Web lists-archives.com

Re: Can't find the DNS Servers




On Monday 25 September 2017 12:10:10 Reco wrote:

> 	Hi.
>
> On Mon, Sep 25, 2017 at 11:33:50AM -0400, Gene Heskett wrote:
> > > I mean, unless this is a laptop or a tablet or a phone or
> > > something. Then it may be appropriate, because you might actually
> > > WANT your resolv.conf file to be rewritten every time the wind
> > > changes direction.
> > >
> > > For desktop machines with a static internal network configuration,
> > > it's an abomination.  And unfortunately it's not the only
> > > malevolent fiend trying to usurp control of your resolv.conf file.
> > >  There's also dhclient, and network-manager, and systemd-resolved,
> > > and who knows what else.
> > >
> > > See <https://www.cyberciti.biz/faq/dhclient-etcresolvconf-hooks/>
> > > for some of your options.  Of course, before you can apply any of
> > > those suggestions, you have to seize back control of your
> > > resolv.conf file in the first place.  Make sure it's a FILE and
> > > not a symlink, and put the correct content into it.  Make sure
> > > name resolution works.  Then choose your favorite solution to keep
> > > the file under YOUR control.
> >
> > For me, its a root session, and a "chattr +i resolv.conf"
> > If for some reason you need to edit it later, you'll have to use the
> > -i argument first. As long as that +i bit is set, its protected from
> > everything but a mke2fs.
>
> A common misconception. Here's how a determined userspace can beat
> immutable bit:
>
> # mkdir testetc
> # touch testetc/resolv.conf
> # chattr +i testetc/resolv.conf
> # mv testetc/ testetc.orig
> # mkdir testetc
> # touch testetc/resolv.conf
> # echo evil dns > testetc/resolv.conf
>
> Of course you could try to counter that with "chattr +i /etc", but
> doing *that* should break an unimaginable number of things.
>
> If you really need immutable /etc/resolv.conf you should try the
> Read-Only Root Debian - [1].
>
> [1] https://wiki.debian.org/ReadonlyRoot
>
> Reco

Unforch, this isn't /root stuffs, but /etc stuffs.  And it works. And I 
could care less how disappointed n-m or dhcpd is.  Or even resolvconf 
itself. Particularly when its as buggy as a 10 day old road kill in 
August.

Yes, there is a place for dhcp, but its for sure not on a home, small 
number of machines network thats all static.
 

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>