[CentOS] NetworkManager and /etc/resolv.conf

Mon Nov 19 05:49:52 UTC 2018
Simon Matter <simon.matter at invoca.ch>

> On 11/17/18 8:31 AM, Alice Wonder wrote:
>> On 11/17/2018 07:01 AM, Alice Wonder wrote:
>>> On 11/17/2018 06:43 AM, Alice Wonder wrote:
>>>> CentOS 7.5 image running on linode.
>>>>
>>>> unbound running on localhost.
>>>>
>>>> Have to use a cron job once a minute to keep /etc/resolv.conf using
>>>> the localhost for name resolution - whenever NetworkManager gets
>>>> restarted (usually only a system boot) it gets over-written.
>>>>
>>>> It seems every distro has a different way of preventing
>>>> NetworkManager from replacing that file.
>>>>
>>>> I found instructions for Fedora that said create
>>>> /etc/NetworkManager/conf.d/no-dns.conf containing
>>>>
>>>> [main]
>>>> dns=none
>>>>
>>>> That doesn't seem to have any effect.
>>>>
>>>> Poking around, I find a file on boot seems to be created called
>>>>
>>>> /var/run/NetworkManager/resolv.conf
>>>>
>>>> It has most of the contents of what ends up in /etc/resolv.conf -
>>>> except w/o the last line, which just reads rotate in generated
>>>> /etc/resolv.conf.
>>>>
>>>> It says it's generated by NetworkManager (both /etc/resolv.conf and
>>>> the one in /var/run/NetworkManager) but neither are specific enough
>>>> to indicate what is causing them to be created so I can turn it off.
>>>>
>>>> Anyone know how to tell NetworkManager to just not create that file?
>>>>
>>>> Using a cron job to overwrite it once a minute works but there must
>>>> be a proper way.
>>>>
>>>> I really wish KISS was a design goal when designing system
>>>> configuration.
>>>> _______________________________________________
>>>> CentOS mailing list
>>>> CentOS at centos.org
>>>> https://lists.centos.org/mailman/listinfo/centos
>>>
>>> Just found this -
>>>
>>> # cat dhclient-exit-hooks
>>> echo 'options rotate' >> /etc/resolv.conf
>>>
>>> That's where the last line in /etc/resolv.conf is coming from.
>>
>> Okay replacing the contents of dhclient-exit-hooks with
>>
>> echo -e 'nameserver 127.0.0.1\nnameserver ::1' > /etc/resolv.conf
>>
>> seems to do what I need.
>>
>> I hope RHEL/CentOS 8 do networking better, as in, not have spaghetti
>> scripts called here and there making something that should be a config
>> option hard to do.
>>
>> With DNS the only way to trust results is if the zone is signed and
>> local resolver validates. You can't ever trust external nameservers
>> defined by dhcp to validate. So there's very valid reasons to want to
>> use local unbound.
>> _______________________________________________
>
>
> I don't know about CentOS 7 because I'm running CentOS 6, but on other
> systemd distributions where I've run into similar issues I was either
> able to add a hardcoded DNS server to network manager or resolve the
> problem through systemd-resolved.
>
> In one case I resolved the issue best by disabling systemd-resolved, but
> if you check the man page for systemd-resolved as wells as the man page
> for  resolved.conf (/etc/systemd/resolved.conf on other distributions)
> my sense is you will find a cleaner solution.  It would seem to me that
> if you are running bind or powerdns on your local host, then it would
> make sense to me to disable systemd-resolved, since you don't need so
> many layers of caching dns resolvers.

Alice was talking about CentOS 7.5, which doesn't have systemd-resolved
nor does it have systemd-networkd. I didn't look at EL8 betas yet but we
can probably expect systemd-networkd to be included there. If that's the
case, we'll probably have legacy script based configs, NetworkManager and
systemd-networkd/systemd-resolved.

In other words, things may not get easier in the future but even more
confusing. At least that's already the case if you run different
distributions.

Regards,
Simon