Date: Mon, 23 Oct 2017 04:17:11
From: Joe <joe@jretrading.com>
To: debian-user@lists.debian.org
Subject: Re: Why does resolv.conf keep changing?
Resent-Date: Mon, 23 Oct 2017 08:54:41 +0000 (UTC)
Resent-From: debian-user@lists.debian.org
On Sun, 22 Oct 2017 22:12:03 -0400
Roberto C. S?nchez <roberto@debian.org> wrote:
So, I just upgraded my main router/firewall machine to Stretch.
Following the upgrade my /etc/resolv.conf settings appear to track the
DHCP options obtained by one of the two interfaces. No matter what I
try I can't get the /etc/resolv.conf settings to remain as I would
like them.
The machine has two network interfaces: one on the Internt side which
connects to my ISP-provided equipment and which obtains its address
via DHCP, another on the LAN side which is statically configured.
My /etc/network/interfaces looks like this (192.168.174.0/24 is my LAN
subnet):
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.174.1
netmask 255.255.255.0
broadcast 192.168.174.255
auto eth1
iface eth1 inet dhcp
My /etc/resolv.conf looks like this:
domain example.com
search example.com.
nameserver 127.0.0.1
The reason for "nameserver 127.0.0.1" is that I run my own instance of
bind which acts as a caching server and also serves my own internal
zones. Prior to the recent upgrade to Stretch everything worked
normally. That is, whatever I put in /etc/resolv.conf was left as I
configured it. Following my recent Stretch upgrade I found my
resolv.conf had been changed to just this (192.168.63.1/24 is the
subnet used by the ISP equipment):
nameserver 192.168.63.1
That has the effect of not allowing processes running on that machine
(the router/firewall) to properly resolve internal DNS addresses.
Other machines on my network are fine since they get their name
servers set by the internal DHCP server which is configured with the
name server address 192.168.174.1. This DHCP server is different
from the embedded DHCP server that runs on my ISP's device.
I have tried two different things. First, I added this directive to
/etc/network/interfaces under the eth0 stanza:
dns-nameservers 127.0.0.1
That did not appear to have any effect because taking eth0 and eth1
down and then bringing them back up still results in resolv.conf
pointing to the ISP router as its name server. Additionally, after
the interfaces are up even if I manually change resolv.conf,
something comes along sometime later and undoes my changes.
The second thing I tried was adding to /etc/dhcp/dhclient.conf:
supersede domain-name example.com;
supersede domain-search example.com.;
supersede domain-name-servers 127.0.0.1;
This similarly has no lasting effect, which is really surprising to
me.
I did find a page on the Debian wiki [0] which recommends setting the
immutable attribute on /etc/resolv.conf. However, that feels like an
ugly hack.
It most certainly is, and shouldn't be necessary in your case.
Can anyone point out what it is that I am missing here?
Not 'missing', you probably have the package resolvconf installed, and
with your network configuration, you don't need it. It's not certain,
but it seems to be the culprit in most of these cases. There is
undoubtedly a way to beat it into submission, but it's not widely
known. There was another recent thread on this matter.
If you're bringing up and taking down random interfaces, such as VPN
tunnels and wifi, then you do want to keep shifting your DNS server, so
resolvconf is appropriate on a laptop, but probably not on a fixed
workstation.