[CentOS] NetworkManager and /etc/resolv.conf

Sat Nov 17 19:01:38 UTC 2018
Nataraj <incoming-centos at rjl.com>

On 11/17/18 8:31 AM, Alice Wonder wrote:
> On 11/17/2018 07:01 AM, Alice Wonder wrote:
>> On 11/17/2018 06:43 AM, Alice Wonder wrote:
>>> CentOS 7.5 image running on linode.
>>> unbound running on localhost.
>>> Have to use a cron job once a minute to keep /etc/resolv.conf using
>>> the localhost for name resolution - whenever NetworkManager gets
>>> restarted (usually only a system boot) it gets over-written.
>>> It seems every distro has a different way of preventing
>>> NetworkManager from replacing that file.
>>> I found instructions for Fedora that said create
>>> /etc/NetworkManager/conf.d/no-dns.conf containing
>>> [main]
>>> dns=none
>>> That doesn't seem to have any effect.
>>> Poking around, I find a file on boot seems to be created called
>>> /var/run/NetworkManager/resolv.conf
>>> It has most of the contents of what ends up in /etc/resolv.conf -
>>> except w/o the last line, which just reads rotate in generated
>>> /etc/resolv.conf.
>>> It says it's generated by NetworkManager (both /etc/resolv.conf and
>>> the one in /var/run/NetworkManager) but neither are specific enough
>>> to indicate what is causing them to be created so I can turn it off.
>>> Anyone know how to tell NetworkManager to just not create that file?
>>> Using a cron job to overwrite it once a minute works but there must
>>> be a proper way.
>>> I really wish KISS was a design goal when designing system
>>> configuration.
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>> Just found this -
>> # cat dhclient-exit-hooks
>> echo 'options rotate' >> /etc/resolv.conf
>> That's where the last line in /etc/resolv.conf is coming from.
> Okay replacing the contents of dhclient-exit-hooks with
> echo -e 'nameserver\nnameserver ::1' > /etc/resolv.conf
> seems to do what I need.
> I hope RHEL/CentOS 8 do networking better, as in, not have spaghetti
> scripts called here and there making something that should be a config
> option hard to do.
> With DNS the only way to trust results is if the zone is signed and
> local resolver validates. You can't ever trust external nameservers
> defined by dhcp to validate. So there's very valid reasons to want to
> use local unbound.
> _______________________________________________ 

I don't know about CentOS 7 because I'm running CentOS 6, but on other
systemd distributions where I've run into similar issues I was either
able to add a hardcoded DNS server to network manager or resolve the
problem through systemd-resolved.

In one case I resolved the issue best by disabling systemd-resolved, but
if you check the man page for systemd-resolved as wells as the man page
for  resolved.conf (/etc/systemd/resolved.conf on other distributions)
my sense is you will find a cleaner solution.  It would seem to me that
if you are running bind or powerdns on your local host, then it would
make sense to me to disable systemd-resolved, since you don't need so
many layers of caching dns resolvers.