364

Most of the info I see online says to edit /etc/resolv.conf, but any changes I make there just get overridden.

$ cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- 
#     YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1

It seems that 127.0.1.1 is a local instance of dnsmasq. The dnsmasq docs say to edit /etc/resolv.conf. I tried putting custom nameservers in /etc/resolv.conf.d/base, but the changes didn't show up in /etc/resolv.conf after running sudo resolvconf -u.

FYI, I don't want to change DNS on a per-connection basis, I want to set default DNS settings to use for all connections when not otherwise specified.

UPDATE:

I answered this question myself: https://unix.stackexchange.com/a/163506/67024

I think it's the best solution since:

  1. It works.
  2. It requires the least amount of changes and
  3. It still works in conjunction with dnsmasq's DNS cache, rather than bypassing it.
intika
  • 14,406
Seán Hayes
  • 4,541
  • 2
    Better answer your question instead of update your question I think... will be easier to find the right answer you gave to your problem – Philippe Gachoud Aug 02 '18 at 18:09
  • It seems that most answers are Ubuntu-oriented, and overly complicated. A universal solution for NetworkManager users is to simply add dns=none in /etc/NetworkManager/NetworkManager.conf (see details in my answer below). – Skippy le Grand Gourou Mar 05 '19 at 09:09
  • I think this answer clarifies why the resolve.conf is overwritten, then you know how to configure it. – foman Jul 31 '19 at 02:26

18 Answers18

306

I believe if you want to override the DNS nameserver you merely add a line similar to this in your base file under resolv.conf.d.

Example

NOTE: Before we get started, sure the following package is installed, apt install resolvconf.

$ sudo vim /etc/resolvconf/resolv.conf.d/base

Then put your nameserver list in like so:

nameserver 8.8.8.8
nameserver 8.8.4.4

Finally update resolvconf:

$ sudo resolvconf -u

If you take a look at the man page for resolvconf it describes the various files under /etc/resolvconf/resolv.conf.d/.

   /etc/resolvconf/resolv.conf.d/base
          File  containing  basic  resolver  information.  The lines in this 
          file are included in the resolver configuration file even when no
          interfaces are configured.

/etc/resolvconf/resolv.conf.d/head File to be prepended to the dynamically generated resolver configuration file. Normally this is just a comment line.

/etc/resolvconf/resolv.conf.d/tail File to be appended to the dynamically generated resolver configuration file. To append nothing, make this an empty
file. This file is a good place to put a resolver options line if one is needed, e.g.,

          options inet6

Even though there's a warning at the top of the head file:

$ cat /etc/resolvconf/resolv.conf.d/head
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN

this warning is is there so that when these files are constructed, the warning will ultimately work its way into the resulting resolv.conf file that these files will be used to make. So you could just as easily have added the nameserver lines that are described above for the base file, to the head file too.

References

slm
  • 369,824
  • I believe you should add this line to the base file as the head file basically contains the header comments to tell you not to modify the file. – xuhdev May 29 '14 at 06:18
  • @xuhdev - I've changed the A to use base but you could've used head as well. See my updates for more info. – slm May 29 '14 at 06:34
  • 33
    Ubuntu 14.04 - when I put the nameservers into base and run resolvconf -u, the nameservers were not put into resolv.conf - when I put the nameservers into head, they were – HorusKol May 27 '15 at 00:48
  • 7
    Ubuntu 14.04 - Also had to comment out configuration set in /run/resolvconf/interface/NetworkManager – bitsoflogic Oct 13 '15 at 14:18
  • 4
    type nslookup google.com and the first IP in the list should be your new nameserver, if not, you did it wrong – frazras Oct 30 '17 at 01:59
  • 8
    Ubuntu 16.04: Worked if appended to /etc/resolvconf/resolv.conf.d/head only, not with base. Confirmed with nslookup google.com. – Asclepius Apr 01 '18 at 18:22
  • 2
    At least for Debian bullseye, the documentation for files /etc/resolvconf/resolv.conf.d/* is found in man 8 resolvconf. – Abdull Oct 31 '22 at 09:46
90

I am also interested in this question and I tried the solution proposed @sim.

To test it, I put

nameserver 8.8.8.8

in /etc/resolvconf/resolv.conf.d/base and

nameserver 8.8.4.4

in /etc/resolvconf/resolv.conf.d/head

Then I restarted the network with

sudo service network-manager restart

The result is that /etc/resolv.conf looks like

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.4.4
nameserver 127.0.1.1

and nm-tool states that the dnsserver are

DNS:             208.67.222.222
DNS:             208.67.220.220

which are the ones provided by my router. On the other hand digging an address tells that

;; Query time: 28 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)

If I am right, I conclude from all this that

  1. only the "head" part is read by resolvonf: the "base" part is somehow controlled by dnsmasq
  2. the dnsserver is actually forced to 8.8.4.4 regardless of the server provided by dhcp, BUT you loose the caching provided by dnsmasq, since the request is always sent to 8.8.4.4
  3. dnsmasq is still using ONLY the dnsserver provided by dhcp.

All in all, it works but I don't think it is the intended result asked for. A more close solution I think is the following. Edit

sudo vim /etc/dhcp/dhclient.conf

then add

supersede domain-name-servers 8.8.8.8;

The result is the following: resolv.conf contains only 127.0.0.1, which means that dnsmasq cache is invoked and nm-tool says

DNS:             8.8.8.8

which means that if the name searched for is not in the cache, then it is asked for at 8.8.8.8 and not at the server provided by dhcp.

Another (perhaps better) option is to use "prepend" instead of "supersede": in this way, if the name is not resolved by 8.8.8.8, then the request falls back on the other server. In fact, nm-tool says

DNS:             8.8.8.8    
DNS:             208.67.222.222
DNS:             208.67.220.220
brad
  • 1,061
  • 4
    A much better answer than hacking into the NS configs. Especially the option to prepend a server in front of the dhcp provided ones. Seems like the perfect balance of solving the problem, without creating new ones! – Steve Midgley Nov 22 '14 at 21:08
  • 2
    It's worth noting nm-tool has been replaced with nmcli – Fiddy Bux Jan 25 '19 at 21:55
79

I found out that you can change the nameservers that dnsmasq uses by adding the following lines to /etc/dnsmasq.conf:

server=8.8.8.8
server=8.8.4.4

I didn't have a /etc/dnsmasq.conf file though, since it's installed by the dnsmasq package, but Ubuntu only comes with dnsmasq-base. I ran sudo apt-get install dnsmasq, then edited /etc/dnsmasq.conf, then sudo service dnsmasq restart and sudo service network-manager restart.

I ran sudo tail -n 200 /var/log/syslog to check my syslog and verify that dnsmasq was using the nameservers I specified:

Oct 21 23:00:54 mylaptop dnsmasq[8611]: using nameserver 8.8.8.8#53
Oct 21 23:00:54 mylaptop dnsmasq[8611]: using nameserver 8.8.4.4#53
Seán Hayes
  • 4,541
  • 5
    There is a reason why this is marked as the best answer...because it is indeed! thanks very much! I would add that, after all the steps you mentioned, a network restart might be necessary for everything to work smoothly (it was for me.... sudo service network-manager restart) – Clint Eastwood Feb 05 '15 at 19:16
  • 3
    On Ubuntu 14.04 Server about half the time a cold boot would result no internet connectivity using a URL but an IP-Address would work. I spent a lot of time fruitlessly trying to fix it, gave up for months, then found this solution. I, too, think it is the best answer. – Nate Lockwood Sep 24 '15 at 17:42
  • It's intriguing that dnsmasq has to be installed. This indeed fixed my DNS in a normal situation, but it totally broke my VPN configuration (VPN connection now fails...) – PlasmaBinturong Apr 01 '18 at 19:40
  • there is no such file on Centos – stiv Oct 23 '19 at 08:25
  • 1
    ubuntu 16: changes from the procedure with dnsmasq are not being propagated into /etc/resolv.conf. The consequence is, hat nslookup still uses its original defined localhost 127.0.0.1. Although I can confirm your syslogs mentioned. – woodz May 25 '20 at 18:38
  • I hardly know what's going on... but I go to "Edit Connections" and "IPv4 Settings" and add those 2 DNS servers and it works!! – Yan King Yin Jun 06 '20 at 13:32
26

For static IP situations, the Ubuntu Server Guide says to change the file /etc/network/interfaces, which may look like this:

iface eth0 inet static
address 192.168.3.3
netmask 255.255.255.0
gateway 192.168.3.1
dns-search example.com
dns-nameservers 192.168.3.45 192.168.8.10

You change the IPs 192.168.3.45 192.168.8.10 for the ones you want, like 8.8.8.8

https://help.ubuntu.com/14.04/serverguide/serverguide.pdf Page 38

dhag
  • 15,736
  • 4
  • 55
  • 65
Rodolpho
  • 261
21
  1. Search ' Network Connection'

  2. Open it

                        enter image description here

  3. Then select either WiFi or Ethernet, or whatever you are using, and click on edit. You'll get this:

                  enter image description here

  4. Select ipv4 in tabs

  5. Select addresses only in method

  6. Enter your DNS name below, and save it

  7. You're done

pa1pal
  • 327
  • I'd have to do this for each network connection though. In the past you could change the default for all connections, which is what I was looking to do here. – Seán Hayes Nov 09 '14 at 18:17
  • 2
    I love you! this UI setting saved my ass from sudo and vim mess :'( – Luke Mar 28 '15 at 14:05
  • Using Mint (on Ubuntu 14.04) - but seen this with KDE, too - for some reason, setting DNS servers in the GUI Network Manager doesn't affect the DNS settings used in a terminal – HorusKol May 27 '15 at 00:51
  • 2
    Best answer imho. On Ubuntu 14.04 I got 2 external IP-addresses for DNS that wouldn't recognise clients inside my home network. Leaving Method on 'Automatic (DHCP)' for the wired connection added my router's IP-address to the existing list. For the wireless connection over wlan0, that didn't work, but Method on 'Automatic (DHCP) addresses only' replaced the external addresses with my router IP and then that worked too. Apply changes with sudo service network-manager restart, wait a bit, verify with nmcli d list | grep 'DNS\|IP-IFACE'. And ping your internal client by name. – RolfBly Jun 23 '15 at 15:09
  • this is the correct answer – java-addict301 Jul 05 '20 at 05:58
19

A quick and dirty workaround that wasn't mentioned yet is setting the immutable flag on the resolv.conf file right after editing it.

$ sudo nano /etc/resolv.conf

Add this and save:

nameserver 8.8.8.8

Then:

$ sudo chattr +i /etc/resolv.conf

That should do the trick. I do this on my system too.

14

My issue was a bit different, I wanted to override my routers DNS servers. I found this link from Ubuntu: https://wiki.ubuntu.com/OverrideDNSServers

It says: If you would like to override the DNS settings provided to you by a DHCP server, open

/etc/dhcp3/dhclient.conf

and add the following line:

supersede domain-name-servers <dns_ip_address1>,<dns_ip_address2>;

replacing <dns_ip_address*> items with the proper content.

Ryan
  • 141
5

Try adding dns-nameservers XXX.XXX.XXX.X into your /etc/networking/interfaces file.

drs
  • 5,453
Mike
  • 59
  • Leave a comment when you downvote, please. This is the method given in the manual, page 38. – Zook Jul 24 '14 at 16:07
  • 1
    The unmentioned manual shows all IPs on one line. This answer seems to suggest adding a line. And why is the last number only one X wide? I think it mostly was the extremely informal and uncertain short chat-style writing that garnered the downvotes, @Zook. – Cees Timmerman Jun 12 '15 at 10:07
4

Maybe I'm missing something, but according to the config instructions at https://help.ubuntu.com/14.04/serverguide/network-configuration.html all you do is update the following. I am not running a proxy - just a machine behind a firewall and local DNS (example shows Googles, but set it to whatever you need).

nano /etc/network/interfaces

Default:

# This file...
# and how to activate...

# The loopback...
auto local
iface lo inet loopback

# The primary network interface 
auto eth0
iface eth0 inet dhcp

UPDATED:

# This file...
# and how to activate...

# The loopback...
auto local
iface lo inet loopback

# The primary network interface 
#iface eth0 inet dhcp
iface eth0 inet static
address x.x.x.x
netmask 255.255.255.0
gateway x.x.x.x

#nameservers
# you may not need dns-search
# I use it because I'm running this on a Windows network 
# so its useful to have
# dns-search x.y 
dns-nameservers 4.4.4.4 8.8.8.8

Reboot, if you can.

3

There are two methods

Method 1

The DNS server to use can be changed by updating head file in under resolv.conf.d

$ echo 'nameserver 1.1.1.1' | sudo tee /etc/resolvconf/resolv.conf.d/base

and then run

$ sudo resolvconf -u

The above will generate a generic resolv.conf file in the /etc directory. All your resolve requests will be sent to the above said nameserver. Solved.

However there are implications to this. When using resolvconf to directly query 1.1.1.1 for address resolutions, the power of caching provided by dnsmasq is gone. Every request will go to 1.1.1.1

Method 2

If you don't want above to happen and use dnsmasq for DNS resolutions refer this answer. The answer is simply described here.

Add the following content in /etc/dnsmasq.conf file.

server=1.1.1.1

Then restart the dnsmasq service

$ sudo systemctl restart dnsmasq.service

Things will work fine. Solved.

slm
  • 369,824
2

Some of the answers here work just fine. However I wasn't happy with the fact I have to manually go through configuration files just to set the "proper" DNS which I already am receiving over DHCP with NetworkManager.

I did a little digging and noticed that the /etc/resolv.conf file is actually a link and it's pointing to /run/systemd/resolve/stub-resolv.conf. After some experimenting it appears that /run/systemd/resolve/ directory contains another file named resolv.conf which already contains the settings you've received via DHCP. So, instead of having to manually overwrite/create configuration files in /etc/, you can simply re-link /etc/resolv.conf to point to the /run/systemd/resolve/resolv.conf file and all should be just fine:

# sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

You should now be able to edit the settings even from the Network Manager in Gnome. :)

Not sure if this will work on older ubuntu's but it does on Ubuntu 17.10.

tftd
  • 193
  • when we run systemd-resolve --flush-cache the original linked file is severed apparently, the answer above restore the original functionality – hafizhanindito Mar 17 '19 at 19:34
2

NB : Like most answers, this one assumes the use of NetworkManager. However unlike most other answers, it doesn't assume the use of resolvconf, dhclient or anything else — beware that they may take over, though (see update).

Given the number of views of this question it's quite incredible that this 8 characters solution hasn't been posted yet : according to man NetworkManager.conf,

dns: […] none: NetworkManager will not modify resolv.conf. This implies rc-manager unmanaged

Therefore add

dns=none

in the [main] section of /etc/NetworkManager/NetworkManager.conf then restart NetworkManager and it won't modify /etc/resolv.conf anymore.

Note that setting rc-manager=unmanaged should be equivalent to dns=none, and that setting rc-manager=symlink along with having /etc/resolv.conf as a symbolic link may be a better idea (read above-mentioned manpage).

Update :

After NetworkManager stopped overwriting /etc/resolv.conf, I figured dhcpcd was already replacing /etc/resolv.conf by a useless empty file at boot. The manpage of dhcpcd.conf helped, it suffices to add

nohook resolv.conf

in your dhcpcd.conf (mine is in /etc/dhcpcd.conf).

1

EDIT MAY 6,2016

I've written a script to update all settings for system connections in the /etc/Network-Manager/system-connections/ directory. The GUI that you use to edit individual connections, edits a particular file in that directory. The script updates all of the files - it just searches for those who don't have dns set with grep and sets it with awk.

Since accessing those files requires sudo access, run this script with sudo and then - restart network manager

#!/bin/bash
# Author: Serg Kolo
# Date: May 6, 2015
# Description: this script checks all settings for connections in 
# /etc/NetworkManager/system-connections/ , and if there's no custom
# dns set , this script sets it;
# NOTE: run sudo service network-manager restart after running this script

set -x

for file in /etc/NetworkManager/system-connections/* ; do
        grep 'dns=208.67.220.220;' "$file"  || ( awk '{print;if ($1=="[ipv4]"){getline; print "method=auto\ndns=208.67.220.
220;\nignore-auto-dns=true"}}' "$file" > .tmpfile && ( cat .tmpfile > "$file") )
done

Script in action:

enter image description here

ORIGINAL POST Some users here pointed out that DNS is somehow controlled by dnsmasq. That is indeed true. I've faced a somewhat smaller issue, where no matter how I changed head or body in /etc/resolvconf/resolv.conf.d , my computer couldn't actually access interned by domain name - only working with IP addresses.

What I did is to edit the /etc/NetworkManager/NetworkManager.conf file. Originally, it said dns=dnsmasq but I changed it to: dns=208.67.222.222. Although this way, nm-tool doesn't mention 208.67.222.222, I still was able to use domain names, not just IP addresses.

Here's how my NetworkManager.conf file looks like now:

[main]
plugins=ifupdown,keyfile,ofono
#dns=dnsmasq
dns=208.67.222.222

[ifupdown]
managed=false

NOTE: For more details on my problem and this solution, refer to my post on askubuntu.com.

UPDATE #1

Having returned home from the university today, I discovered that I couldn't connect to my home WiFi. I've read-up a little on man NetworkManager.conf and it turns out that dns= in [main] is actually a line for plug-ins, so line dns=dnsmasq is actually adding the dnsmasq plugin to the NetworkManager, apparently.

So my solution still worked, just not as I had expected. Here's excerpt from the man page:

dns=plugin1,plugin2, ... List DNS plugin names separated by ','. 

DNS plugins are used to provide local caching nameserver functionality (which speeds up DNS queries) and to push DNS data to applications that use it.

So by setting dns=208.67.222.222 I may have, basically, prevented NetworkManager from using that plugin, which would otherwise used the local DNS server (which apparently doesn't work).

1

That's because a particular installed application is managing this file. You can either uninstall that application or set your desired options directly through that application.

On my case (Linux centos7 minimal server) having same situation I was getting # Generated by NetworkManager at top of resolv.conf file so the best way I could change this option was using

nmtui

command. You can edit nameservers in this tool and when you change options of networkmanager from this utility they will be automatically applied to /etc/resolv.conf after reboot. Here you can find more information.
  • Thanks for this.

    The "more information" link has gone stale, but searching on RedHat's site finds similar documentation: https://access.redhat.com/search/?q=nmtui

    – Dave Burton Dec 18 '23 at 10:27
1

Nothing at all on the Internet helped me, because NordVPN's CLI utility kept overwriting /etc/resolv.conf every time I connected and disocnnected from the VPN. It even overrode chattr +i, which was super annoying!!

What worked for me was completely disabling resolvconf!

Edit /etc/resolvconf.conf and make this the only entry:

resolv_conf=NO

This specifically disables resolvconf, meaning your /etc/resolv.conf will never be changed by it. Then go ahead and sudo chattr +i /etc/resolv.conf for good measure.

Tested on Arch Linux.

1

On Centos 7, using NetworkManager, the cleanest, persisent, working solution that I've been able to find is to create a NetworkManager script that uses nmcli to set the values I want.

e.g.

Create /etc/NetworkManager/dispatcher.d/mydns.sh with permissions 755 and the following contents:

#!/usr/bin/sh

if [ $1 == "enp0s11" -a $2 == "up" ] then echo "Setting my DNS ($1 is $2)" | logger

    # disable default DNS
    nmcli device mod enp0s11 ipv4.ignore-auto-dns yes

    # Substitute our own DNS, in the desired order
    nmcli device mod enp0s11 ipv4.dns &quot;10.0.1.101 10.0.1.1&quot;

fi

And to test, without rebooting:

systemctl restart NetworkManager.service
cat /etc/resolv.conf

YMMV, but this is the only way I've found that allows my /etc/resolv.conf to 'survive' a reboot without being overwritten with values I don't want.

Ben Aveling
  • 1,440
0

The easy way to change DNS:

$ sudo nano /etc/network/interfaces

If issues come up, install nano:

$ sudo apt-get install nano -y

then ..

  1. find this: dns-nameservers
  2. if you don't find it just type it in there
  3. I did mine like this: dns-nameservers 199.85.126.10 199.85.127.10

I hope this is the best way, I did it like this on a VPS by the way.

slm
  • 369,824
0

on root:

  1. comment dns=dnsmasq on /etc/NetworkManager/NetworkManager.conf
  2. add supersede domain-name-servers 4.2.2.1,4.2.2.3,4.2.2.5,4.2.2.4,4.2.2.1,4.2.2.2; at the end of /etc/dhcp/dhclient.conf
  3. sudo service network-manager restart

The following makes the changes shown above:

$ sudo sed -i 's/dns\x3Ddnsmasq/\x23dns\x3Ddnsmasq/' \
   /etc/NetworkManager/NetworkManager.conf

$ echo 'supersede domain-name-servers 4.2.2.1,4.2.2.3,4.2.2.5,4.2.2.4,4.2.2.1,4.2.2.2;' | \
   sudo tee --append /etc/dhcp/dhclient.conf

$ sudo service network-manager restart

Wait 7/10 seconds to finish the restart process, check your config with "nslookup nist.gov". Works well on Ubuntu LTS 14.04.

slm
  • 369,824