[CentOS] NetworkManager and /etc/resolv.conf

Mon Nov 19 06:02:33 UTC 2018
anax <anax at ayni.com>

On 11/19/18 6:49 AM, Simon Matter wrote:
>> On 11/17/18 8:31 AM, Alice Wonder wrote:
>>> On 11/17/2018 07:01 AM, Alice Wonder wrote:
>>>> On 11/17/2018 06:43 AM, Alice Wonder wrote:
>>>>> CentOS 7.5 image running on linode.
>>>>> unbound running on localhost.
>>>>> Have to use a cron job once a minute to keep /etc/resolv.conf using
>>>>> the localhost for name resolution - whenever NetworkManager gets
>>>>> restarted (usually only a system boot) it gets over-written.
>>>>> It seems every distro has a different way of preventing
>>>>> NetworkManager from replacing that file.
>>>>> I found instructions for Fedora that said create
>>>>> /etc/NetworkManager/conf.d/no-dns.conf containing
>>>>> [main]
>>>>> dns=none
>>>>> That doesn't seem to have any effect.
>>>>> Poking around, I find a file on boot seems to be created called
>>>>> /var/run/NetworkManager/resolv.conf
>>>>> It has most of the contents of what ends up in /etc/resolv.conf -
>>>>> except w/o the last line, which just reads rotate in generated
>>>>> /etc/resolv.conf.
>>>>> It says it's generated by NetworkManager (both /etc/resolv.conf and
>>>>> the one in /var/run/NetworkManager) but neither are specific enough
>>>>> to indicate what is causing them to be created so I can turn it off.
>>>>> Anyone know how to tell NetworkManager to just not create that file?
>>>>> Using a cron job to overwrite it once a minute works but there must
>>>>> be a proper way.
>>>>> I really wish KISS was a design goal when designing system
>>>>> configuration.
>>>>> _______________________________________________
>>>>> CentOS mailing list
>>>>> CentOS at centos.org
>>>>> https://lists.centos.org/mailman/listinfo/centos
>>>> Just found this -
>>>> # cat dhclient-exit-hooks
>>>> echo 'options rotate' >> /etc/resolv.conf
>>>> That's where the last line in /etc/resolv.conf is coming from.
>>> Okay replacing the contents of dhclient-exit-hooks with
>>> echo -e 'nameserver\nnameserver ::1' > /etc/resolv.conf
>>> seems to do what I need.
>>> I hope RHEL/CentOS 8 do networking better, as in, not have spaghetti
>>> scripts called here and there making something that should be a config
>>> option hard to do.
>>> With DNS the only way to trust results is if the zone is signed and
>>> local resolver validates. You can't ever trust external nameservers
>>> defined by dhcp to validate. So there's very valid reasons to want to
>>> use local unbound.
>>> _______________________________________________
>> I don't know about CentOS 7 because I'm running CentOS 6, but on other
>> systemd distributions where I've run into similar issues I was either
>> able to add a hardcoded DNS server to network manager or resolve the
>> problem through systemd-resolved.
>> In one case I resolved the issue best by disabling systemd-resolved, but
>> if you check the man page for systemd-resolved as wells as the man page
>> for  resolved.conf (/etc/systemd/resolved.conf on other distributions)
>> my sense is you will find a cleaner solution.  It would seem to me that
>> if you are running bind or powerdns on your local host, then it would
>> make sense to me to disable systemd-resolved, since you don't need so
>> many layers of caching dns resolvers.
> Alice was talking about CentOS 7.5, which doesn't have systemd-resolved
> nor does it have systemd-networkd. I didn't look at EL8 betas yet but we
> can probably expect systemd-networkd to be included there. If that's the
> case, we'll probably have legacy script based configs, NetworkManager and
> systemd-networkd/systemd-resolved.
> In other words, things may not get easier in the future but even more
> confusing. At least that's already the case if you run different
> distributions.
> Regards,
> Simon
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

in august 1017 i had put away the following remark about this item:

gvim /var/run/NetworkManager/resolv.conf
# to your needs
# make /etc/resolv.conf a link to the above file
rm /etc/resolv.conf
ln -s /lib/systemd/resolv.conf /etc/resolv.conf

# dns=none does not work in either /etc/NetworkManager/NetworkManager.conf
# nor in /etc/NetworkManager/conf.d/dns.conf


OR, much simpler:

in /etc/sysconfig/network-scripts/ifcfg-ethX