Web lists-archives.com

Re: Why does resolv.conf keep changing?




On Wed, Oct 25, 2017 at 11:35:20PM -0400, Stefan Monnier wrote:
> `resolvconf` only touches /etc/resolv.conf when it is installed/initialized.
> What it does to it is to replace it with a symlink.
> After that, it doesn't touch it any morel instead it only modifies the file
> that is the target of that symlink.
> 
> So there's your answer:
> - rm /etc/resolv.conf
> - zile /etc/resolv.conf

How is this supposed to prevent dhclient (et al.) from modifying the
file, then?

A quick read of /sbin/dhclient-script shows me nothing promising.
(It's also full of bugs, which is exactly what one expects in a
shell script provided by an OS package, or to be fair, any shell
script at all.)

A quick read of
<https://manpages.debian.org/stretch/openresolv/resolvconf.8.en.html>
is... interesting, but low on details.  It doesn't tell me what
resolvconf actually DOES, how it prevents other things from writing
to the file.  But see below.

Hmm... how COULD it work?

Checking <https://packages.debian.org/stretch/all/resolvconf/filelist> ....
Aha!  Installing resolvconf creates a file named
/etc/dhcp/dhclient-enter-hooks.d/resolvconf in the dhclient
hooks directory.  Maybe this file overrides the make_resolv_conf
shell function that dhclient-script provides.  I would have to
download and extract the resolvconf package to find out, since I
don't have it installed anywhere.

But what's most interesting to me is this paragraph in the resolvconf
man page:

  In some situations resolvconf needs to act as a deterrent to writing
  to /etc/resolv.conf. Where this file cannot be made immutable or you
  just need to toggle this behaviour, resolvconf can be disabled by
  adding resolvconf=NO to resolvconf.conf(5).

Sounds like chattr +i IS actually the preferred solution.  Installing and
configuring resolvconf is the fallback solution.