Re: Why does resolv.conf keep changing?
On Sun, 22 Oct 2017 22:12:03 -0400
Roberto C. Sánchez <firstname.lastname@example.org> wrote:
> So, I just upgraded my main router/firewall machine to Stretch.
> Following the upgrade my /etc/resolv.conf settings appear to track the
> DHCP options obtained by one of the two interfaces. No matter what I
> try I can't get the /etc/resolv.conf settings to remain as I would
> like them.
> The machine has two network interfaces: one on the Internt side which
> connects to my ISP-provided equipment and which obtains its address
> via DHCP, another on the LAN side which is statically configured.
> My /etc/network/interfaces looks like this (192.168.174.0/24 is my LAN
> auto lo
> iface lo inet loopback
> auto eth0
> iface eth0 inet static
> address 192.168.174.1
> netmask 255.255.255.0
> broadcast 192.168.174.255
> auto eth1
> iface eth1 inet dhcp
> My /etc/resolv.conf looks like this:
> domain example.com
> search example.com.
> nameserver 127.0.0.1
> The reason for "nameserver 127.0.0.1" is that I run my own instance of
> bind which acts as a caching server and also serves my own internal
> zones. Prior to the recent upgrade to Stretch everything worked
> normally. That is, whatever I put in /etc/resolv.conf was left as I
> configured it. Following my recent Stretch upgrade I found my
> resolv.conf had been changed to just this (192.168.63.1/24 is the
> subnet used by the ISP equipment):
> nameserver 192.168.63.1
> That has the effect of not allowing processes running on that machine
> (the router/firewall) to properly resolve internal DNS addresses.
> Other machines on my network are fine since they get their name
> servers set by the internal DHCP server which is configured with the
> name server address 192.168.174.1. This DHCP server is different
> from the embedded DHCP server that runs on my ISP's device.
> I have tried two different things. First, I added this directive to
> /etc/network/interfaces under the eth0 stanza:
> dns-nameservers 127.0.0.1
> That did not appear to have any effect because taking eth0 and eth1
> down and then bringing them back up still results in resolv.conf
> pointing to the ISP router as its name server. Additionally, after
> the interfaces are up even if I manually change resolv.conf,
> something comes along sometime later and undoes my changes.
> The second thing I tried was adding to /etc/dhcp/dhclient.conf:
> supersede domain-name example.com;
> supersede domain-search example.com.;
> supersede domain-name-servers 127.0.0.1;
> This similarly has no lasting effect, which is really surprising to
> I did find a page on the Debian wiki  which recommends setting the
> immutable attribute on /etc/resolv.conf. However, that feels like an
> ugly hack.
It most certainly is, and shouldn't be necessary in your case.
> Can anyone point out what it is that I am missing here?
Not 'missing', you probably have the package resolvconf installed, and
with your network configuration, you don't need it. It's not certain,
but it seems to be the culprit in most of these cases. There is
undoubtedly a way to beat it into submission, but it's not widely
known. There was another recent thread on this matter.
If you're bringing up and taking down random interfaces, such as VPN
tunnels and wifi, then you do want to keep shifting your DNS server, so
resolvconf is appropriate on a laptop, but probably not on a fixed