> On 11/17/18 8:31 AM, Alice Wonder wrote: >> On 11/17/2018 07:01 AM, Alice Wonder wrote: >>> On 11/17/2018 06:43 AM, Alice Wonder wrote: >>>> CentOS 7.5 image running on linode. >>>> >>>> unbound running on localhost. >>>> >>>> Have to use a cron job once a minute to keep /etc/resolv.conf using >>>> the localhost for name resolution - whenever NetworkManager gets >>>> restarted (usually only a system boot) it gets over-written. >>>> >>>> It seems every distro has a different way of preventing >>>> NetworkManager from replacing that file. >>>> >>>> I found instructions for Fedora that said create >>>> /etc/NetworkManager/conf.d/no-dns.conf containing >>>> >>>> [main] >>>> dns=none >>>> >>>> That doesn't seem to have any effect. >>>> >>>> Poking around, I find a file on boot seems to be created called >>>> >>>> /var/run/NetworkManager/resolv.conf >>>> >>>> It has most of the contents of what ends up in /etc/resolv.conf - >>>> except w/o the last line, which just reads rotate in generated >>>> /etc/resolv.conf. >>>> >>>> It says it's generated by NetworkManager (both /etc/resolv.conf and >>>> the one in /var/run/NetworkManager) but neither are specific enough >>>> to indicate what is causing them to be created so I can turn it off. >>>> >>>> Anyone know how to tell NetworkManager to just not create that file? >>>> >>>> Using a cron job to overwrite it once a minute works but there must >>>> be a proper way. >>>> >>>> I really wish KISS was a design goal when designing system >>>> configuration. >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> https://lists.centos.org/mailman/listinfo/centos >>> >>> Just found this - >>> >>> # cat dhclient-exit-hooks >>> echo 'options rotate' >> /etc/resolv.conf >>> >>> That's where the last line in /etc/resolv.conf is coming from. >> >> Okay replacing the contents of dhclient-exit-hooks with >> >> echo -e 'nameserver 127.0.0.1\nnameserver ::1' > /etc/resolv.conf >> >> seems to do what I need. >> >> I hope RHEL/CentOS 8 do networking better, as in, not have spaghetti >> scripts called here and there making something that should be a config >> option hard to do. >> >> With DNS the only way to trust results is if the zone is signed and >> local resolver validates. You can't ever trust external nameservers >> defined by dhcp to validate. So there's very valid reasons to want to >> use local unbound. >> _______________________________________________ > > > I don't know about CentOS 7 because I'm running CentOS 6, but on other > systemd distributions where I've run into similar issues I was either > able to add a hardcoded DNS server to network manager or resolve the > problem through systemd-resolved. > > In one case I resolved the issue best by disabling systemd-resolved, but > if you check the man page for systemd-resolved as wells as the man page > for resolved.conf (/etc/systemd/resolved.conf on other distributions) > my sense is you will find a cleaner solution. It would seem to me that > if you are running bind or powerdns on your local host, then it would > make sense to me to disable systemd-resolved, since you don't need so > many layers of caching dns resolvers. Alice was talking about CentOS 7.5, which doesn't have systemd-resolved nor does it have systemd-networkd. I didn't look at EL8 betas yet but we can probably expect systemd-networkd to be included there. If that's the case, we'll probably have legacy script based configs, NetworkManager and systemd-networkd/systemd-resolved. In other words, things may not get easier in the future but even more confusing. At least that's already the case if you run different distributions. Regards, Simon