[CentOS] resolv.conf rewritten every reboot. How to figure out who and why?

Dave tdbtdb+centos at gmail.com
Thu Oct 29 18:21:53 UTC 2009

The consensus of the list seemed to be that I should change the PEERDNS
variable. It seems not to be working. The machine rebooted yesterday,
/etc/resolv.conf got rewritten again. And yet:

 find /etc/sysconfig/ -type f -exec grep -iH 'peerdns=' {} \;
# chkconfig --list|grep Net
NetworkManager  0:off   1:off   2:off   3:off   4:off   5:off   6:off
# /etc/init.d/NetworkManager status
NetworkManager is stopped
# find /etc/sysconfig/ -type f -exec grep -iH 'bootproto=' {} \;
/etc/sysconfig/network-scripts/ifup-eth:    BOOTPROTO=bootp
# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search soest.hawaii.edu
nameserver 1...
nameserver 1...

So, it's not PEERDNS, not DHCP, not NetworkManager. Why is dhclient-script
even being run?

Maybe I should disable selinux altogether, instead of just making it
permissive? I think I'll try that.

# grep resol  /sbin/dhclient-script
make_resolv_conf() {
        save_previous /etc/resolv.conf
        change_resolv_conf $rscf
            for resolvfile in /etc/resolv.conf* ; do
                /sbin/restorecon $resolvfile >/dev/null 2>&1
        if [ -f /etc/resolv.conf.predhclient.$interface ]; then
            change_resolv_conf /etc/resolv.conf.predhclient.$interface
            rm -f /etc/resolv.conf.predhclient.$interface
[root at lee1 ~]# getenforce

How badly would things blow up if I did this?

chmod a-w /etc/resolv.conf


On Thu, Oct 8, 2009 at 7:41 AM, Dave
<tdbtdb+centos at gmail.com<tdbtdb%2Bcentos at gmail.com>
> wrote:

> My machine has a static IP, with dhcp and IPv6 disabled. Every time I
> reboot, some process rewrites /etc/resolv.conf, including a comment
> about dhcpclient. The only package I have installed that shows up in
> "rpm -qa|grep -i dhcp" is dhcpv6-client-1.0.10-16.el5, and nothing in
> there is named dhcpclient.
> I'd like to figure out what software is rewriting this file and why.
> man 5 resolv.conf  and man resolver are unhelpful in this case. rpm
> reports /etc/resolv.conf is not owned by any package.
> At this point, I am as (or more) interested in pointers regarding how
> to find the answer as I am in the actual answer. Please teach me to
> fish.
> mahalo,
> Dave

