Re: Why does resolv.conf keep changing?
- Date: Mon, 23 Oct 2017 19:26:38 -0500
- From: David Wright <deblis@xxxxxxxxxxxxxxxxx>
- Subject: Re: Why does resolv.conf keep changing?
On Mon 23 Oct 2017 at 19:33:01 (-0400), Roberto C. Sánchez wrote:
> On Mon, Oct 23, 2017 at 11:25:05AM +0200, tomas@xxxxxxxxxx wrote:
> > On Mon, Oct 23, 2017 at 09:17:11AM +0100, Joe wrote:
> > > On Sun, 22 Oct 2017 22:12:03 -0400
> > > Roberto C. Sánchez <roberto@xxxxxxxxxx> wrote:
> > [...]
> > > > I did find a page on the Debian wiki  which recommends setting the
> > > > immutable attribute on /etc/resolv.conf. However, that feels like an
> > > > ugly hack.
> > > >
> > >
> > > It most certainly is, and shouldn't be necessary in your case.
> > I've used that approach sometimes and regularly recommend it.
> > That said, my main intention is to *debug* the problem, i.e. to
> > provoke an error message in some log file or whatever, to learn which
> > process is (undesirably?) mutating some file. Most of the time this
> > leads to learning some config option to not do that mutation in the
> > first place (or to some understanding on why that mutation is a Good
> > Thing after all and to a better way of solving my real, underlying
> > problem).
> > Only in exceptional cases I had to "leave in" the immutable attribute
> > as a permanent "solution".
> So, I edited resolv.conf to my preference and then made it immutable
> with `chattr +i /etc/resolv.conf`. Several hours later the name server
> was changed back to the ISP router's address. That is very odd. Yet
> even more odd is that this time the domain and search options were left
> untouched. Previously, the domain and search would get wiped (because
> the ISP router doesn't push those options).
So if you:
$ ls -l --full-time /etc/resolv.conf
and then look at what happened at that precise time in /var/log/syslog
or wherever your logs are being written. What took place?