[CentOS] NetworkManager and /etc/resolv.conf

Mon Nov 19 05:49:52 UTC 2018
Simon Matter <simon.matter at invoca.ch>

> On 11/17/18 8:31 AM, Alice Wonder wrote:
>> On 11/17/2018 07:01 AM, Alice Wonder wrote:
>>> On 11/17/2018 06:43 AM, Alice Wonder wrote:
>>>> CentOS 7.5 image running on linode.
>>>> unbound running on localhost.
>>>> Have to use a cron job once a minute to keep /etc/resolv.conf using
>>>> the localhost for name resolution - whenever NetworkManager gets
>>>> restarted (usually only a system boot) it gets over-written.
>>>> It seems every distro has a different way of preventing
>>>> NetworkManager from replacing that file.
>>>> I found instructions for Fedora that said create
>>>> /etc/NetworkManager/conf.d/no-dns.conf containing
>>>> [main]
>>>> dns=none
>>>> That doesn't seem to have any effect.
>>>> Poking around, I find a file on boot seems to be created called
>>>> /var/run/NetworkManager/resolv.conf
>>>> It has most of the contents of what ends up in /etc/resolv.conf -
>>>> except w/o the last line, which just reads rotate in generated
>>>> /etc/resolv.conf.
>>>> It says it's generated by NetworkManager (both /etc/resolv.conf and
>>>> the one in /var/run/NetworkManager) but neither are specific enough
>>>> to indicate what is causing them to be created so I can turn it off.
>>>> Anyone know how to tell NetworkManager to just not create that file?
>>>> Using a cron job to overwrite it once a minute works but there must
>>>> be a proper way.
>>>> I really wish KISS was a design goal when designing system
>>>> configuration.
>>>> _______________________________________________
>>>> CentOS mailing list
>>>> CentOS at centos.org
>>>> https://lists.centos.org/mailman/listinfo/centos
>>> Just found this -
>>> # cat dhclient-exit-hooks
>>> echo 'options rotate' >> /etc/resolv.conf
>>> That's where the last line in /etc/resolv.conf is coming from.
>> Okay replacing the contents of dhclient-exit-hooks with
>> echo -e 'nameserver\nnameserver ::1' > /etc/resolv.conf
>> seems to do what I need.
>> I hope RHEL/CentOS 8 do networking better, as in, not have spaghetti
>> scripts called here and there making something that should be a config
>> option hard to do.
>> With DNS the only way to trust results is if the zone is signed and
>> local resolver validates. You can't ever trust external nameservers
>> defined by dhcp to validate. So there's very valid reasons to want to
>> use local unbound.
>> _______________________________________________
> I don't know about CentOS 7 because I'm running CentOS 6, but on other
> systemd distributions where I've run into similar issues I was either
> able to add a hardcoded DNS server to network manager or resolve the
> problem through systemd-resolved.
> In one case I resolved the issue best by disabling systemd-resolved, but
> if you check the man page for systemd-resolved as wells as the man page
> for  resolved.conf (/etc/systemd/resolved.conf on other distributions)
> my sense is you will find a cleaner solution.  It would seem to me that
> if you are running bind or powerdns on your local host, then it would
> make sense to me to disable systemd-resolved, since you don't need so
> many layers of caching dns resolvers.

Alice was talking about CentOS 7.5, which doesn't have systemd-resolved
nor does it have systemd-networkd. I didn't look at EL8 betas yet but we
can probably expect systemd-networkd to be included there. If that's the
case, we'll probably have legacy script based configs, NetworkManager and

In other words, things may not get easier in the future but even more
confusing. At least that's already the case if you run different