Web lists-archives.com

Re: Network config

On Thu, Aug 03, 2017 at 08:53:27AM -0400, Greg Wooledge wrote:
> But the problem is, various Unix DHCP client daemons do *too much*.
> All I want them to do is set the IP address, netmask, and gateway.
> I *don't* want them to change the system hostname, or the system
> resolv.conf (in which I have hand-placed *our* DNS search domain and
> *our* DNS resolvers).

Well, making /etc/resolv.conf read-only, owned by root.root, and
uninstalling resolvconf should also solve your problem.

Then programs won't write to the file.

Since you have a long term static nameserver, you're good.

Alternatively, if you might change your setup here and there for a
particular host, I find resolvconf to be the perfect middle ground -
and when it's meant to not update resolv.conf, that "NO" setting
looks like it should work a treat for you.

Or if you comission a laptop which might move daily between
locations, fully dynamic DHCP config might be best - just use network
manager and whatever it depends on, and the default "auto everything"
should work assuming DHCP is set up correctly at your site - just let
the auto-stuff do its auto stuff, and the laptop will mostly work.
Uninstall resolvconf since network manager does it all.

If you in this last (laptop) scenario need specific addition of your
static nameserver, on top of the DHCP nameservers (e.g. one
nameserver might resolve some internal names, the others might
recursively resolve internet names) then configuring resolvonf to
know about your static server and add it "on each dhcp
reconfiguration" will work when properly configured too - either
before or after the DHCP assigned servers (i.e. depending on the
precedence you need for the resolves), this could be another ideal
configuration well served by resolvconf.

That which is ideal, always depends on your requirements. I'm still
not clear on your requirements, but perhaps one of the above
scenarios will satisfy.

> On the HP-UX systems, I modified the boot scripts to accomodate all of
> the funky things that happen with DHCP.  I keep master copies of the true
> /etc/resolv.conf and /etc/hosts files (plus one other HP-UX-specific
> network config file), which all get overwritten by the DHCP client,
> and I restore them at just the right time.

That sounds ugly, and way overly hacky.

I suggest thoroughly reading the resolvconf man page to understand
its workings, and making use of that.

If you don't want to do that for any reason, that's also fine - just
remove resolvconf as suggested by someone else in this thread.

> I put the hostname and IP
> in /etc/hosts so that dtlogin can start.  Also, starting with an update
> of ITD's DHCP servers about 5 years ago, the HP-UX DHCP client started
> overwriting the system hostname with the one provided by the DHCP server.
> So I had to make more changes to work around that as well, restoring
> the correct hostname at just the right moment.

Surely this would be easier? :
chmod 400 /etc/hostname

I'm a sure fan of static network config (which includes hostname),
but sure sounds like you might be doing things the hard way.

> On the Debian systems, I learned through trial and error that this
> change works:
> --- /etc/dhcp/dhclient.conf.20170410	2017-04-10 10:12:13.271209076 -0400
> +++ /etc/dhcp/dhclient.conf	2017-04-10 10:12:26.291209232 -0400
> @@ -14,8 +14,7 @@
>  send host-name = gethostname();
>  request subnet-mask, broadcast-address, time-offset, routers,
> -	domain-name, domain-name-servers, domain-search, host-name,
> -	dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
> +	dhcp6.sntp-servers,
>  	netbios-name-servers, netbios-scope, interface-mtu,
>  	rfc3442-classless-static-routes, ntp-servers;
> If I simply don't ask for DNS nameserver addresses, the DHCP server
> doesn't provide them, and dhclient doesn't touch resolv.conf, and everyone
> is happy.  The Debian/ISC DHCP client is smart enough to ignore the
> hostname coming from DHCP, so I didn't have to do anything there.
> (The HP-UX DHCP client does not have this level of control, so I have
> to fix things up after the fact.)

Possibly just compile the ISC DHCP client for HP-UX - a binary
compiled by someone else might even be available.

> Home system: the DHCP server is a Belkin plastic router.  The router
> silently forwards DNS queries to the ISP's nameserver, which is tolerable,
> but a bit slow.  I would prefer to run a local dnscache resolver (from
> djbdns).  The DHCP server provides a nameserver entry whether I request
> it or not, and a search domain of "Belkin".
> I am not using djbdns from a Debian package.  It's pure upstream.

openresolv is a new package I haven't seen before

For DNS cache, I've installed dnsmasq many times over the years -
it's small and simple.

> I have configured the router to assign my IP address to my MAC address.
> I just don't want it to touch my resolv.conf file.
> At first I tried doing what I did at work: removing lines from the
> dhclient.conf file.  But the Belkin DHCP server doesn't stop sending
> the nameserver, and dhclient continues to overwrite resolv.conf.
> I ended up simply doing chattr +i.

If you have a solution working for you, that's great.

> > If you're wanting a static resolv.conf, are you manually
> > running dhclient, or using /etc/network/interfaces ?
> I use /etc/network/interfaces with
> auto eth0
> iface eth0 inet dhcp

You may not know there's a way to do your "scripting" in the
interfaces file:

man interfaces # for help

# take 1:

auto eth0
iface eth0 inet dhcp
	post-up mv /my/resolv.conf /etc/resolv.conf
	post-up chmod 400 /etc/resolv.conf

# take 2:

auto eth0
iface eth0 inet dhcp
	post-up chmod 400 /etc/resolv.conf

# take 3:

auto eth0
iface eth0 inet dhcp
	post-up mv /my/resolv.conf /etc/resolv.conf
	post-up chmod 400 /etc/resolv.conf

Play around and see what your resultant /etc/resolv.conf ends up as
in each scenario you try.

> > I.e. is this a one-shot scenario, or a "static" config situation?
> It's "static" in the sense that the configuration is (supposed to
> be) unchanging.  But not in the sense of "iface eth0 inet static".
> The IP address, netmask and gateway come from DHCP.  The hostname,
> nameservers, and everything else come from their respective traditional
> Unix or Debian or CentOS config files.

If it makes it easier for you, you could configure your home router
to match whatever your internal subnet address range/dhcp config at

Anyway, you have a few options to try now.

> > Have you tried also reading man dhclient.conf ?
> wooledg:~$ man dhclient.conf | grep -ic resolv
> 0
> wooledg:~$ man dhclient.conf | grep -ic nameserver
> 0
> wooledg:~$ man dhclient.conf | grep -ic DNS
> 5
> All 5 hits for DNS are in a section named "DYNAMIC DNS", which describes
> "very limited support for doing DNS updates when a lease is acquired".
> If there is anything in the man page that describes how to make dhclient
> *not touch* the resolv.conf file no matter what the DHCP server tells it,
> I have not managed to find it.
> <https://www.cyberciti.biz/faq/dhclient-etcresolvconf-hooks/> (which
> I also linked earlier in this thread) apparently went down a very
> similar road.  The author came up with a hack that involves modifying
> the dhclient backend, overwriting the shell function that does the actual
> resolv.conf updates with a function that does nothing.

Did you see these directories in your travels? :


> > the world's full of wierd
> > networks :)
> I don't think what I'm doing is particularly weird.  "How do I make it
> stop overwriting resolv.conf" *is* a FAQ, as that URL says.  There are
> many, many people in the world struggling with this every day.

I could at least 3 solutions in this thread now:
 - read only file (looks like you found an attr for this too)
 - resolv.conf "NO" config option
 - post-up sub command in interfaces file

That should be plenty to satisfy your desire for a solution :)

Good luck,