file, specify only the settings you want to change. For example, to adjust the schedule to check for updates every Monday at 3 AM, add this content:

[Timer]
OnCalendar=
OnCalendar=Mon *-*-* 03:00:00

The first empty OnCalendar= line is crucial because it clears any existing OnCalendar assignments from the original unit file before applying your new one. The format Mon *-*-* 03:00:00 specifies execution every Monday at 3:00 AM. You can tailor this to your needs using the systemd calendar event format.

After creating or modifying the override file, save it, then instruct systemd to reload its configuration and restart the timer for your changes to take effect:

sudo systemctl daemon-reload
sudo systemctl restart dnf-automatic.timer

You can verify the timer’s next scheduled run time and see all active settings (including your overrides) using sudo systemctl status dnf-automatic.timer. To specifically check the OnCalendar values, use systemctl show dnf-automatic.timer | grep OnCalendar.

Testing and Troubleshooting DNF Automatic on Fedora

Testing DNF Automatic Updates on Fedora

To verify DNF Automatic works as configured, manually trigger its operation without waiting for the timer. Open your terminal and run:

sudo dnf automatic

This command immediately executes the configured behavior (checking for updates, downloading them, or applying them based on your /etc/dnf/automatic.conf settings). Watch the output to confirm your configuration performs the expected actions.

Common Issues and Solutions

Service Not Starting

If the timer does not start as expected, check the logs for errors:

sudo journalctl -u dnf-automatic.timer

The logs often provide specific error messages related to misconfigurations or missing dependencies. Verify the configuration file is correct, then reload the systemd daemon if necessary:

sudo systemctl daemon-reload

This command ensures your recent changes are recognized by systemd.

No Notifications Received

If you do not receive notifications, check the emit_via option in /etc/dnf/automatic.conf. This setting determines how your system sends notifications (via motd for message of the day, email, or stdio for standard output). Ensure your notification method is supported and configured properly.

If you configure email notifications, your system needs a functioning mail transfer agent (MTA) like Postfix or Sendmail. Without a working mail server, email alerts cannot be delivered. Test your mail setup separately to confirm it works, or consider using another notification method like motd.

Updates Not Applied

If your system does not apply updates automatically, verify the apply_updates option in the configuration file is set to True (the default is False). This setting enables DNF Automatic to install updates without manual intervention. Check the timer status to confirm it is active:

sudo systemctl status dnf-automatic.timer

If the timer is inactive, start it with:

sudo systemctl start dnf-automatic.timer

Checking Update Logs and Manual Execution

To see a history of packages updated by DNF (including those installed by DNF Automatic), inspect the DNF log:

cat /var/log/dnf.log

For more detailed output from DNF Automatic itself, especially when testing configurations, check the system journal for its specific unit:

sudo journalctl -u dnf-automatic.service

If you’re making changes to your /etc/dnf/automatic.conf and want to test them without waiting for the timer, run DNF Automatic directly from the command line:

sudo dnf automatic

You can also use command-line overrides to test specific behaviors without altering your configuration file. For example, to test download-only mode:

sudo dnf automatic --no-installupdates

Best Practices for DNF Automatic on Fedora

• Start with Notifications Only: Configure DNF Automatic to send update notifications before enabling automatic installations. This lets you understand its behavior and avoid unexpected changes on critical systems.
• Enable Security-Only Updates: Focus on security updates by setting the upgrade_type parameter to security in the configuration file, prioritizing critical patches while deferring feature updates for manual review.
• Monitor Logs Regularly: Check logs periodically to ensure your system applies updates without issues. Regular monitoring helps you catch problems early before they affect system stability.
• Test on Non-Critical Systems First: For production environments, test DNF Automatic on non-critical systems before deploying it widely. This approach minimizes risk and ensures smooth rollout across your infrastructure.

Conclusion

DNF Automatic transforms Fedora package management from manual updates into scheduled automation. Start conservatively with download-only mode, then enable automatic security patches as confidence builds. Test configurations with sudo dnf automatic and command-line overrides before committing to timer-based execution. Bookmark the official DNF5 Automatic documentation and Fedora AutoUpdates quick docs for reference when fine-tuning schedules, notification methods, or reboot policies.