Translations: English

Information about the /etc/resolv.conf file. For general information about network configuration, see NetworkConfiguration.

Contents

  1. DNS configuration for NetworkManager
  2. Using systemd-resolved for DNS resolution
    1. Enabling systemd-resolved
    2. Checking the status and flushing the cache in systemd-resolved
    3. Managing systemd-resolved settings
  3. Configuring dhclient
    1. Modifying /etc/dhcp/dhclient.conf
    2. Stop dhclient from modifying /etc/resolv.conf
    3. Setting additional DNS Servers
    4. Setting additional search domains
  4. Configuring resolvconf (or a workalike)
  5. Making /etc/resolv.conf immutable

Before a computer can connect to an external network resource (e.g. a web server), it must have a means of resolving domain names used by people (e.g. wiki.debian.org) to numeric network addresses used by routers (e.g. 140.211.166.4). Here is an example /etc/resolv.conf file that tells your computer to do that with Cloudflare's nameserver and Google's nameserver: 

nameserver 1.1.1.1
nameserver 8.8.8.8

See resolv.conf for details.

DNS configuration for NetworkManager

NetworkManager normally manages /etc/resolv.conf, even if you've configured DNS in /etc/dhcp/dhclient.conf. You can get an idea of NetworkManager's settings by running nmcli on the command line.

You can configure these settings graphically:

  1. run nm-connection-editor

    • "Advanced Network Configuration") in the menu system
  2. Choose a connection and click the cog button to edit
  3. Click on the IPv4 Settings tab
  4. Choose 'Automatic (DHCP) addresses only' instead of just 'Automatic (DHCP)'.

  5. Enter the DNS servers in the "DNS servers" field, separated by spaces (e.g. 208.67.222.222 for OpenDNS).

  6. Click "Save"

NetworkManager saves these settings in /etc/NetworkManager/system-connections/name-of-connection. For example: 

[802-3-ethernet]
duplex=full
mac-address=XX:XX:XX:XX:XX:XX

[connection]
id=Wired connection 1
uuid=xxx-xxxxxx-xxxxxx-xxxxxx-xxx
type=802-3-ethernet
timestamp=1385213042

[ipv6]
method=auto

[ipv4]
method=auto
dns=208.67.222.222;
ignore-auto-dns=true

Run nmcli again to check NetworkManager now has the right idea of how your DNS should be resolved.

Using systemd-resolved for DNS resolution

systemd-resolved is not installed by default. It runs a local caching dns resolver that can be integrated with NetworkManager and systemd-networkd: 

apt install systemd-resolved

Enabling systemd-resolved

systemd-resolved is disabled by default. To enable it: 

systemctl enable systemd-resolved
ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

Also for glibc apps using nss, you need to edit /etc/nsswitch.conf so the hosts line looks like: 

hosts: mymachines resolve [!UNAVAIL=return] files dns myhostname

This will use nss-resolve(8) for resolution.

Note that resolved supports /etc/hosts so should to go before the files entry.

Checking the status and flushing the cache in systemd-resolved

You can check the status of systemd-resolved with resolvectl: 

resolvectl

You can flush the cache that resolved has with: 

resolvectl flush-cache

Managing systemd-resolved settings

General settings for systemd-resolved are managed in /etc/systemd/resolved.conf - see resolved.conf.

Configuring dhclient

If you have disabled NetworkManager etc., the last remaining daemon which overwrites resolv.conf may be dhclient(8) (from isc-dhcp-client). If so, you can change resolv.conf by configuring this service.

Modifying /etc/dhcp/dhclient.conf

If you just want to override specific values from the DHCP server, edit /etc/dhcp/dhclient.conf: 

supersede domain-name "example.com";
supersede domain-search "example.com";
supersede domain-name-servers 127.0.0.1;

Another option is to remove "domain-name, domain-name-servers, domain-search" from the request line. However, this only works on some networks. If the DHCP server sends unsolicited domain-name-servers (et al.) responses, dhclient will still heed them, and will still overwrite the resolv.conf file.

Stop dhclient from modifying /etc/resolv.conf

If you don't want dhclient to change the file at all, do: 

echo 'make_resolv_conf() { :; }' > /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
chmod 755 /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone

The execute bit is required because dhclient-script uses run-parts(8) to decide which files to read. For that same reason, the filename must not contain anything but letters, digits, underscores and hyphens.

According to dhclient-script(8):

  • When it starts, the client script first defines a shell function, make_resolv_conf , which is later used to create the /etc/resolv.conf file. To override the default behaviour, redefine this function in the enter hook script.

Setting additional DNS Servers

Example: dhclient3 uses /etc/dhcp/dhclient.conf. The setting you want is: 

supersede domain-name-servers 12.34.56.78, 12.34.56.79;

or perhaps 

prepend domain-name-servers 12.34.56.78, 12.34.56.79;

Setting additional search domains

Adding search domains for VPNs or local virtual networks: 

append domain-name " virt vpn";

Note the leading space since the string is literally appended to the search domain provided by other configurations.

See the dhclient.conf for details.

Configuring resolvconf (or a workalike)

resolvconf programs keep track of system information about the currently available nameservers. They should not be confused with the configuration file /etc/resolv.conf, which unfortunately has a nearly identical name. There was originally only one resolvconf package, but now you can choose one of the other packages providing resolvconf. These commands let you add settings without them being overwritten by other commands.

A resolvconf program acts as an intermediary between programs that supply nameserver information (e.g. dhcp clients) and programs that use nameserver information (e.g. resolver). If you have more than one program modifying /etc/resolv.conf, this stops them from overwriting each others' configuration.

These packages replace /etc/resolv.conf with a symbolic link to /etc/resolvconf/run/resolv.conf, which is generated dynamically.

These packages include various configuration files for other packages (such as isc-dhcp-client). For example, resolvconf includes a file which modifies the make_resolv_conf shell function used by dhclient-script(8).

To manually define the nameservers (as with a static interface), add a line like the following to the interfaces configuration file at /etc/network/interfaces: 

dns-nameservers 12.34.56.78 12.34.56.79

Place the line indented within an iface stanza, e.g., right after the gateway line. Enter the IP addresses of the nameservers you need to use after dns-nameservers. Put all of them on one line separated by spaces. Don't forget the "s" on the end of dns-nameservers.

openresolv lets you tell it to do nothing whenever some daemon tries to modify resolv.conf, by putting resolvconf=NO in the /etc/resolvconf.conf file. (Note: this is not the /etc/resolv.conf file!)

See /usr/share/doc/resolvconf/README for more information.

Making /etc/resolv.conf immutable

You can make /etc/resolv.conf immutable, so it cannot be changed by any package: 

rm -f /etc/resolv.conf
editor /etc/resolv.conf
chattr +i /etc/resolv.conf

Obviously, you will need to put the appropriate content into the file before setting the immutable bit. Any time you wish to change the file, you will have to remove the bit, make your change, and then restore the bit.

dhclient-script may clutter /etc with temporary files when it fails to write to them - see 860928. You may need to periodically clean these files out of /etc.

CategoryNetwork

AltStyle によって変換されたページ (->オリジナル) /