Web lists-archives.com

Re: Why does resolv.conf keep changing?




On Monday 23 October 2017 11:48:36 Jude DaShiell wrote:

> If you've got dynamic ip addresses as many of us do, that file has to
> change to keep your internet connection up.
>
This true, but all the isp's I have dealt with over the last 23 years, 
have all assigned that dynamic address BASED on the MAC of the device 
doing the requesting. So while my router(s) do use dhcp to get its 
internet address, I can even swap routers as long as I clone the 
originals MAC address into the replacement.

So my web page, (see the sig) which is on this machine, has for the most 
part just worked for much of a decade now. There hasn't been zero 
downtime of course, perhaps .01% of the time.
  
> On Mon, 23 Oct 2017, Joe wrote:
> > Date: Mon, 23 Oct 2017 04:17:11
> > From: Joe <joe@xxxxxxxxxxxxxx>
> > To: debian-user@xxxxxxxxxxxxxxxx
> > Subject: Re: Why does resolv.conf keep changing?
> > Resent-Date: Mon, 23 Oct 2017 08:54:41 +0000 (UTC)
> > Resent-From: debian-user@xxxxxxxxxxxxxxxx
> >
> > On Sun, 22 Oct 2017 22:12:03 -0400
> >
> > Roberto C. S?nchez <roberto@xxxxxxxxxx> wrote:
> >> So, I just upgraded my main router/firewall machine to Stretch.
> >> Following the upgrade my /etc/resolv.conf settings appear to track
> >> the DHCP options obtained by one of the two interfaces.  No matter
> >> what I try I can't get the /etc/resolv.conf settings to remain as I
> >> would like them.
> >>
> >> The machine has two network interfaces: one on the Internt side
> >> which connects to my ISP-provided equipment and which obtains its
> >> address via DHCP, another on the LAN side which is statically
> >> configured.
> >>
> >> My /etc/network/interfaces looks like this (192.168.174.0/24 is my
> >> LAN subnet):
> >>
> >> auto lo
> >> iface lo inet loopback
> >>
> >> auto eth0
> >> iface eth0 inet static
> >>         address 192.168.174.1
> >>         netmask 255.255.255.0
> >>         broadcast 192.168.174.255
> >>
> >> auto eth1
> >> iface eth1 inet dhcp
> >>
> >> My /etc/resolv.conf looks like this:
> >>
> >> domain example.com
> >> search example.com.
> >> nameserver 127.0.0.1
> >>
> >> The reason for "nameserver 127.0.0.1" is that I run my own instance
> >> of bind which acts as a caching server and also serves my own
> >> internal zones.  Prior to the recent upgrade to Stretch everything
> >> worked normally.  That is, whatever I put in /etc/resolv.conf was
> >> left as I configured it.  Following my recent Stretch upgrade I
> >> found my resolv.conf had been changed to just this (192.168.63.1/24
> >> is the subnet used by the ISP equipment):
> >>
> >> nameserver 192.168.63.1
> >>
> >> That has the effect of not allowing processes running on that
> >> machine (the router/firewall) to properly resolve internal DNS
> >> addresses. Other machines on my network are fine since they get
> >> their name servers set by the internal DHCP server which is
> >> configured with the name server address 192.168.174.1.  This DHCP
> >> server is different from the embedded DHCP server that runs on my
> >> ISP's device.
> >>
> >> I have tried two different things.  First, I added this directive
> >> to /etc/network/interfaces under the eth0 stanza:
> >>
> >>         dns-nameservers 127.0.0.1
> >>
> >> That did not appear to have any effect because taking eth0 and eth1
> >> down and then bringing them back up still results in resolv.conf
> >> pointing to the ISP router as its name server.  Additionally, after
> >> the interfaces are up even if I manually change resolv.conf,
> >> something comes along sometime later and undoes my changes.
> >>
> >> The second thing I tried was adding to /etc/dhcp/dhclient.conf:
> >>
> >> supersede domain-name example.com;
> >> supersede domain-search example.com.;
> >> supersede domain-name-servers 127.0.0.1;
> >>
> >> This similarly has no lasting effect, which is really surprising to
> >> me.
> >>
> >> I did find a page on the Debian wiki [0] which recommends setting
> >> the immutable attribute on /etc/resolv.conf.  However, that feels
> >> like an ugly hack.
> >
> > It most certainly is, and shouldn't be necessary in your case.
> >
> >> Can anyone point out what it is that I am missing here?
> >
> > Not 'missing', you probably have the package resolvconf installed,
> > and with your network configuration, you don't need it. It's not
> > certain, but it seems to be the culprit in most of these cases.
> > There is undoubtedly a way to beat it into submission, but it's not
> > widely known. There was another recent thread on this matter.
> >
> > If you're bringing up and taking down random interfaces, such as VPN
> > tunnels and wifi, then you do want to keep shifting your DNS server,
> > so resolvconf is appropriate on a laptop, but probably not on a
> > fixed workstation.


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>