Re: NetworkManager and /etc/resolv.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 11/17/2018 07:01 AM, Alice Wonder wrote:

On 11/17/2018 06:43 AM, Alice Wonder wrote:

CentOS 7.5 image running on linode.

unbound running on localhost.
Have to use a cron job once a minute to keep /etc/resolv.conf using the localhost for name resolution - whenever NetworkManager gets restarted (usually only a system boot) it gets over-written.
It seems every distro has a different way of preventing NetworkManager from replacing that file.
I found instructions for Fedora that said create /etc/NetworkManager/conf.d/no-dns.conf containing 

[main]
dns=none

That doesn't seem to have any effect.

Poking around, I find a file on boot seems to be created called

/var/run/NetworkManager/resolv.conf
It has most of the contents of what ends up in /etc/resolv.conf - except w/o the last line, which just reads rotate in generated /etc/resolv.conf.
It says it's generated by NetworkManager (both /etc/resolv.conf and the one in /var/run/NetworkManager) but neither are specific enough to indicate what is causing them to be created so I can turn it off. 

Anyone know how to tell NetworkManager to just not create that file?
Using a cron job to overwrite it once a minute works but there must be a proper way. 

I really wish KISS was a design goal when designing system configuration.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos


Just found this -

# cat dhclient-exit-hooks
echo 'options rotate' >> /etc/resolv.conf

That's where the last line in /etc/resolv.conf is coming from.


Okay replacing the contents of dhclient-exit-hooks with

echo -e 'nameserver 127.0.0.1\nnameserver ::1' > /etc/resolv.conf

seems to do what I need.
I hope RHEL/CentOS 8 do networking better, as in, not have spaghetti scripts called here and there making something that should be a config option hard to do.
With DNS the only way to trust results is if the zone is signed and local resolver validates. You can't ever trust external nameservers defined by dhcp to validate. So there's very valid reasons to want to use local unbound. 
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux