[CentOS] Network Manager / CentOS 7 / local unbound

Tue Apr 11 17:42:51 UTC 2017
Louis Lagendijk <louis at fazant.net>

On Tue, 2017-04-11 at 01:40 -0700, Alice Wonder wrote:
> Hello list -
> 
> http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver
> -in-fedora-using-network-manager
> 
> That says it works for CentOS 5 and I *suspect* the methods there (3 
> listed) would work, but what is the best way with NetworkManager to
> set 
> it up to use the localhost for DNS ?
> 
> I'm paranoid about DNS spoofing and really prefer to have a local 
> instance of DNSSEC enforcing unbound running on my CentOS 7 virtual 
> machines (e.g. linode)
> 
> Currently I just use a cron job that runs once a minute to over-
> write 
> was it is /etc/resolv.conf so they don't use the DHCP assigned 
> nameservers, but that does leave a short window every time the
> network 
> is restarted.
> 
> I'd like to know the proper way to set up Network Manager to just
> create
> 
> nameserver 127.0.0.1
> nameserver ::1
> 
> in /etc/resolv.conf
> 
> Via google, it seems every distro approaches it differently and most 
> instructions I have seen involve a GUI.
> 
> I did not see how to do it in the CentOS documentation but it might
> be 
> there and I just did not figure out how to search it for what I
> wanted.
> 
> Those stackexchange methods look like they might work but they
> reference 
> CentOS 5 and I know some NetworkManager stuff changed even just
> between 
> 7.2 and 7.3 as I experienced incorrect IPv6 address after update as
>> result of those changes.
> 
> Is there an "official" way to tell NetworkManager what I want in 
> /etc/resolv.conf ? Or better yet, a way to just tell it to leave
> that 
> file alone?
Use nmtui to manually configure the the interface AND nameservers. That
 puts the correct info in the ifcfg files. Nmtui is a curses UI. Just
don't foret to specify the interface ip-address with the right netmask
(e.g. 1.2.3.4/24, default seems to e a /32, I have been bitten by that
a numer of times)


/Louis
>