NetworkManager And /etc/resolv.conf

Home » CentOS » NetworkManager And /etc/resolv.conf
CentOS 7 Comments

CentOS 7.5 image running on linode.

unbound running on localhost.

Have to use a cron job once a minute to keep /etc/resolv.conf using the localhost for name resolution – whenever NetworkManager gets restarted
(usually only a system boot) it gets over-written.

It seems every distro has a different way of preventing NetworkManager from replacing that file.

I found instructions for Fedora that said create
/etc/NetworkManager/conf.d/no-dns.conf containing

[main]
dns=none

That doesn’t seem to have any effect.

Poking around, I find a file on boot seems to be created called

/var/run/NetworkManager/resolv.conf

It has most of the contents of what ends up in /etc/resolv.conf – except w/o the last line, which just reads rotate in generated /etc/resolv.conf.

It says it’s generated by NetworkManager (both /etc/resolv.conf and the one in /var/run/NetworkManager) but neither are specific enough to indicate what is causing them to be created so I can turn it off.

Anyone know how to tell NetworkManager to just not create that file?

Using a cron job to overwrite it once a minute works but there must be a proper way.

I really wish KISS was a design goal when designing system configuration.

7 thoughts on - NetworkManager And /etc/resolv.conf

  • Just found this –

    # cat dhclient-exit-hooks echo ‘options rotate’ >> /etc/resolv.conf

    That’s where the last line in /etc/resolv.conf is coming from.

  • Okay replacing the contents of dhclient-exit-hooks with

    echo -e ‘nameserver 127.0.0.1\nnameserver ::1’ > /etc/resolv.conf

    seems to do what I need.

    I hope RHEL/CentOS 8 do networking better, as in, not have spaghetti scripts called here and there making something that should be a config option hard to do.

    With DNS the only way to trust results is if the zone is signed and local resolver validates. You can’t ever trust external nameservers defined by dhcp to validate. So there’s very valid reasons to want to use local unbound.

  • I don’t know about CentOS 7 because I’m running CentOS 6, but on other systemd distributions where I’ve run into similar issues I was either able to add a hardcoded DNS server to network manager or resolve the problem through systemd-resolved.

    In one case I resolved the issue best by disabling systemd-resolved, but if you check the man page for systemd-resolved as wells as the man page for  resolved.conf (/etc/systemd/resolved.conf on other distributions)
    my sense is you will find a cleaner solution.  It would seem to me that if you are running bind or powerdns on your local host, then it would make sense to me to disable systemd-resolved, since you don’t need so many layers of caching dns resolvers.

    Nataraj

  • Alice was talking about CentOS 7.5, which doesn’t have systemd-resolved nor does it have systemd-networkd. I didn’t look at EL8 betas yet but we can probably expect systemd-networkd to be included there. If that’s the case, we’ll probably have legacy script based configs, NetworkManager and systemd-networkd/systemd-resolved.

    In other words, things may not get easier in the future but even more confusing. At least that’s already the case if you run different distributions.

    Regards, Simon

  • Hi in august 1017 i had put away the following remark about this item:

    #edit gvim /var/run/NetworkManager/resolv.conf
    # to your needs
    # make /etc/resolv.conf a link to the above file rm /etc/resolv.conf ln -s /lib/systemd/resolv.conf /etc/resolv.conf

    # dns=none does not work in either /etc/NetworkManager/NetworkManager.conf
    # nor in /etc/NetworkManager/conf.d/dns.conf

    ——————-

    OR, much simpler:

    in /etc/sysconfig/network-scripts/ifcfg-ethX
    …. PEERDNS=no IPV6_PEERDNS=no
    ….

    suomi

  • With the init scripts I have in /etc/sysconfig/network-scripts/ifcfg-ethX
    RESOLV_MODS=”no”

    Regards, Simon

  • No, you get to keep NetworkManager.

    https://bugzilla.redhat.com/show_bug.cgi?id50342

    Michal Sekletar:

    “In RHEL-7 we shipped it in Optional channel, hence it was not officially
    supported. We decided to remove it for a couple for reasons,
    * networkd is not mature enough and is somewhat poorly maintained upstream
    * networkd is still missing management interfaces (DBUS interface)
    * RHEL’s default network configuration tool is NetworkManager and we didn’t want to send mixed signals to users
    * RHEL-8 was supposed to be as small as possible in terms of packages
    * we didn’t see too much networkd usage (even experimental) in RHEL-7”