Software & AppsOperating SystemLinux

Why does my resolv.conf keep getting reset?

Ubuntu 7

The /etc/resolv.conf file is a critical part of Linux networking and is used to resolve domain names into IP addresses. However, you may sometimes notice that the resolv.conf file keeps getting reset or overwritten. This article will delve into the reasons behind this and provide you with solutions to prevent it from happening.

Quick Answer

The resolv.conf file may keep getting reset due to various reasons such as Network Manager, DHCP client, or other network configuration tools. To prevent this from happening, you can modify the Network Manager configuration, disable DHCP modifications, use the resolvconf framework, make the resolv.conf file immutable, investigate with auditd, and check other configuration files.

Understanding resolv.conf

Before we dive into the solutions, it’s important to understand what the resolv.conf file does. This file is used by the resolver library, which provides hostname resolution for applications that need network resources.

The resolv.conf file typically contains nameserver records that point to DNS servers, and may also contain search or domain entries for setting DNS search domains. For example:

nameserver 8.8.8.8
nameserver 8.8.4.4
search my.domain.com

In this example, 8.8.8.8 and 8.8.4.4 are the DNS servers and my.domain.com is the search domain.

Why resolv.conf gets reset

There are several reasons why your resolv.conf might be getting reset:

  1. Network Manager: This is a daemon that manages network configurations and can overwrite resolv.conf when network changes occur.
  2. DHCP Client: When a DHCP lease is renewed, the DHCP client can update resolv.conf with new DNS information.
  3. Other Network Configuration Tools: Other tools or services, such as systemd-resolved, can also modify resolv.conf.

Solutions to prevent resolv.conf from resetting

1. Check for Network Manager

First, check if Network Manager is responsible for the changes. You can do this by refreshing Network Manager and checking if the generated resolv.conf file has a comment saying # Generated by NetworkManager. If this is the case, you can modify the Network Manager configuration to prevent it from modifying resolv.conf.

Open the file /etc/NetworkManager/NetworkManager.conf and add the following lines under the [main] section:

dns=none

The dns=none setting tells Network Manager not to manage DNS settings, preventing it from modifying resolv.conf.

2. Disable DHCP modifications

DHCP lease renewal can trigger changes in resolv.conf. To prevent this, edit the file /etc/dhcp/dhclient.conf and add the following lines at the end:

supersede domain-name "my.domain.com";
prepend domain-search "my.domain.com";

The supersede and prepend options allow you to override or add to the DNS settings provided by the DHCP server.

3. Use resolvconf

Another solution is to use resolvconf, a framework for managing resolv.conf. Install the resolvconf package and make static additions to /etc/resolvconf/resolv.conf.d/head or /etc/resolvconf/resolv.conf.d/tail files. These additions will override the automatic changes.

After making the changes, run sudo resolvconf -u to update resolv.conf.

4. Make resolv.conf immutable

You can use the chattr command to make resolv.conf immutable, which prevents any modifications, even by root. Run the following command:

sudo chattr +i /etc/resolv.conf

The +i option sets the immutable attribute on the file. To remove this attribute, use -i.

5. Investigate with auditd

If you’re still unsure what’s modifying resolv.conf, you can use auditd to track changes. Install the auditd package, start the daemon with sudo service auditd start, and set it to watch for modifications with sudo auditctl -w /etc/resolv.conf -p w.

The -w option specifies the file to watch, and -p w sets the watch for write access. The audit logs will be available in /var/log/audit/audit.log.

6. Check other configuration files

Finally, verify if there are any other programs or configuration files that might be modifying resolv.conf. Check files such as /etc/dhcpd.conf, /etc/systemd/resolved.conf, or any other relevant network configuration files.

Conclusion

The resolv.conf file is a crucial part of the Linux networking stack, and it’s important to control its contents for proper network operation. By understanding the reasons behind its changes and knowing how to prevent them, you can ensure a stable and predictable network environment. Remember to restart the necessary services or reboot your system after making any changes to ensure they take effect.

How can I check if Network Manager is responsible for the changes in my resolv.conf file?

To check if Network Manager is responsible for the changes, you can refresh Network Manager and then open the generated resolv.conf file. If you see a comment saying # Generated by NetworkManager, it indicates that Network Manager is modifying resolv.conf.

How can I prevent Network Manager from modifying my resolv.conf file?

To prevent Network Manager from modifying resolv.conf, you can modify the Network Manager configuration. Open the file /etc/NetworkManager/NetworkManager.conf and add dns=none under the [main] section. This setting tells Network Manager not to manage DNS settings and prevents it from modifying resolv.conf.

How can I prevent DHCP lease renewal from changing my resolv.conf file?

To prevent DHCP lease renewal from changing resolv.conf, you can edit the file /etc/dhcp/dhclient.conf and add supersede domain-name "my.domain.com"; and prepend domain-search "my.domain.com"; at the end. These options allow you to override or add to the DNS settings provided by the DHCP server.

What is resolvconf and how can it help prevent resolv.conf from resetting?

Resolvconf is a framework for managing resolv.conf. By installing the resolvconf package, you can make static additions to the /etc/resolvconf/resolv.conf.d/head or /etc/resolvconf/resolv.conf.d/tail files. These additions will override automatic changes to resolv.conf. After making the changes, run sudo resolvconf -u to update resolv.conf.

How can I make the resolv.conf file immutable to prevent any modifications?

You can use the chattr command to make resolv.conf immutable. Run sudo chattr +i /etc/resolv.conf to set the immutable attribute on the file. This prevents any modifications, even by root. To remove the immutable attribute, use sudo chattr -i /etc/resolv.conf.

How can I track changes to my resolv.conf file?

If you’re unsure what’s modifying resolv.conf, you can use auditd to track changes. Install the auditd package, start the daemon with sudo service auditd start, and set it to watch for modifications with sudo auditctl -w /etc/resolv.conf -p w. The audit logs will be available in /var/log/audit/audit.log.

Are there any other configuration files that might be modifying resolv.conf?

Yes, there might be other programs or configuration files that can modify resolv.conf. You can check files such as /etc/dhcpd.conf, /etc/systemd/resolved.conf, or any other relevant network configuration files to see if they are making changes to resolv.conf.

Leave a Comment

Your email address will not be published. Required fields are marked *