7

I want to use certain DNS servers on my Debian, regardless of whatever I get through DHCP. I'm trying to configure dhclient to ignore those, but I can't seem to get it to work.

Per advice from this article I added supersede domain-name-servers 8.8.8.8, 8.8.4.4; stanza to my /etc/dhcp/dhclient.conf file. I also tried these answers from superuser.com and removed domain-name-servers and domain-search values from request directive. Both of those, applied separately as well as together, seem to have no effect. After running sudo dhclient -r and then sudo dhclient, I still find following entries in /etc/resolvconf/run/interfaces/enp2s0.dhclient:

domain lan
nameserver 192.168.1.1

which prompt resolvconf to put nameserver 192.168.1.1 in my /etc/resolv.conf file.

I double-checked if I don't miss any semicolons or similar syntax elements. How can I get my configuration to work? I don't want to remove resolvconf, since it manages changes in my nameservers when I use corporate VPN and it does it well. It looks like dhclient is the offending party here.

Here's my current /etc/dhcp/dhclient.conf with default comments removed for the sake of clarity:

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;

send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
        domain-name, host-name,
        dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
        netbios-name-servers, netbios-scope, interface-mtu,
        rfc3442-classless-static-routes, ntp-servers;


#supersede domain-name-servers 8.8.8.8, 8.8.4.4;

Update: per request in comment, here's output of ps ax | grep dhcp:

23528 pts/2    S+     0:00 grep dhcp
terdon
  • 242,166
Red
  • 1,442
  • 1
  • 15
  • 18

4 Answers4

6

If you don't need resolvconf to manage your /etc/resolv.conf file, the simplest solution is to uninstall resolvconf entirely.

Stephen Kitt
  • 434,908
  • +1. apt-get purge --kill-kill-kill --burn-it-with-fire resolvconf. – cas Apr 01 '16 at 23:16
  • 2
    I'd like to avoid that, since resolvconf automatizes nameservers change when connecting to VPN and disconnecting from it. I should probably add that information to the question. – Red Apr 04 '16 at 11:23
1

How to stop dhclient from updating resolvconf on Debian?

I don't want to remove resolvconf

You need to add domain-name-servers 8.8.8.8, 8.8.4.4 to

/etc/resolvconf/resolv.conf.d/base

And

/etc/network/interfaces

Regenerate resolv.conf then restart networking:

resolvconf -u
/etc/init.d/networking restart
Community
  • 1
GAD3R
  • 66,769
1

As you've discovered, resolvconf is not the problem. My solution for this was to create a file /etc/dhcp/dhclient-enter-hooks.d/ignore_resolv_conf and put this in it:

# prevent dhclient from touching /etc/resolv.conf
make_resolv_conf() { : ; }

Make sure the file is executable.

Setting options in the DHCP client to ignore resolvers doesn't make it ignore resolvers.

This works for me on Ubuntu 20.04, YMMV.

parzival
  • 109
0

Write protect your /etc/resolv.conf file using the chattr command on a Linux bases system.

The syntax is:

# chattr +i /etc/resolv.conf

The +i option (attribute) write protects /etc/resolv.conf file on Linux so that no one can modify it including root user.

Sufiyan Shamsi
  • 55
  • 2
    This is a brute force "solution" and makes it even harder to understand how the different component work together eventually. Here is a nice list of what accesses resolv.conf https://unix.stackexchange.com/a/527581/88177 – user640916 Sep 25 '19 at 18:11
  • @user640916 Sometimes there is no time for understanding how those components work together. Especially when the way they works changes every year. – Volodymyr Boiko Jan 18 '24 at 22:28
  • end this can speed up finding what accesses the file since daemon usually leaves logs – Volodymyr Boiko Jan 18 '24 at 22:31