11

Previously, on Ubuntu 16.04, I felt betrayed when an Ubuntu update installed dnsmasq package, configured it, and gave it precedence over my own super-stable, ultra-fast, and own-configured BIND DNS server. It exactly felt as if Ubuntu hacked my workstation.

Since I happened to be working as a system admin, this was extremely unacceptable. This was a freak-out call. This is when you go to troubleshoot a problem and in one of your steps you use dig or nslookup and you get stunned to see the lo interface replying to you. PANIC

Is there a way to not only fix this issue, but also guarantee that /etc/resolv.conf will be tamper proof?

M K
  • 2,385
  • 3
  • 12
  • 19

4 Answers4

6

A simple edit to /etc/NetworkManager/NetworkManager.conf and disabling systemd-resolved.service(as in this answer https://askubuntu.com/a/907249/719422). But that alone, while essential, does not guarantee tamper-proof resolv.conf.

To really enforce a static /etc/resolv.conf that you know will survive restarts of any kind, you need to set the immutable attribute to it. Adding to the answer of Bastian Voigt mentioned above, you do this as SuperUser:

echo nameserver 8.8.8.8 > /etc/resolv.conf
chattr -e /etc/resolv.conf
chattr +i /etc/resolv.conf

...changing the nameserver to your chosen value. That way, you can have a really static /etc/resolv.conf.

M K
  • 2,385
  • 3
  • 12
  • 19
  • 4
    The /etc/NetworkManager/NetworkManager.conf file does not exist in 18.04 – hfranco Mar 07 '19 at 19:59
  • @hfranco if it does not, which I doubt, then you just create one! And, btw, if that is your case, then it is not a standard setup; your case is abnormal. I would say you mistyped while looking for it! – M K Mar 09 '19 at 00:32
  • @hfranco As old as 12.04 https://unix.stackexchange.com/questions/154338/not-see-file-networkmanager-conf-in-folder-etc-networkmanager – M K Mar 09 '19 at 00:38
  • This is the only thing that worked for me on Ubuntu 18.04 – Lucas Bustamante Jun 16 '19 at 13:31
1

According to the docs, you can write your resolv.conf to /usr/lib/systemd/resolv.conf, which is a static file that can be linked from /etc/resolv.conf. That should not be rewritten.

sudo ln -sf /usr/lib/systemd/resolv.conf /etc/resolv.conf

http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html#contenttoc3

/ETC/RESOLV.CONF

Four modes of handling /etc/resolv.conf (see resolv.conf(5)) are supported:

...

A static file /usr/lib/systemd/resolv.conf is provided that lists the 127.0.0.53 DNS stub (see above) as only DNS server. This file may be symlinked from /etc/resolv.conf in order to connect all local clients that bypass local DNS APIs to systemd-resolved. This file does not contain any search domains.

Community
  • 1
wisbucky
  • 2,552
  • 28
  • 17
  • 3
    No, sorry. What happens when the spec changes or config method alters on Ubuntu's own willing? You know, this is the same fiasco I left Satya's corrupted dreams of an OS for. And, this is the same fiasco that Linux should be avoiding. What's wrong with resolve.conf? Why the hassle? Why try mimic the hateful and tedious Redhat network config, in some way or another? Sorry, I will only stick to my solution. – M K Jun 28 '18 at 23:59
  • 1
    How do you know that your file wont simply be ignored in the future? I know that forcing the static way some apps would work and others wont. With wisbucky's solution, at least we can use the current way. I didnt see the need for them to change it either but I didnt get a vote. Someone downvoted this solution when in fact it does work and is the simplest. +1 – Marlon Aug 15 '18 at 02:18
  • @Marlon "How do you know that your file wont simply be ignored in the future"? Because it is set immutable; and, if /etc/resolv.conf is going to be ignored, so why the fuss anyway building a framework around it?? Ignoring the file will only happen if some Ubuntu wacko decided it is useless (implementing something into interfaces file, for example!) – M K Oct 02 '18 at 07:02
  • If I wanted someone taking decisions for me, I would have gone back to the wacko Microsoft Windows, whose coders and designers and Satya above them all think they know your sake better than you do and that you have no right choosing how to run their "creation". Fuss! – M K Oct 02 '18 at 07:09
  • Why the fuss build an OS for the good of mankind, if mankind cannot enjoy running it? What the fuss is Immutable attribute if someone is going to tell me when to use it or not. This is not about "following galactic manuals of Vega", this is about freedom of choice; no one should ever pose his own rigid single-minded impulse on you. You are a being and you have rights. – M K Oct 02 '18 at 07:13
1

Best solution I've found is to prevent NetworkManager from updating /etc/resolv.conf and then creating a new /etc/resolv.conf file with a static DNS server. See https://www.ctrl.blog/entry/resolvconf-tutorial for how to do this.

Scubadoo
  • 11
-2

The file present is a symlink to another file. Delete the file

rm /etc/resolve.conf
vim /etc resolve.conf
enter your data
:wq

The file is no longer a symlink but a persistent file.

0n10n_
  • 101