/etc/resolv.conf: Unterschied zwischen den Versionen

Versionsgeschichte interaktiv durchsuchen

Version vom 3. Dezember 2022, 12:45 Uhr

resolv.conf

Ordinarily, the resolv.conf(5) file is managed dynamically by various network service daemons.

This is the default, and is intended for laptops and other highly mobile systems which may connect to different networks.
It also works well for many desktop and server systems, so long as the network infrastructure is perfect.

For some systems, on some networks, the system administrator may wish to configure /etc/resolv.conf by hand.

This leads to a conflict between the administrator's changes, and the dynamic changes performed by the network service daemons.

If you edit resolv.conf by hand, and need to stop daemons from overwriting your changes, this page documents some of your options.

Configuring openresolv or resolvconf

Debian provides two packages, each of which contains a program named resolvconf, which may be used to control (or outright prevent) the alteration of the /etc/resolv.conf file by various networking programs.

These packages are openresolv and resolvconf.
They conflict with each other, because they literally both provide the same program, so you have to pick at most one of them.

These packages include various configuration files for other packages (such as isc-dhcp-client).

For example, resolvconf includes a file which modifies the make_resolv_conf shell function used by dhclient-script(8).

If openresolv is installed, you can tell it to do nothing whenever some daemon tries to modify resolv.conf, by putting resolvconf=NO in the /etc/resolvconf.conf file. (Note: this is not the /etc/resolv.conf file!)

If resolvconf is installed, and if you're using ifupdown to configure your interface(s), you can use dns-nameserver entries in the appropriate stanza(s) in /etc/network/interfaces:

iface eth0 inet static
   address 192.168.1.3
   netmask 255.255.255.0
   gateway 192.168.1.1
   dns-nameserver 192.168.1.254
   dns-nameserver 8.8.8.8
   dns-search foo.org bar.com

Configuring dhclient

The most common daemon which overwrites resolv.conf is dhclient(8) (from isc-dhcp-client).

In many cases, simply stopping this one daemon from touching the file will suffice.

Stop dhclient from modifying /etc/resolv.conf

Another approach makes use of dhclient-script's hook scripts.

According to dhclient-script(8): * When it starts, the client script first defines a shell function, make_resolv_conf , which is later used to create the /etc/resolv.conf file.
To override the default behaviour, redefine this function in the enter hook script.

Therefore, we can stop dhclient from overwriting resolv.conf by doing the following:

echo 'make_resolv_conf() { :; }' > /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
chmod 755 /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone

The execute bit is required because dhclient-script uses run-parts(8) to decide which files to read.

For that same reason, the filename must not contain anything but letters, digits, underscores and hyphens.

Modifying /etc/dhcp/dhclient.conf

The /etc/dhcp/dhclient.conf file can be populated with directives that will override the options sent by the DHCP server.

For example, these directives will override the domain, search, and nameserver parameters that are placed into /etc/resolv.conf:

supersede domain-name "example.com";
supersede domain-search "example.com";
supersede domain-name-servers 127.0.0.1;

Another option is to remove "domain-name, domain-name-servers, domain-search" from the request line.

However, this only works on some networks, and not on others.
If the DHCP server sends unsolicited domain-name-servers (et al.) responses, dhclient will still heed them, and will still overwrite the resolv.conf file.

Making /etc/resolv.conf immutable

This approach will render /etc/resolv.conf immutable so that it cannot be changed, regardless of what packages are installed or what tries to modify it.

rm -f /etc/resolv.conf
editor /etc/resolv.conf
chattr +i /etc/resolv.conf

Obviously, you will need to put the appropriate content into the file before setting the immutable bit.

Any time you wish to change the file, you will have to remove the bit, make your change, and then restore the bit.

A consequence of making /etc/resolv.conf immutable is that if dhclient-script tries to change it and fails, it clutters /etc with temporary files.

See 860928 for details.
The user/admin may need to periodically clean these files out of /etc until #860928 is fixed.

@@ Zeile 2: / Zeile 2: @@
 ==resolv.conf==
-Ordinarily, the [https://manpages.debian.org/man/resolv.conf.5 resolv.conf(5)] file is managed dynamically by various network service daemons. This is the default, and is intended for laptops and other highly mobile systems which may connect to different networks. It also works well for many desktop and server systems, so long as the network infrastructure is perfect.
+Ordinarily, the [https://manpages.debian.org/man/resolv.conf.5 resolv.conf(5)] file is managed dynamically by various network service daemons.
+* This is the default, and is intended for laptops and other highly mobile systems which may connect to different networks.
+* It also works well for many desktop and server systems, so long as the network infrastructure is perfect.
-For some systems, on some networks, the system administrator may wish to configure '''/etc/resolv.conf''' by hand. This leads to a conflict between the administrator's changes, and the dynamic changes performed by the network service daemons.
+For some systems, on some networks, the system administrator may wish to configure '''/etc/resolv.conf''' by hand.
+* This leads to a conflict between the administrator's changes, and the dynamic changes performed by the network service daemons.
 If you edit <tt>resolv.conf</tt> by hand, and need to stop daemons from overwriting your changes, this page documents some of your options.
 ==Configuring openresolv or resolvconf==
-Debian provides ''two'' packages, each of which contains a program named '''resolvconf''', which may be used to control (or outright prevent) the alteration of the <tt>/etc/resolv.conf</tt> file by various networking programs. These packages are [https://packages.debian.org/openresolv openresolv] and [https://packages.debian.org/resolvconf resolvconf]. They conflict with each other, because they literally both provide the same program, so you have to pick at most one of them.
+Debian provides ''two'' packages, each of which contains a program named '''resolvconf''', which may be used to control (or outright prevent) the alteration of the <tt>/etc/resolv.conf</tt> file by various networking programs.
+* These packages are [https://packages.debian.org/openresolv openresolv] and [https://packages.debian.org/resolvconf resolvconf].
+* They conflict with each other, because they literally both provide the same program, so you have to pick at most one of them.
-These packages include various configuration files for other packages (such as [https://packages.debian.org/isc-dhcp-client isc-dhcp-client]). For example, resolvconf includes a file which modifies the <tt>make_resolv_conf</tt> shell function used by [https://manpages.debian.org/man/dhclient-script.8 dhclient-script(8)].
+These packages include various configuration files for other packages (such as [https://packages.debian.org/isc-dhcp-client isc-dhcp-client]).
+* For example, resolvconf includes a file which modifies the <tt>make_resolv_conf</tt> shell function used by [https://manpages.debian.org/man/dhclient-script.8 dhclient-script(8)].
 If '''openresolv''' is installed, you can tell it to ''do nothing'' whenever some daemon tries to modify <tt>resolv.conf</tt>, by putting '''resolvconf=NO''' in the '''/etc/resolvconf.conf''' file. (Note: this is ''not'' the <tt>/etc/resolv.conf</tt> file!)
 If '''resolvconf''' is installed, and if you're using [https://packages.debian.org/ifupdown ifupdown] to configure your interface(s), you can use <tt>dns-nameserver</tt> entries in the appropriate stanza(s) in <tt>/etc/network/interfaces</tt>:
   iface eth0 inet static
      address 192.168.1.3
@@ Zeile 26: / Zeile 32: @@
 ==Configuring dhclient==
-The most common daemon which overwrites <tt>resolv.conf</tt> is [https://manpages.debian.org/man/dhclient.8 dhclient(8)] (from [https://packages.debian.org/isc-dhcp-client isc-dhcp-client]). In many cases, simply stopping this ''one'' daemon from touching the file will suffice.
+The most common daemon which overwrites <tt>resolv.conf</tt> is [https://manpages.debian.org/man/dhclient.8 dhclient(8)] (from [https://packages.debian.org/isc-dhcp-client isc-dhcp-client]).
+* In many cases, simply stopping this ''one'' daemon from touching the file will suffice.
 ===Stop dhclient from modifying /etc/resolv.conf===
-Another approach makes use of dhclient-script's hook scripts. According to [https://manpages.debian.org/man/dhclient-script.8 dhclient-script(8)]: * When it starts, the client script first defines a shell function, make_resolv_conf , which is later used to create the /etc/resolv.conf file. To override the default behaviour, redefine this function in the enter hook script.
+Another approach makes use of dhclient-script's hook scripts.
+* According to [https://manpages.debian.org/man/dhclient-script.8 dhclient-script(8)]: * When it starts, the client script first defines a shell function, make_resolv_conf , which is later used to create the /etc/resolv.conf file.
+* To override the default behaviour, redefine this function in the enter hook script.
 Therefore, we can stop dhclient from overwriting <tt>resolv.conf</tt> by doing the following:
   echo 'make_resolv_conf() { :; }' > /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
   chmod 755 /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
-The execute bit is required because dhclient-script uses [https://manpages.debian.org/man/run-parts.8 run-parts(8)] to decide which files to read. For that same reason, the filename ''must not'' contain anything but letters, digits, underscores and hyphens.
+The execute bit is required because dhclient-script uses [https://manpages.debian.org/man/run-parts.8 run-parts(8)] to decide which files to read.
+* For that same reason, the filename ''must not'' contain anything but letters, digits, underscores and hyphens.
 ===Modifying /etc/dhcp/dhclient.conf===
-The '''/etc/dhcp/dhclient.conf''' file can be populated with directives that will override the options sent by the DHCP server. For example, these directives will override the domain, search, and nameserver parameters that are placed into <tt>/etc/resolv.conf</tt>:
+The '''/etc/dhcp/dhclient.conf''' file can be populated with directives that will override the options sent by the DHCP server.
+* For example, these directives will override the domain, search, and nameserver parameters that are placed into <tt>/etc/resolv.conf</tt>:
   supersede domain-name "example.com";
@@ Zeile 44: / Zeile 55: @@
   supersede domain-name-servers 127.0.0.1;
-Another option is to remove "domain-name, domain-name-servers, domain-search" from the request line. However, this only works on '''some''' networks, and not on others. If the DHCP server sends unsolicited domain-name-servers (et al.) responses, dhclient will still heed them, and will still overwrite the <tt>resolv.conf</tt> file.
+Another option is to remove "domain-name, domain-name-servers, domain-search" from the request line.
+* However, this only works on '''some''' networks, and not on others.
+* If the DHCP server sends unsolicited domain-name-servers (et al.) responses, dhclient will still heed them, and will still overwrite the <tt>resolv.conf</tt> file.
 ==Making /etc/resolv.conf immutable==
 This approach will render <tt>/etc/resolv.conf</tt> immutable so that it cannot be changed, regardless of what packages are installed or what tries to modify it.
   rm -f /etc/resolv.conf
   editor /etc/resolv.conf
   chattr +i /etc/resolv.conf
-Obviously, you will need to put the appropriate content into the file ''before'' setting the immutable bit. Any time you wish to change the file, you will have to remove the bit, make your change, and then restore the bit.
+Obviously, you will need to put the appropriate content into the file ''before'' setting the immutable bit.
+* Any time you wish to change the file, you will have to remove the bit, make your change, and then restore the bit.
-A consequence of making <tt>/etc/resolv.conf</tt> immutable is that if dhclient-script tries to change it and fails, it clutters /etc with temporary files. See [https://bugs.debian.org/860928 860928] for details. The user/admin may need to periodically clean these files out of <tt>/etc</tt> until #860928 is fixed.
+A consequence of making <tt>/etc/resolv.conf</tt> immutable is that if dhclient-script tries to change it and fails, it clutters /etc with temporary files.
+* See [https://bugs.debian.org/860928 860928] for details.
+* The user/admin may need to periodically clean these files out of <tt>/etc</tt> until #860928 is fixed.
 [[Kategorie:DNS]]
 [[Kategorie:Linux:Netzwerk]]
 {{DEFAULTSORT:resolv.conf}}