Translation(s): none

There are several approaches to configuring the system so that /etc/resolv.conf is set by the administrator and not changed by automated means. This page documents some of the options.

Configuring dhclient

Modifying /etc/dhcp/dhclient.conf

With the isc-dhcp-client package, the /etc/dhcp/dhclient.conf file can be populated with directives that will override the options sent by the DHCP server. For example, these directives will override the domain, search, and nameserver parameters that are placed into /etc/resolv.conf:

supersede domain-name "example.com";
supersede domain-search "example.com";
supersede domain-name-servers 127.0.0.1;

Another option is to remove "domain-name, domain-name-servers, domain-search" from the request line.

The same applies for the other directives. dhclient.conf(5) lists all of the available options and their meanings.

Using hook scripts

Another approach makes use of dhclient-script's hook scripts. According to dhclient-script(8):

       When  it starts, the client script first defines a shell function, make_resolv_conf , which is later used to
       create the /etc/resolv.conf file.   To override the default behaviour, redefine this function in  the  enter
       hook script.

Configuring resolvconf

There are also options involving the resolvconf package itself. If you are familiar with how those options can be used to prevent unwanted changes to /etc/resolv.conf, then please contribute here.

Making /etc/resolv.conf immutable

This approach will render /etc/resolv.conf immutable so that it cannot be changed, regardless of what packages are installed or what tries to modify it.


/!\ The nameserver IP 8.8.4.4 is a DNS server from Google. If you don't trust or want to use another, insert an other ip there.

This page describes how to lock your /etc/resolv.conf

/etc/resolv.conf

my issues

my internet connection seems not to work. i could figured out, that it affects only dns. so my first workaround was

sh -c 'echo "nameserver 8.8.4.4" > /etc/resolv.conf'

but the networks I'm connected with didn't like my choice of nameserver. so they overwrites the resolv.conf many times.

the way forward

to get permanent peace a mention from #debian.de/freenode.org was to use chattr +i - and I start to go.

the ultimate order

rm /var/run/NetworkManager/resolv.conf  && rm /etc/resolv.conf && sh -c 'echo "nameserver 8.8.4.4" > /etc/resolv.conf' && cat /etc/resolv.conf &&  chattr -V +i /etc/resolv.conf

/var/run/NetworkManager/resolv.conf is an auto-generated symlink (I don't know which program it does)

the 'cat' order ist to generate output and control if it works.

same for the -V at the chattr order

A consequence of making /etc/resolv.conf immutable is that if dhclient-script tries to change it and fails, it clutters /etc with temporary files. See #860928 for details. The user/admin may need to periodically clean these files out of /etc until #860928 is fixed.


CategoryNetwork