Why does resolv.conf keep changing?

classic Classic list List threaded Threaded
140 messages Options
1234 ... 7
Reply | Threaded
Open this post in threaded view
|

Why does resolv.conf keep changing?

Roberto C. Sánchez-2
So, I just upgraded my main router/firewall machine to Stretch.
Following the upgrade my /etc/resolv.conf settings appear to track the
DHCP options obtained by one of the two interfaces.  No matter what I
try I can't get the /etc/resolv.conf settings to remain as I would like
them.

The machine has two network interfaces: one on the Internt side which
connects to my ISP-provided equipment and which obtains its address via
DHCP, another on the LAN side which is statically configured.

My /etc/network/interfaces looks like this (192.168.174.0/24 is my LAN
subnet):

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 192.168.174.1
        netmask 255.255.255.0
        broadcast 192.168.174.255

auto eth1
iface eth1 inet dhcp

My /etc/resolv.conf looks like this:

domain example.com
search example.com.
nameserver 127.0.0.1

The reason for "nameserver 127.0.0.1" is that I run my own instance of
bind which acts as a caching server and also serves my own internal
zones.  Prior to the recent upgrade to Stretch everything worked
normally.  That is, whatever I put in /etc/resolv.conf was left as I
configured it.  Following my recent Stretch upgrade I found my
resolv.conf had been changed to just this (192.168.63.1/24 is the subnet
used by the ISP equipment):

nameserver 192.168.63.1

That has the effect of not allowing processes running on that machine
(the router/firewall) to properly resolve internal DNS addresses.  Other
machines on my network are fine since they get their name servers set by
the internal DHCP server which is configured with the name server
address 192.168.174.1.  This DHCP server is different from the embedded
DHCP server that runs on my ISP's device.

I have tried two different things.  First, I added this directive to
/etc/network/interfaces under the eth0 stanza:

        dns-nameservers 127.0.0.1

That did not appear to have any effect because taking eth0 and eth1 down
and then bringing them back up still results in resolv.conf pointing to
the ISP router as its name server.  Additionally, after the interfaces
are up even if I manually change resolv.conf, something comes along
sometime later and undoes my changes.

The second thing I tried was adding to /etc/dhcp/dhclient.conf:

supersede domain-name example.com;
supersede domain-search example.com.;
supersede domain-name-servers 127.0.0.1;

This similarly has no lasting effect, which is really surprising to me.

I did find a page on the Debian wiki [0] which recommends setting the
immutable attribute on /etc/resolv.conf.  However, that feels like an
ugly hack.

Can anyone point out what it is that I am missing here?

Regards,

-Roberto

[0] https://wiki.debian.org/resolv.conf

--
Roberto C. Sánchez

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Joe Rowan
On Sun, 22 Oct 2017 22:12:03 -0400
Roberto C. Sánchez <[hidden email]> wrote:

> So, I just upgraded my main router/firewall machine to Stretch.
> Following the upgrade my /etc/resolv.conf settings appear to track the
> DHCP options obtained by one of the two interfaces.  No matter what I
> try I can't get the /etc/resolv.conf settings to remain as I would
> like them.
>
> The machine has two network interfaces: one on the Internt side which
> connects to my ISP-provided equipment and which obtains its address
> via DHCP, another on the LAN side which is statically configured.
>
> My /etc/network/interfaces looks like this (192.168.174.0/24 is my LAN
> subnet):
>
> auto lo
> iface lo inet loopback
>
> auto eth0
> iface eth0 inet static
>         address 192.168.174.1
>         netmask 255.255.255.0
>         broadcast 192.168.174.255
>
> auto eth1
> iface eth1 inet dhcp
>
> My /etc/resolv.conf looks like this:
>
> domain example.com
> search example.com.
> nameserver 127.0.0.1
>
> The reason for "nameserver 127.0.0.1" is that I run my own instance of
> bind which acts as a caching server and also serves my own internal
> zones.  Prior to the recent upgrade to Stretch everything worked
> normally.  That is, whatever I put in /etc/resolv.conf was left as I
> configured it.  Following my recent Stretch upgrade I found my
> resolv.conf had been changed to just this (192.168.63.1/24 is the
> subnet used by the ISP equipment):
>
> nameserver 192.168.63.1
>
> That has the effect of not allowing processes running on that machine
> (the router/firewall) to properly resolve internal DNS addresses.
> Other machines on my network are fine since they get their name
> servers set by the internal DHCP server which is configured with the
> name server address 192.168.174.1.  This DHCP server is different
> from the embedded DHCP server that runs on my ISP's device.
>
> I have tried two different things.  First, I added this directive to
> /etc/network/interfaces under the eth0 stanza:
>
>         dns-nameservers 127.0.0.1
>
> That did not appear to have any effect because taking eth0 and eth1
> down and then bringing them back up still results in resolv.conf
> pointing to the ISP router as its name server.  Additionally, after
> the interfaces are up even if I manually change resolv.conf,
> something comes along sometime later and undoes my changes.
>
> The second thing I tried was adding to /etc/dhcp/dhclient.conf:
>
> supersede domain-name example.com;
> supersede domain-search example.com.;
> supersede domain-name-servers 127.0.0.1;
>
> This similarly has no lasting effect, which is really surprising to
> me.
>
> I did find a page on the Debian wiki [0] which recommends setting the
> immutable attribute on /etc/resolv.conf.  However, that feels like an
> ugly hack.
>

It most certainly is, and shouldn't be necessary in your case.

> Can anyone point out what it is that I am missing here?

Not 'missing', you probably have the package resolvconf installed, and
with your network configuration, you don't need it. It's not certain,
but it seems to be the culprit in most of these cases. There is
undoubtedly a way to beat it into submission, but it's not widely
known. There was another recent thread on this matter.

If you're bringing up and taking down random interfaces, such as VPN
tunnels and wifi, then you do want to keep shifting your DNS server, so
resolvconf is appropriate on a laptop, but probably not on a fixed
workstation.

--
Joe

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

tomas@tuxteam.de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Oct 23, 2017 at 09:17:11AM +0100, Joe wrote:
> On Sun, 22 Oct 2017 22:12:03 -0400
> Roberto C. Sánchez <[hidden email]> wrote:

[...]

> > I did find a page on the Debian wiki [0] which recommends setting the
> > immutable attribute on /etc/resolv.conf.  However, that feels like an
> > ugly hack.
> >
>
> It most certainly is, and shouldn't be necessary in your case.

I've used that approach sometimes and regularly recommend it.

That said, my main intention is to *debug* the problem, i.e. to
provoke an error message in some log file or whatever, to learn which
process is (undesirably?) mutating some file. Most of the time this
leads to learning some config option to not do that mutation in the
first place (or to some understanding on why that mutation is a Good
Thing after all and to a better way of solving my real, underlying
problem).

Only in exceptional cases I had to "leave in" the immutable attribute
as a permanent "solution".

(as to the rest, yeah, resolvconf seems a worthy candidate).

Cheers
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlnttXEACgkQBcgs9XrR2kbeIwCeJ1IyTwgJjRt/URyUIrhhFfyp
+KwAn3HyMZ9UO1tGAaljQeD2zxTMU3p7
=JeQl
-----END PGP SIGNATURE-----

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Jörg-Volker Peetz-3
In reply to this post by Roberto C. Sánchez-2
Roberto C. Sánchez wrote on 10/23/17 04:12:
<snip>

> I have tried two different things.  First, I added this directive to
> /etc/network/interfaces under the eth0 stanza:
>
>         dns-nameservers 127.0.0.1
>
> That did not appear to have any effect because taking eth0 and eth1 down
> and then bringing them back up still results in resolv.conf pointing to
> the ISP router as its name server.  Additionally, after the interfaces
> are up even if I manually change resolv.conf, something comes along
> sometime later and undoes my changes.

On testing with resolvconf the parameter in /etc/network/interfaces is
        dns-nameserver 127.0.0.1

without trailing 's'.

Regards,
jvp.

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Roberto C. Sánchez-2
In reply to this post by Joe Rowan
On Mon, Oct 23, 2017 at 09:17:11AM +0100, Joe wrote:

> Roberto C. Sánchez <[hidden email]> wrote:
>
>
> > Can anyone point out what it is that I am missing here?
>
> Not 'missing', you probably have the package resolvconf installed, and
> with your network configuration, you don't need it. It's not certain,
> but it seems to be the culprit in most of these cases. There is
> undoubtedly a way to beat it into submission, but it's not widely
> known. There was another recent thread on this matter.
>
Ah yes, I forgot to mention that.  I do not have resolvconf installed:

debian:/etc# apt-cache policy resolvconf
resolvconf:
  Installed: (none)
  Candidate: 1.79
  Version table:
     1.79 500
        500 http://ftp.us.debian.org:3142/debian stretch/main amd64 Packages

> If you're bringing up and taking down random interfaces, such as VPN
> tunnels and wifi, then you do want to keep shifting your DNS server, so
> resolvconf is appropriate on a laptop, but probably not on a fixed
> workstation.
>
I agree.  I make sure to only install resolvconf on my laptops since
those are the only machines I have that move from one network to
another.

Regards,

-Roberto

--
Roberto C. Sánchez

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Jude DaShiell-3
In reply to this post by Joe Rowan
If you've got dynamic ip addresses as many of us do, that file has to
change to keep your internet connection up.

On Mon, 23 Oct 2017, Joe wrote:

> Date: Mon, 23 Oct 2017 04:17:11
> From: Joe <[hidden email]>
> To: [hidden email]
> Subject: Re: Why does resolv.conf keep changing?
> Resent-Date: Mon, 23 Oct 2017 08:54:41 +0000 (UTC)
> Resent-From: [hidden email]
>
> On Sun, 22 Oct 2017 22:12:03 -0400
> Roberto C. S?nchez <[hidden email]> wrote:
>
>> So, I just upgraded my main router/firewall machine to Stretch.
>> Following the upgrade my /etc/resolv.conf settings appear to track the
>> DHCP options obtained by one of the two interfaces.  No matter what I
>> try I can't get the /etc/resolv.conf settings to remain as I would
>> like them.
>>
>> The machine has two network interfaces: one on the Internt side which
>> connects to my ISP-provided equipment and which obtains its address
>> via DHCP, another on the LAN side which is statically configured.
>>
>> My /etc/network/interfaces looks like this (192.168.174.0/24 is my LAN
>> subnet):
>>
>> auto lo
>> iface lo inet loopback
>>
>> auto eth0
>> iface eth0 inet static
>>         address 192.168.174.1
>>         netmask 255.255.255.0
>>         broadcast 192.168.174.255
>>
>> auto eth1
>> iface eth1 inet dhcp
>>
>> My /etc/resolv.conf looks like this:
>>
>> domain example.com
>> search example.com.
>> nameserver 127.0.0.1
>>
>> The reason for "nameserver 127.0.0.1" is that I run my own instance of
>> bind which acts as a caching server and also serves my own internal
>> zones.  Prior to the recent upgrade to Stretch everything worked
>> normally.  That is, whatever I put in /etc/resolv.conf was left as I
>> configured it.  Following my recent Stretch upgrade I found my
>> resolv.conf had been changed to just this (192.168.63.1/24 is the
>> subnet used by the ISP equipment):
>>
>> nameserver 192.168.63.1
>>
>> That has the effect of not allowing processes running on that machine
>> (the router/firewall) to properly resolve internal DNS addresses.
>> Other machines on my network are fine since they get their name
>> servers set by the internal DHCP server which is configured with the
>> name server address 192.168.174.1.  This DHCP server is different
>> from the embedded DHCP server that runs on my ISP's device.
>>
>> I have tried two different things.  First, I added this directive to
>> /etc/network/interfaces under the eth0 stanza:
>>
>>         dns-nameservers 127.0.0.1
>>
>> That did not appear to have any effect because taking eth0 and eth1
>> down and then bringing them back up still results in resolv.conf
>> pointing to the ISP router as its name server.  Additionally, after
>> the interfaces are up even if I manually change resolv.conf,
>> something comes along sometime later and undoes my changes.
>>
>> The second thing I tried was adding to /etc/dhcp/dhclient.conf:
>>
>> supersede domain-name example.com;
>> supersede domain-search example.com.;
>> supersede domain-name-servers 127.0.0.1;
>>
>> This similarly has no lasting effect, which is really surprising to
>> me.
>>
>> I did find a page on the Debian wiki [0] which recommends setting the
>> immutable attribute on /etc/resolv.conf.  However, that feels like an
>> ugly hack.
>>
>
> It most certainly is, and shouldn't be necessary in your case.
>
>> Can anyone point out what it is that I am missing here?
>
> Not 'missing', you probably have the package resolvconf installed, and
> with your network configuration, you don't need it. It's not certain,
> but it seems to be the culprit in most of these cases. There is
> undoubtedly a way to beat it into submission, but it's not widely
> known. There was another recent thread on this matter.
>
> If you're bringing up and taking down random interfaces, such as VPN
> tunnels and wifi, then you do want to keep shifting your DNS server, so
> resolvconf is appropriate on a laptop, but probably not on a fixed
> workstation.
>
>

--

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Greg Wooledge
On Mon, Oct 23, 2017 at 11:48:36AM -0400, Jude DaShiell wrote:
> If you've got dynamic ip addresses as many of us do, that file has to change
> to keep your internet connection up.

That's not true.  The resolv.conf file does not necessarily have
to change when your IP addresses change.  The primary example of a
non-changing resolv.conf would be someone running a local resolver
listening on 127.0.0.1 -- exactly like the original poster's case.

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Gene Heskett-4
In reply to this post by Jude DaShiell-3
On Monday 23 October 2017 11:48:36 Jude DaShiell wrote:

> If you've got dynamic ip addresses as many of us do, that file has to
> change to keep your internet connection up.
>
This true, but all the isp's I have dealt with over the last 23 years,
have all assigned that dynamic address BASED on the MAC of the device
doing the requesting. So while my router(s) do use dhcp to get its
internet address, I can even swap routers as long as I clone the
originals MAC address into the replacement.

So my web page, (see the sig) which is on this machine, has for the most
part just worked for much of a decade now. There hasn't been zero
downtime of course, perhaps .01% of the time.
 

> On Mon, 23 Oct 2017, Joe wrote:
> > Date: Mon, 23 Oct 2017 04:17:11
> > From: Joe <[hidden email]>
> > To: [hidden email]
> > Subject: Re: Why does resolv.conf keep changing?
> > Resent-Date: Mon, 23 Oct 2017 08:54:41 +0000 (UTC)
> > Resent-From: [hidden email]
> >
> > On Sun, 22 Oct 2017 22:12:03 -0400
> >
> > Roberto C. S?nchez <[hidden email]> wrote:
> >> So, I just upgraded my main router/firewall machine to Stretch.
> >> Following the upgrade my /etc/resolv.conf settings appear to track
> >> the DHCP options obtained by one of the two interfaces.  No matter
> >> what I try I can't get the /etc/resolv.conf settings to remain as I
> >> would like them.
> >>
> >> The machine has two network interfaces: one on the Internt side
> >> which connects to my ISP-provided equipment and which obtains its
> >> address via DHCP, another on the LAN side which is statically
> >> configured.
> >>
> >> My /etc/network/interfaces looks like this (192.168.174.0/24 is my
> >> LAN subnet):
> >>
> >> auto lo
> >> iface lo inet loopback
> >>
> >> auto eth0
> >> iface eth0 inet static
> >>         address 192.168.174.1
> >>         netmask 255.255.255.0
> >>         broadcast 192.168.174.255
> >>
> >> auto eth1
> >> iface eth1 inet dhcp
> >>
> >> My /etc/resolv.conf looks like this:
> >>
> >> domain example.com
> >> search example.com.
> >> nameserver 127.0.0.1
> >>
> >> The reason for "nameserver 127.0.0.1" is that I run my own instance
> >> of bind which acts as a caching server and also serves my own
> >> internal zones.  Prior to the recent upgrade to Stretch everything
> >> worked normally.  That is, whatever I put in /etc/resolv.conf was
> >> left as I configured it.  Following my recent Stretch upgrade I
> >> found my resolv.conf had been changed to just this (192.168.63.1/24
> >> is the subnet used by the ISP equipment):
> >>
> >> nameserver 192.168.63.1
> >>
> >> That has the effect of not allowing processes running on that
> >> machine (the router/firewall) to properly resolve internal DNS
> >> addresses. Other machines on my network are fine since they get
> >> their name servers set by the internal DHCP server which is
> >> configured with the name server address 192.168.174.1.  This DHCP
> >> server is different from the embedded DHCP server that runs on my
> >> ISP's device.
> >>
> >> I have tried two different things.  First, I added this directive
> >> to /etc/network/interfaces under the eth0 stanza:
> >>
> >>         dns-nameservers 127.0.0.1
> >>
> >> That did not appear to have any effect because taking eth0 and eth1
> >> down and then bringing them back up still results in resolv.conf
> >> pointing to the ISP router as its name server.  Additionally, after
> >> the interfaces are up even if I manually change resolv.conf,
> >> something comes along sometime later and undoes my changes.
> >>
> >> The second thing I tried was adding to /etc/dhcp/dhclient.conf:
> >>
> >> supersede domain-name example.com;
> >> supersede domain-search example.com.;
> >> supersede domain-name-servers 127.0.0.1;
> >>
> >> This similarly has no lasting effect, which is really surprising to
> >> me.
> >>
> >> I did find a page on the Debian wiki [0] which recommends setting
> >> the immutable attribute on /etc/resolv.conf.  However, that feels
> >> like an ugly hack.
> >
> > It most certainly is, and shouldn't be necessary in your case.
> >
> >> Can anyone point out what it is that I am missing here?
> >
> > Not 'missing', you probably have the package resolvconf installed,
> > and with your network configuration, you don't need it. It's not
> > certain, but it seems to be the culprit in most of these cases.
> > There is undoubtedly a way to beat it into submission, but it's not
> > widely known. There was another recent thread on this matter.
> >
> > If you're bringing up and taking down random interfaces, such as VPN
> > tunnels and wifi, then you do want to keep shifting your DNS server,
> > so resolvconf is appropriate on a laptop, but probably not on a
> > fixed workstation.


Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Dan Ritter-4
On Mon, Oct 23, 2017 at 05:03:30PM -0400, Gene Heskett wrote:

> On Monday 23 October 2017 11:48:36 Jude DaShiell wrote:
>
> > If you've got dynamic ip addresses as many of us do, that file has to
> > change to keep your internet connection up.
> >
> This true, but all the isp's I have dealt with over the last 23 years,
> have all assigned that dynamic address BASED on the MAC of the device
> doing the requesting. So while my router(s) do use dhcp to get its
> internet address, I can even swap routers as long as I clone the
> originals MAC address into the replacement.
>

You're conflating two different things, Gene.

DHCP assigns a dynamic IP address. That's the main job. And it
will provide a default router along with that. The original
poster wants that.

It also has lots of optional bits of data that it can provide,
but doesn't have to. Among those:

- DNS server addresses
- default domain names
- NTP servers
- TFTP servers
- NFS servers

The original poster does not want their machine to pay attention
to any of that, even if it is supplied.

The full list, I think, is a little overwhelming:

https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml

-dsr-

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Roberto C. Sánchez-2
In reply to this post by tomas@tuxteam.de
On Mon, Oct 23, 2017 at 11:25:05AM +0200, [hidden email] wrote:

> On Mon, Oct 23, 2017 at 09:17:11AM +0100, Joe wrote:
> > On Sun, 22 Oct 2017 22:12:03 -0400
> > Roberto C. Sánchez <[hidden email]> wrote:
>
> [...]
>
> > > I did find a page on the Debian wiki [0] which recommends setting the
> > > immutable attribute on /etc/resolv.conf.  However, that feels like an
> > > ugly hack.
> > >
> >
> > It most certainly is, and shouldn't be necessary in your case.
>
> I've used that approach sometimes and regularly recommend it.
>
> That said, my main intention is to *debug* the problem, i.e. to
> provoke an error message in some log file or whatever, to learn which
> process is (undesirably?) mutating some file. Most of the time this
> leads to learning some config option to not do that mutation in the
> first place (or to some understanding on why that mutation is a Good
> Thing after all and to a better way of solving my real, underlying
> problem).
>
> Only in exceptional cases I had to "leave in" the immutable attribute
> as a permanent "solution".
>

So, I edited resolv.conf to my preference and then made it immutable
with `chattr +i /etc/resolv.conf`.  Several hours later the name server
was changed back to the ISP router's address.  That is very odd.  Yet
even more odd is that this time the domain and search options were left
untouched.  Previously, the domain and search would get wiped (because
the ISP router doesn't push those options).

The plot thickens.

Regards,

-Roberto
--
Roberto C. Sánchez

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

David Wright-3
On Mon 23 Oct 2017 at 19:33:01 (-0400), Roberto C. Sánchez wrote:

> On Mon, Oct 23, 2017 at 11:25:05AM +0200, [hidden email] wrote:
> > On Mon, Oct 23, 2017 at 09:17:11AM +0100, Joe wrote:
> > > On Sun, 22 Oct 2017 22:12:03 -0400
> > > Roberto C. Sánchez <[hidden email]> wrote:
> >
> > [...]
> >
> > > > I did find a page on the Debian wiki [0] which recommends setting the
> > > > immutable attribute on /etc/resolv.conf.  However, that feels like an
> > > > ugly hack.
> > > >
> > >
> > > It most certainly is, and shouldn't be necessary in your case.
> >
> > I've used that approach sometimes and regularly recommend it.
> >
> > That said, my main intention is to *debug* the problem, i.e. to
> > provoke an error message in some log file or whatever, to learn which
> > process is (undesirably?) mutating some file. Most of the time this
> > leads to learning some config option to not do that mutation in the
> > first place (or to some understanding on why that mutation is a Good
> > Thing after all and to a better way of solving my real, underlying
> > problem).
> >
> > Only in exceptional cases I had to "leave in" the immutable attribute
> > as a permanent "solution".
> >
>
> So, I edited resolv.conf to my preference and then made it immutable
> with `chattr +i /etc/resolv.conf`.  Several hours later the name server
> was changed back to the ISP router's address.  That is very odd.  Yet
> even more odd is that this time the domain and search options were left
> untouched.  Previously, the domain and search would get wiped (because
> the ISP router doesn't push those options).

So if you:
$ ls -l --full-time /etc/resolv.conf
and then look at what happened at that precise time in /var/log/syslog
or wherever your logs are being written. What took place?

Cheers,
David.

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Gene Heskett-4
In reply to this post by Dan Ritter-4
On Monday 23 October 2017 17:51:35 Dan Ritter wrote:

> On Mon, Oct 23, 2017 at 05:03:30PM -0400, Gene Heskett wrote:
> > On Monday 23 October 2017 11:48:36 Jude DaShiell wrote:
> > > If you've got dynamic ip addresses as many of us do, that file has
> > > to change to keep your internet connection up.
> >
> > This true, but all the isp's I have dealt with over the last 23
> > years, have all assigned that dynamic address BASED on the MAC of
> > the device doing the requesting. So while my router(s) do use dhcp
> > to get its internet address, I can even swap routers as long as I
> > clone the originals MAC address into the replacement.
>
> You're conflating two different things, Gene.
>
> DHCP assigns a dynamic IP address. That's the main job. And it
> will provide a default router along with that. The original
> poster wants that.
>
> It also has lots of optional bits of data that it can provide,
> but doesn't have to. Among those:
>
> - DNS server addresses
> - default domain names
> - NTP servers
> - TFTP servers
> - NFS servers
>
> The original poster does not want their machine to pay attention
> to any of that, even if it is supplied.
>
> The full list, I think, is a little overwhelming:
>
> https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-para
>meters.xhtml
>
> -dsr-

Having looked at the dhcpd code quite some time back, "its complex" is a
gross understatement. But if the OP wants access, his router HAS to use
the address the ISP assigns. Here, my local net is entirely hard coded
and made immutable. Particularly is the fact that /etc/resolv.conf isn't
a link to something else but contains:

nameserver 192.168.XX.1
search host dns
domain coyote.den

And is made immutable.

Where XX is the block in class D that is mine.  

Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Roberto C. Sánchez-2
In reply to this post by David Wright-3
On Mon, Oct 23, 2017 at 07:26:38PM -0500, David Wright wrote:
>
> So if you:
> $ ls -l --full-time /etc/resolv.conf
> and then look at what happened at that precise time in /var/log/syslog
> or wherever your logs are being written. What took place?
>
Most recently the problem happened at 22:29:16.419070807.  Looking in
all of my logs (not just syslog), the only thing that happened near that
time was that a host on my LAN sent a DHCPREQUEST at 22:29:07 (which the
DHCP server answered with a DHCPACK) and then at 22:29:58 Shorewall
dropped an attempt to connect to port 2433 from a host on the Internet.

I have already changed resolv.conf back to my preferred configuration
and I will check again for correlated log entries when it is changed
again.

Regards,

-Roberto

--
Roberto C. Sánchez

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Roberto C. Sánchez-2
On Mon, Oct 23, 2017 at 11:05:03PM -0400, Roberto C. Sánchez wrote:

> On Mon, Oct 23, 2017 at 07:26:38PM -0500, David Wright wrote:
> >
> > So if you:
> > $ ls -l --full-time /etc/resolv.conf
> > and then look at what happened at that precise time in /var/log/syslog
> > or wherever your logs are being written. What took place?
> >
> Most recently the problem happened at 22:29:16.419070807.  Looking in
> all of my logs (not just syslog), the only thing that happened near that
> time was that a host on my LAN sent a DHCPREQUEST at 22:29:07 (which the
> DHCP server answered with a DHCPACK) and then at 22:29:58 Shorewall
> dropped an attempt to connect to port 2433 from a host on the Internet.
>
> I have already changed resolv.conf back to my preferred configuration
> and I will check again for correlated log entries when it is changed
> again.
>
So, it happened again at 03:02:26 that resolv.conf was changed.  I
looked in the logs and found nothing that appeared to be a close
correlation.  There were several DHCPREQUEST/DHCPACK exchanges before
and after, but my network has a near constant stream of such exchanges
with no more than 3 or 4 minutes between exchanges.  It seems unlikely
to me that the DHCPREQUEST/DHCPACK exchange could be the cuplrit.

I am fairly out of ideas at this point.  Anyone?

Regards,

-Roberto

--
Roberto C. Sánchez

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Greg Wooledge
On Mon, Oct 23, 2017 at 07:33:01PM -0400, Roberto C. Sánchez wrote:
> So, I edited resolv.conf to my preference and then made it immutable
> with `chattr +i /etc/resolv.conf`.  Several hours later the name server
> was changed back to the ISP router's address.  That is very odd.

ls -ld /etc/resolv.conf


On Tue, Oct 24, 2017 at 03:15:30AM -0400, Roberto C. Sánchez wrote:
> > > So if you:
> > > $ ls -l --full-time /etc/resolv.conf
> > > and then look at what happened at that precise time in /var/log/syslog
> > > or wherever your logs are being written. What took place?

And what does the ls actually SHOW?

> So, it happened again at 03:02:26 that resolv.conf was changed.

ls -ld /etc/resolv.conf

If it's a SYMLINK and you made the symlink immutable, well, that would
explain a whole lot.

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Roberto C. Sánchez-2
On Tue, Oct 24, 2017 at 08:12:20AM -0400, Greg Wooledge wrote:

> On Mon, Oct 23, 2017 at 07:33:01PM -0400, Roberto C. Sánchez wrote:
> > So, I edited resolv.conf to my preference and then made it immutable
> > with `chattr +i /etc/resolv.conf`.  Several hours later the name server
> > was changed back to the ISP router's address.  That is very odd.
>
> ls -ld /etc/resolv.conf
>
>
> On Tue, Oct 24, 2017 at 03:15:30AM -0400, Roberto C. Sánchez wrote:
> > > > So if you:
> > > > $ ls -l --full-time /etc/resolv.conf
> > > > and then look at what happened at that precise time in /var/log/syslog
> > > > or wherever your logs are being written. What took place?
>
> And what does the ls actually SHOW?
>
> > So, it happened again at 03:02:26 that resolv.conf was changed.
>
> ls -ld /etc/resolv.conf
>
> If it's a SYMLINK and you made the symlink immutable, well, that would
> explain a whole lot.
>

It is not a symlink:

debian:/etc# ls -l --full-time /etc/resolv.conf
-rw-r--r-- 1 root root 25 2017-10-24 07:07:54.513938427 -0400 /etc/resolv.conf
debian:/etc# file /etc/resolv.conf
/etc/resolv.conf: ASCII text

Regards,

-Roberto

--
Roberto C. Sánchez

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

David Wright-3
In reply to this post by Roberto C. Sánchez-2
On Tue 24 Oct 2017 at 03:15:30 (-0400), Roberto C. Sánchez wrote:

> On Mon, Oct 23, 2017 at 11:05:03PM -0400, Roberto C. Sánchez wrote:
> > On Mon, Oct 23, 2017 at 07:26:38PM -0500, David Wright wrote:
> > >
> > > So if you:
> > > $ ls -l --full-time /etc/resolv.conf
> > > and then look at what happened at that precise time in /var/log/syslog
> > > or wherever your logs are being written. What took place?
> > >
> > Most recently the problem happened at 22:29:16.419070807.  Looking in
> > all of my logs (not just syslog), the only thing that happened near that
> > time was that a host on my LAN sent a DHCPREQUEST at 22:29:07 (which the
> > DHCP server answered with a DHCPACK) and then at 22:29:58 Shorewall
> > dropped an attempt to connect to port 2433 from a host on the Internet.
> >
> > I have already changed resolv.conf back to my preferred configuration
> > and I will check again for correlated log entries when it is changed
> > again.
> >
> So, it happened again at 03:02:26 that resolv.conf was changed.  I
> looked in the logs and found nothing that appeared to be a close
> correlation.  There were several DHCPREQUEST/DHCPACK exchanges before
> and after, but my network has a near constant stream of such exchanges
> with no more than 3 or 4 minutes between exchanges.  It seems unlikely
> to me that the DHCPREQUEST/DHCPACK exchange could be the cuplrit.

Here, with resolvconf installed, resolv.conf is updated to within
one second of the DHCPREQUEST/DHCPACK exchange. I only get these
exchanges every few minutes when this laptop is misbehaving (the
wifi is flaky and the signal strength gets low). Normally it's
ten or twelve hours which I assume is when the lease expires.

> I am fairly out of ideas at this point.  Anyone?

Perhaps you could watch the file with inotifywait, and capture
a ps and maybe even a lsof listing at that moment.

Cheers,
David.

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Curt
In reply to this post by Roberto C. Sánchez-2
On 2017-10-24, Roberto C  Sánchez <[hidden email]> wrote:

>>
>> If it's a SYMLINK and you made the symlink immutable, well, that would
>> explain a whole lot.
>
> It is not a symlink:
>
> debian:/etc# ls -l --full-time /etc/resolv.conf
> -rw-r--r-- 1 root root 25 2017-10-24 07:07:54.513938427 -0400 /etc/resolv.conf
> debian:/etc# file /etc/resolv.conf
> /etc/resolv.conf: ASCII text

Of course you're certain the file indeed has the immutable attribute
(lsattr) set, in which case I wonder vaguely to myself how it could be
possible for the file to have been subsequently modified.

The plot sickens.

> Regards,
>
> -Roberto
>


--
"A simpering Bambi narcissist and a thieving, fanatical Albanian dwarf."
Christopher Hitchens, commenting shortly after the nearly concurrent deaths
of Lady Diana and Mother Theresa.

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Roger Lynn-3
In reply to this post by Roberto C. Sánchez-2
On 24/10/17 08:20, Roberto C. Sánchez wrote:
> So, it happened again at 03:02:26 that resolv.conf was changed.  I
> looked in the logs and found nothing that appeared to be a close
> correlation.  There were several DHCPREQUEST/DHCPACK exchanges before
> and after, but my network has a near constant stream of such exchanges
> with no more than 3 or 4 minutes between exchanges.  It seems unlikely
> to me that the DHCPREQUEST/DHCPACK exchange could be the cuplrit.
>
> I am fairly out of ideas at this point.  Anyone?

Did you remove the resolvconf package, which is responsible for updating
resolv.conf in dynamic networking environments?

Roger

Reply | Threaded
Open this post in threaded view
|

Re: Why does resolv.conf keep changing?

Michael Stone-2
In reply to this post by Gene Heskett-4
On Mon, Oct 23, 2017 at 08:31:05PM -0400, Gene Heskett wrote:
>and made immutable. Particularly is the fact that /etc/resolv.conf isn't
>a link to something else but contains:
>
>nameserver 192.168.XX.1
>search host dns
>domain coyote.den

Please stop posting that, it uses incorrect syntax (as has been
explained to you before) and it would be a shame if other people copied
it as a correct example.

Mike Stone

1234 ... 7