18.04: Bionic Beaver: enforce static /etc/resolv.conf
Solution 1
A simple edit to /etc/NetworkManager/NetworkManager.conf
and disabling systemd-resolved.service
(as in this answer https://askubuntu.com/a/907249/719422). But that alone, while essential, does not guarantee tamper-proof resolv.conf
.
To really enforce a static /etc/resolv.conf
that you know will survive restarts of any kind, you need to set the immutable attribute to it. Adding to the answer of Bastian Voigt mentioned above, you do this as SuperUser:
echo nameserver 8.8.8.8 > /etc/resolv.conf
chattr -e /etc/resolv.conf
chattr +i /etc/resolv.conf
...changing the nameserver
to your chosen value. That way, you can have a really static /etc/resolv.conf
.
Solution 2
According to the docs, you can write your resolv.conf
to /usr/lib/systemd/resolv.conf
, which is a static file that can be linked from /etc/resolv.conf
. That should not be rewritten.
sudo ln -sf /usr/lib/systemd/resolv.conf /etc/resolv.conf
http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html#contenttoc3
/ETC/RESOLV.CONF
Four modes of handling /etc/resolv.conf (see resolv.conf(5)) are supported:
...
A static file /usr/lib/systemd/resolv.conf is provided that lists the 127.0.0.53 DNS stub (see above) as only DNS server. This file may be symlinked from /etc/resolv.conf in order to connect all local clients that bypass local DNS APIs to systemd-resolved. This file does not contain any search domains.
Solution 3
Best solution I've found is to prevent NetworkManager from updating /etc/resolv.conf and then creating a new /etc/resolv.conf file with a static DNS server. See https://www.ctrl.blog/entry/resolvconf-tutorial for how to do this.
Related videos on Youtube
M K
Updated on September 18, 2022Comments
-
M K over 1 year
Previously, on Ubuntu 16.04, I felt betrayed when an Ubuntu update installed
dnsmasq
package, configured it, and gave it precedence over my own super-stable, ultra-fast, and own-configured BIND DNS server. It exactly felt as if Ubuntu hacked my workstation.Since I happened to be working as a system admin, this was extremely unacceptable. This was a freak-out call. This is when you go to troubleshoot a problem and in one of your steps you use
dig
ornslookup
and you get stunned to see thelo
interface replying to you. PANICIs there a way to not only fix this issue, but also guarantee that
/etc/resolv.conf
will be tamper proof? -
M K almost 6 yearsNo, sorry. What happens when the spec changes or config method alters on Ubuntu's own willing? You know, this is the same fiasco I left Satya's corrupted dreams of an OS for. And, this is the same fiasco that Linux should be avoiding. What's wrong with resolve.conf? Why the hassle? Why try mimic the hateful and tedious Redhat network config, in some way or another? Sorry, I will only stick to my solution.
-
Marlon over 5 yearsHow do you know that your file wont simply be ignored in the future? I know that forcing the static way some apps would work and others wont. With wisbucky's solution, at least we can use the current way. I didnt see the need for them to change it either but I didnt get a vote. Someone downvoted this solution when in fact it does work and is the simplest. +1
-
M K over 5 years@Marlon "How do you know that your file wont simply be ignored in the future"? Because it is set immutable; and, if /etc/resolv.conf is going to be ignored, so why the fuss anyway building a framework around it?? Ignoring the file will only happen if some Ubuntu wacko decided it is useless (implementing something into interfaces file, for example!)
-
M K over 5 yearsIf I wanted someone taking decisions for me, I would have gone back to the wacko Microsoft Windows, whose coders and designers and Satya above them all think they know your sake better than you do and that you have no right choosing how to run their "creation". Fuss!
-
M K over 5 yearsWhy the fuss build an OS for the good of mankind, if mankind cannot enjoy running it? What the fuss is Immutable attribute if someone is going to tell me when to use it or not. This is not about "following galactic manuals of Vega", this is about freedom of choice; no one should ever pose his own rigid single-minded impulse on you. You are a being and you have rights.
-
M K over 5 yearsSteps already direct to deleting /etc/resolv.conf beforehand.
-
hfranco about 5 yearsThe /etc/NetworkManager/NetworkManager.conf file does not exist in 18.04
-
M K about 5 years@hfranco if it does not, which I doubt, then you just create one! And, btw, if that is your case, then it is not a standard setup; your case is abnormal. I would say you mistyped while looking for it!
-
M K about 5 years@hfranco As old as 12.04 unix.stackexchange.com/questions/154338/…
-
M K about 5 yearsThanks for the spam! But you are missing the Immutable attribute, anyway!
-
Lucas Bustamante almost 5 yearsThis is the only thing that worked for me on Ubuntu 18.04