In this article, we will explore how to enforce a static /etc/resolv.conf file in Ubuntu 18.04, ensuring that it remains unchanged even when system updates or configuration changes occur. This can be particularly useful when you want to maintain a specific DNS server configuration.
To enforce a static /etc/resolv.conf file in Ubuntu 18.04, you can disable the systemd-resolved.service and set the immutable attribute to the file. This ensures that the file remains unchanged even during system updates or configuration changes, allowing you to maintain a specific DNS server configuration.
Understanding /etc/resolv.conf
The /etc/resolv.conf file is a critical system file in Linux that contains information about DNS servers. It is often dynamically generated and can be modified or overwritten by various system services, which can sometimes lead to unwanted changes.
The Problem
In Ubuntu 18.04, the systemd-resolved.service is responsible for managing the /etc/resolv.conf file. However, it can sometimes overwrite your manual changes to the file, causing issues with DNS resolution. This can be particularly problematic if you need to maintain a specific DNS server configuration for your network.
The Solution
To enforce a static /etc/resolv.conf file in Ubuntu 18.04, we can disable the systemd-resolved.service and set the immutable attribute to the file, making it tamper-proof.
Step 1: Disable systemd-resolved.service
First, we need to disable the systemd-resolved.service. This can be done by modifying the /etc/NetworkManager/NetworkManager.conf file. If the file doesn’t exist, we’ll create it.
Run the following commands in your terminal:
echo "dns=default" | sudo tee -a /etc/NetworkManager/NetworkManager.conf
sudo systemctl disable systemd-resolved.service
sudo systemctl stop systemd-resolved.serviceHere, echo "dns=default" is setting the DNS plugin to be used by NetworkManager to default. The tee -a command is used to append this line to the NetworkManager.conf file. The sudo systemctl commands are used to disable and stop the systemd-resolved.service.
Step 2: Create a New /etc/resolv.conf File
Next, we need to create a new /etc/resolv.conf file with our desired DNS server. For example, to use Google’s DNS server (8.8.8.8), run the following command:
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.confThis command writes nameserver 8.8.8.8 to the /etc/resolv.conf file, setting Google’s DNS server as the default.
Step 3: Set the Immutable Attribute
Finally, we need to set the immutable attribute to the /etc/resolv.conf file to make it tamper-proof. Run the following commands:
sudo chattr -e /etc/resolv.conf
sudo chattr +i /etc/resolv.confThe chattr -e command is used to enable changes to the file attributes, and chattr +i is used to set the immutable attribute, preventing any further changes to the file.
Conclusion
By following these steps, you can enforce a static and tamper-proof /etc/resolv.conf file in Ubuntu 18.04. This can be particularly useful when you need to maintain a specific DNS server configuration, and it can prevent potential issues with DNS resolution caused by unwanted changes to the file.
Remember, though, that setting a file as immutable means it cannot be changed until the attribute is removed. If you need to modify the /etc/resolv.conf file in the future, you will need to remove the immutable attribute by running sudo chattr -i /etc/resolv.conf.
For more information about systemd-resolved.service, chattr, and other related topics, you can visit the official Ubuntu documentation here.
Enforcing a static /etc/resolv.conf file is important because it allows you to maintain a specific DNS server configuration for your network. This can be critical for ensuring reliable and consistent DNS resolution.
systemd-resolved.service is responsible for managing the /etc/resolv.conf file in Ubuntu 18.04. It dynamically generates and modifies the file based on various system services. However, this can sometimes overwrite manual changes made to the file, causing issues with DNS resolution.
You can disable systemd-resolved.service by modifying the /etc/NetworkManager/NetworkManager.conf file. If the file doesn’t exist, you can create it. Run the following commands:
echo "dns=default" | sudo tee -a /etc/NetworkManager/NetworkManager.conf
sudo systemctl disable systemd-resolved.service
sudo systemctl stop systemd-resolved.serviceTo create a new /etc/resolv.conf file with a desired DNS server, you can use the echo command. For example, to use Google’s DNS server (8.8.8.8), run the following command:
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.confThis command writes nameserver 8.8.8.8 to the /etc/resolv.conf file, setting Google’s DNS server as the default.
To set the immutable attribute to the /etc/resolv.conf file and make it tamper-proof, you can use the chattr command. Run the following commands:
sudo chattr -e /etc/resolv.conf
sudo chattr +i /etc/resolv.confThe chattr -e command enables changes to the file attributes, and chattr +i sets the immutable attribute, making the file unchangeable.
No, setting the immutable attribute to the /etc/resolv.conf file prevents any further changes to it. If you need to modify the file in the future, you will need to remove the immutable attribute by running sudo chattr -i /etc/resolv.conf.
