[权威教程翻译]resolv.conf from debian wiki

本文来自debian wiki

Ordinarily, the resolv.conf(5) file is managed dynamically by various network service daemons. This is the default, and is intended for laptops and other highly mobile systems which may connect to different networks. It also works well for many desktop and server systems, so long as the network infrastructure is perfect.

For some systems, on some networks, the system administrator may wish to configure /etc/resolv.conf by hand. This leads to a conflict between the administrator’s changes, and the dynamic changes performed by the network service daemons.

If you edit resolv.conf by hand, and need to stop daemons from overwriting your changes, this page documents some of your options.

Configuring resolvconf

The resolvconf package may be installed. When it is, it includes various configuration files for other package (such as isc-dhcp-client). Specifically, resolvconf includes a file which modifies the make_resolv_conf shell function used by dhclient-script(8).

With resolvconf installed, you can tell it to do nothing whenever some daemon tries to modify resolv.conf, by putting resolvconf=NO in the /etc/resolvconf.conf file. (Note: this is not the /etc/resolv.conf file!)

Alternatively, you can use dns-nameserver entries in the appropriate stanza in /etc/network/interfaces:

iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameserver 192.168.1.254
dns-nameserver 8.8.8.8
dns-search foo.org bar.com

Configuring dhclient

The most common daemon which overwrites resolv.conf is dhclient(8) (from isc-dhcp-client). In many cases, simply stopping this one daemon from touching the file will suffice.

Stop dhclient from modifying /etc/resolv.conf

Another approach makes use of dhclient-script’s hook scripts. According to dhclient-script(8):

When it starts, the client script first defines a shell function, make_resolv_conf , which is later used to create the /etc/resolv.conf file. To override the default behaviour, redefine this function in the enter hook script. 

Therefore, we can stop dhclient from overwriting resolv.conf by doing the following:

echo ‘make_resolv_conf() { :; }’ > /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
chmod 755 /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone

The execute bit is required because dhclient-script uses run-parts(8) to decide which files to read. For that same reason, the filename must not contain anything but letters, digits, underscores and hyphens.

Modifying /etc/dhcp/dhclient.conf

The /etc/dhcp/dhclient.conf file can be populated with directives that will override the options sent by the DHCP server. For example, these directives will override the domain, search, and nameserver parameters that are placed into /etc/resolv.conf:

supersede domain-name “example.com”;
supersede domain-search “example.com”;
supersede domain-name-servers 127.0.0.1;

Another option is to remove “domain-name, domain-name-servers, domain-search” from the request line. However, this only works on some networks, and not on others. If the DHCP server sends unsolicited domain-name-servers (et al.) responses, dhclient will still heed them, and will still overwrite the resolv.conf file.

Making /etc/resolv.conf immutable

This approach will render /etc/resolv.conf immutable so that it cannot be changed, regardless of what packages are installed or what tries to modify it.

rm -f /etc/resolv.conf
editor /etc/resolv.conf
chattr +i /etc/resolv.conf

Obviously, you will need to put the appropriate content into the file before setting the immutable bit. Any time you wish to change the file, you will have to remove the bit, make your change, and then restore the bit.

A consequence of making /etc/resolv.conf immutable is that if dhclient-script tries to change it and fails, it clutters /etc with temporary files. See 860928 for details. The user/admin may need to periodically clean these files out of /etc until #860928 is fixed.