7

I want to use certain DNS servers on my Debian, regardless of whatever I get through DHCP. I'm trying to configure dhclient to ignore those, but I can't seem to get it to work.

Per advice from this article I added supersede domain-name-servers 8.8.8.8, 8.8.4.4; stanza to my /etc/dhcp/dhclient.conf file. I also tried these answers from superuser.com and removed domain-name-servers and domain-search values from request directive. Both of those, applied separately as well as together, seem to have no effect. After running sudo dhclient -r and then sudo dhclient, I still find following entries in /etc/resolvconf/run/interfaces/enp2s0.dhclient:

domain lan
nameserver 192.168.1.1

which prompt resolvconf to put nameserver 192.168.1.1 in my /etc/resolv.conf file.

I double-checked if I don't miss any semicolons or similar syntax elements. How can I get my configuration to work? I don't want to remove resolvconf, since it manages changes in my nameservers when I use corporate VPN and it does it well. It looks like dhclient is the offending party here.

Here's my current /etc/dhcp/dhclient.conf with default comments removed for the sake of clarity:

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;

send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
        domain-name, host-name,
        dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
        netbios-name-servers, netbios-scope, interface-mtu,
        rfc3442-classless-static-routes, ntp-servers;

#supersede domain-name-servers 8.8.8.8, 8.8.4.4;

Update: per request in comment, here's output of ps ax | grep dhcp:

23528 pts/2    S+     0:00 grep dhcp
Improve this question
4
  • Please add ps ax | grep dhcp to the post. Commented Apr 1, 2016 at 7:37
  • @RuiFRibeiro edited in. Commented Apr 4, 2016 at 11:28
  • my fault...please change it to ps ax | grep dhc. Also do include cat /etc/network/interfaces, or at least the configuration of the relevant interface for this discussion. Commented Apr 4, 2016 at 12:08
  • Have you commented out too the domain-name-servers from the require directive after the request line you show us? Commented Apr 4, 2016 at 12:10

4 Answers 4

Reset to default
6

If you don't need resolvconf to manage your /etc/resolv.conf file, the simplest solution is to uninstall resolvconf entirely.

Improve this answer
2
  • +1. apt-get purge --kill-kill-kill --burn-it-with-fire resolvconf. Commented Apr 1, 2016 at 23:16
  • 2
    I'd like to avoid that, since resolvconf automatizes nameservers change when connecting to VPN and disconnecting from it. I should probably add that information to the question. Commented Apr 4, 2016 at 11:23
3

As you've discovered, resolvconf is not the problem. My solution for this was to create a file /etc/dhcp/dhclient-enter-hooks.d/ignore_resolv_conf and put this in it:

# prevent dhclient from touching /etc/resolv.conf
make_resolv_conf() { : ; }

Make sure the file is executable.

Setting options in the DHCP client to ignore resolvers doesn't make it ignore resolvers.

This works for me on Ubuntu 20.04, YMMV.

Improve this answer
1
  • Great answer, works on Debian 11 too. Commented Mar 6, 2024 at 9:45
1

How to stop dhclient from updating resolvconf on Debian?

I don't want to remove resolvconf

You need to add domain-name-servers 8.8.8.8, 8.8.4.4 to

/etc/resolvconf/resolv.conf.d/base

And

/etc/network/interfaces

Regenerate resolv.conf then restart networking:

resolvconf -u
/etc/init.d/networking restart
Improve this answer
0

Write protect your /etc/resolv.conf file using the chattr command on a Linux bases system.

The syntax is:

# chattr +i /etc/resolv.conf

The +i option (attribute) write protects /etc/resolv.conf file on Linux so that no one can modify it including root user.

Improve this answer
3
  • 2
    This is a brute force "solution" and makes it even harder to understand how the different component work together eventually. Here is a nice list of what accesses resolv.conf unix.stackexchange.com/a/527581/88177 Commented Sep 25, 2019 at 18:11
  • @user640916 Sometimes there is no time for understanding how those components work together. Especially when the way they works changes every year. Commented Jan 18, 2024 at 22:28
  • end this can speed up finding what accesses the file since daemon usually leaves logs Commented Jan 18, 2024 at 22:31

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.