Web lists-archives.com

Why does resolv.conf keep changing?




So, I just upgraded my main router/firewall machine to Stretch.
Following the upgrade my /etc/resolv.conf settings appear to track the
DHCP options obtained by one of the two interfaces.  No matter what I
try I can't get the /etc/resolv.conf settings to remain as I would like
them.

The machine has two network interfaces: one on the Internt side which
connects to my ISP-provided equipment and which obtains its address via
DHCP, another on the LAN side which is statically configured.

My /etc/network/interfaces looks like this (192.168.174.0/24 is my LAN
subnet):

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 192.168.174.1
        netmask 255.255.255.0
        broadcast 192.168.174.255

auto eth1
iface eth1 inet dhcp

My /etc/resolv.conf looks like this:

domain example.com
search example.com.
nameserver 127.0.0.1

The reason for "nameserver 127.0.0.1" is that I run my own instance of
bind which acts as a caching server and also serves my own internal
zones.  Prior to the recent upgrade to Stretch everything worked
normally.  That is, whatever I put in /etc/resolv.conf was left as I
configured it.  Following my recent Stretch upgrade I found my
resolv.conf had been changed to just this (192.168.63.1/24 is the subnet
used by the ISP equipment):

nameserver 192.168.63.1

That has the effect of not allowing processes running on that machine
(the router/firewall) to properly resolve internal DNS addresses.  Other
machines on my network are fine since they get their name servers set by
the internal DHCP server which is configured with the name server
address 192.168.174.1.  This DHCP server is different from the embedded
DHCP server that runs on my ISP's device.

I have tried two different things.  First, I added this directive to
/etc/network/interfaces under the eth0 stanza:

        dns-nameservers 127.0.0.1

That did not appear to have any effect because taking eth0 and eth1 down
and then bringing them back up still results in resolv.conf pointing to
the ISP router as its name server.  Additionally, after the interfaces
are up even if I manually change resolv.conf, something comes along
sometime later and undoes my changes.

The second thing I tried was adding to /etc/dhcp/dhclient.conf:

supersede domain-name example.com;
supersede domain-search example.com.;
supersede domain-name-servers 127.0.0.1;

This similarly has no lasting effect, which is really surprising to me.

I did find a page on the Debian wiki [0] which recommends setting the
immutable attribute on /etc/resolv.conf.  However, that feels like an
ugly hack.

Can anyone point out what it is that I am missing here?

Regards,

-Roberto

[0] https://wiki.debian.org/resolv.conf

-- 
Roberto C. Sánchez