Tuesday, May 29, 2012

How To: Make Sure /etc/resolv.conf Never Get Updated By DHCP Client

Q. I'm using GNU/Linux with the Internet Systems Consortium DHCP Client. dhclient, provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol. It also updates my /etc/resolv.conf each time my laptop connects to different network. I would like to keep my existing nameservers. How do I skip /etc/resolv.conf update?

A. The DHCP protocol allows a host to contact a central server which maintains a list of IP addresses which may be assigned on one or more subnets. This protocol reduces system administration workload, allowing devices to be added to the network with little or no manual configuration. There are two ways you can get rid of this problem. Use any one of the following method.
WARNING! Many firewalls only allow access to certain nameservers only. So make sure your nameservers are supported. Also, many corporates block snooping name server such as OpenDNS due to privacy issues.

Option # 1: Write protecting /etc/resolv.conf file

Write protect your /etc/resolv.conf file with chattr command under Linux ext3 file system:
# chattr +i /etc/resolv.conf
+i attribute write protect etc/resolv.conf file under Linux so that no one can modify it. You can use chflags command under FreeBSD.

Option #2: dhclient-script hooks

The DHCP client network configuration script is invoked from time to time by dhclient. This script is used by the dhcp client to set each interface's initial configuration prior to requesting an address, to test the address once it has been offered, and to set the interface's final configuration once a lease has been acquired.
This script is not meant to be customized by the end user. If local customizations are needed, they should be possible using the enter and exit hooks provided. These hooks will allow the user to override the default behavior of the client in creating a /etc/resolv.conf file.
When it starts, the client script first defines a shell function, make_resolv_conf, which is later used to create the /etc/resolv.conf file. To override the default behavior, redefine this function in the enter hook script.

Create hook to avoid /etc/resolv.conf file update

You need to create /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate file under Debian / Ubuntu Linux:
# vi /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate
Append following code:
#!/bin/sh
make_resolv_conf(){
:
}
Save and close the file. Set permissions:
# chmod +x /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate
Above script will replace make_resolv_conf() with our own function. This functions does nothing.

A note about RHEL / CentOS / Fedora Linux

Place following code in /etc/dhclient-enter-hooks file:
# vi /etc/dhclient-enter-hooks
Append code:
make_resolv_conf(){
:
}
Save and close the file.

Option # 3: Configure dhclient.conf

/etc/dhclient.conf or /etc/dhcp/dhclient.conf file contains configuration information for dhclient. You can turn on or off DNS update and other options for specific interface or all interface using this file. The man pages for DHCLIENT.CONF and DHCP-OPTIONS point out that in dhclient.conf, you should add this:
option domain-name-servers 202.54.1.2, 199.2.3.4, 124.1.5.22

No comments:

Post a Comment