I think configuring NetworkManager not to touch it is the right solution. Unless there are cases where NetworkManager ignores its configuration but I haven't seen those. A fancier solution might be to have some kind of systemd script that rewrites it if and only if the unbound daemon has successfully started and I thought about looking in to doing that, but that means if the unbound daemon for some reason doesn't start, it would be using the less secure ISP provided DNS resolution and I'd rather have it fail so I know there's a problem and can investigate. On 04/12/2017 02:02 AM, Nux! wrote: > OR just make the file immutable if it's so critical to you. > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > ----- Original Message ----- >> From: "Jon LaBadie" <jcu at labadie.us> >> To: "CentOS mailing list" <centos at centos.org> >> Sent: Wednesday, 12 April, 2017 07:16:22 >> Subject: Re: [CentOS] Network Manager / CentOS 7 / local unbound > >> On Tue, Apr 11, 2017 at 01:40:21AM -0700, Alice Wonder wrote: >>> Hello list - >>> >>> http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager >>> >>> That says it works for CentOS 5 and I *suspect* the methods there (3 listed) >>> would work, but what is the best way with NetworkManager to set it up to use >>> the localhost for DNS ? >>> >>> I'm paranoid about DNS spoofing and really prefer to have a local instance >>> of DNSSEC enforcing unbound running on my CentOS 7 virtual machines (e.g. >>> linode) >>> >>> Currently I just use a cron job that runs once a minute to over-write was it >>> is /etc/resolv.conf so they don't use the DHCP assigned nameservers, but >>> that does leave a short window every time the network is restarted. >> >> Besides the suggested configs, if still worried you could set up >> an inotify watch on /etc/resolv.conf to let you know, or take >> action, whenever it changes. >> >> jon >> -- >> Jon H. LaBadie jon at jgcomp.com >> 11226 South Shore Rd. (703) 787-0688 (H) >> Reston, VA 20190 (703) 935-6720 (C) >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >