If you want the quick-and-dirty kludge:
chattr +i /etc/resolv.conf
The +i makes it immutable, even by root. You’d have to -i first if you ever need to edit it.
If you want the elegant way, what distro are you using?
Richard
For Debian use systemctl status bind9.
thanks guys much appreciated.
i also found the following for debian wiki outlines a number of ways to attack this issue…
Making /etc/resolv.conf immutable
This approach will render /etc/resolv.conf immutable so that it cannot be changed, regardless of what packages are installed or what tries to modify it.
rm -f /etc/resolv.conf
editor /etc/resolv.conf
chattr +i /etc/resolv.conf
A consequence of making /etc/resolv.conf immutable is that if dhclient-script tries to change it and fails, it clutters /etc with temporary files.
Configuring resolvconf
With resolvconf installed, you can tell it to do nothing whenever some daemon tries to modify resolv.conf, by putting resolvconf=NO in the /etc/resolvconf.conf file. (Note: this is not the /etc/resolv.conf file!)
Alternatively, you can use dns-nameserver entries in the appropriate stanza in /etc/network/interfaces:
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameserver 192.168.1.254
dns-nameserver 8.8.8.8
dns-search foo.org bar.com
Configuring dhclient
Stop dhclient from modifying /etc/resolv.conf
Another approach makes use of dhclient-script’s hook scripts. According to dhclient-script(8):
- When it starts, the client script first defines a shell function, make_resolv_conf , which is later used to create the /etc/resolv.conf file. To override the default behaviour, redefine this function in the enter hook script.
Therefore, we can stop dhclient from overwriting resolv.conf by doing the following:
echo ‘make_resolv_conf() { :; }’ > /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone chmod 755 /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
The execute bit is required because dhclient-script uses run-parts(8) to decide which files to read. For that same reason, the filename must not contain anything but letters, digits, underscores and hyphens.
Modifying /etc/dhcp/dhclient.conf
The /etc/dhcp/dhclient.conf file can be populated with directives that will override the options sent by the DHCP server. For example, these directives will override the domain, search, and nameserver parameters that are placed into /etc/resolv.conf:
supersede domain-name “example.com”; supersede domain-search “example.com”; supersede domain-name-servers 127.0.0.1;
Another option is to remove “domain-name, domain-name-servers, domain-search” from the request line. However, this only works on some networks, and not on others. If the DHCP server sends unsolicited domain-name-servers (et al.) responses, dhclient will still heed them, and will still overwrite the resolv.conf file.
Yeah, now I remember why I just use chattr +i.
Richard
ahahahah, i was just about to ask…in light of the above, which one will i go for?
I would like to try the “add dns-nameserver entries in /etc/network/interfaces”
trouble is, when i try to do this from virtualmin interface directly, it wont stick!
i might try editing the file directly (if i can find it)
EDIT
hmm forget that idea…im not sure what i should put in there?
If you’re young and want to learn how to do things in an elegant manner, do it the right way.
If you’re old and just want the damn thing to work…
Rich
1 Like
The downside is that you have to use nameservers that you know will work forever. Google’s are probably a safe bet to at least give notice before they shut them down.
Richard
is there a “right” way to configure this setting using the Virtualmin GUI?
to me that would see the best option. Im a windows man…so GUI is everything!
There is a File Manager in Virtualmin. (I never knew that until just now, by the way.)
The “typical” contents of /etc/resolv.conf would be:
search hostdomain.tld
nameserver x.x.x.x
nameserver y.y.y.y
nameserver 127.0.0.1
“hostdomain.tld” means the domain of the server’s hostname. For example, not server1.example.tld, but simply example.tld. I don’t think you need it if you’re not running a nameserver.
Richard
EDIT: Per Joe (he’s the smarter guy than me I told you would be coming along), do not use the 127.0.0.1 if you’re not running DNS on the Virtualmin server.
I want to point out here that if you are not using the Virtualmin server as your DNS server, 127.0.0.1 should not be in the list of name servers in resolv.conf (well, there are exceptions, if you have some sort of caching DNS setup, but generally not). During installation it is added because it always sets up local DNS during installation. But, if you aren’t using local DNS and you’re turning off the local DNS server you need to disable it in Features and Plugins and get rid of the 127.0.0.1 entry in resolv.conf (or in dhcp config or wherever it is being set).
2 Likes
awesome work guys, and thanks for all your insights on this. Joe i really appreciate that comment about not including 127.0.0.1 if one isnt also using the system as its own nameserver. I think this may be the key.
So, for the future, is there a way of ensuring that Virtualmin updates DO NOT inadvertantly overwrite these settings in resolv.conf for those of us newbies who dont set their systems up as nameservers? (clearly this is what has caused my problems)?
Finally, cannot the networking module be used to apply these settings directly? (i cant seem to get it to keep settings though as soon as i hit save, it loses them and just reverts back to 127.0.0.1)
So, the default in installer is always to setup DNS locally, and to make that change. Once you’ve disabled the DNS feature in Features and Plugins, Virtualmin will never complain about 127.0.0.1 being “missing” since it isn’t necessary or useful without locally hosted DNS. It never changes it automatically after installation.
The “newbie” path, as far as I’ve always been concerned, is to let Virtualmin manage DNS locally. But, folks seem to be moving away from that more frequently, so I guess I need to accommodate it, maybe in the setup wizard or maybe with an installer option.
If your resolv.conf is generated by dhcp, as it sounds like maybe it is, you have to change the setting in the dhcp configuration, or it will switch back every time you restart the server or restart networking. I’m not sure where that is…something like /etc/dhcp/dhclient.conf? You’re looking for prepend domain-name-servers 127.0.0.1; and you want to get rid of that line.
And, I don’t think there is any support for DHCP client configuration in Webmin’s networking modules. Configuring network via DHCP on a server was historically insane. Less insane now with virtual machines, virtual networking, etc.
maybe just making /etc/resolv.conf immutable as mentioned earlier is the easiest solution? 
It’s gotta be coming from somewhere, so update where it’s coming from. Virtualmin installer only knows how to add it to resolv.conf or dhclient.conf, so it’s gotta be one of those (or you configured it yourself, and hopefully know where you configured it).
This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.