On 11/17/18 8:31 AM, Alice Wonder wrote:
> On 11/17/2018 07:01 AM, Alice Wonder wrote:
>> On 11/17/2018 06:43 AM, Alice Wonder wrote:
>>> CentOS 7.5 image running on linode.
>>>
>>> unbound running on localhost.
>>>
>>> Have to use a cron job once a minute to keep /etc/resolv.conf using
>>> the localhost for name resolution - whenever NetworkManager gets
>>> restarted (usually only a system boot) it gets over-written.
>>>
>>> It seems every distro has a different way of preventing
>>> NetworkManager from replacing that file.
>>>
>>> I found instructions for Fedora that said create
>>> /etc/NetworkManager/conf.d/no-dns.conf containing
>>>
>>> [main]
>>> dns=none
>>>
>>> That doesn't seem to have any effect.
>>>
>>> Poking around, I find a file on boot seems to be created called
>>>
>>> /var/run/NetworkManager/resolv.conf
>>>
>>> It has most of the contents of what ends up in /etc/resolv.conf -
>>> except w/o the last line, which just reads rotate in generated
>>> /etc/resolv.conf.
>>>
>>> It says it's generated by NetworkManager (both /etc/resolv.conf and
>>> the one in /var/run/NetworkManager) but neither are specific enough
>>> to indicate what is causing them to be created so I can turn it off.
>>>
>>> Anyone know how to tell NetworkManager to just not create that file?
>>>
>>> Using a cron job to overwrite it once a minute works but there must
>>> be a proper way.
>>>
>>> I really wish KISS was a design goal when designing system
>>> configuration.
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS@xxxxxxxxxx
>>> https://lists.centos.org/mailman/listinfo/centos
>>
>> Just found this -
>>
>> # cat dhclient-exit-hooks
>> echo 'options rotate' >> /etc/resolv.conf
>>
>> That's where the last line in /etc/resolv.conf is coming from.
>
> Okay replacing the contents of dhclient-exit-hooks with
>
> echo -e 'nameserver 127.0.0.1\nnameserver ::1' > /etc/resolv.conf
>
> seems to do what I need.
>
> I hope RHEL/CentOS 8 do networking better, as in, not have spaghetti
> scripts called here and there making something that should be a config
> option hard to do.
>
> With DNS the only way to trust results is if the zone is signed and
> local resolver validates. You can't ever trust external nameservers
> defined by dhcp to validate. So there's very valid reasons to want to
> use local unbound.
> _______________________________________________
I don't know about CentOS 7 because I'm running CentOS 6, but on other
systemd distributions where I've run into similar issues I was either
able to add a hardcoded DNS server to network manager or resolve the
problem through systemd-resolved.
In one case I resolved the issue best by disabling systemd-resolved, but
if you check the man page for systemd-resolved as wells as the man page
for resolved.conf (/etc/systemd/resolved.conf on other distributions)
my sense is you will find a cleaner solution. It would seem to me that
if you are running bind or powerdns on your local host, then it would
make sense to me to disable systemd-resolved, since you don't need so
many layers of caching dns resolvers.
Nataraj
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
