subject:"\[CentOS\] Network Manager \/ CentOS 7 \/ local unbound"

Re: [CentOS] Network Manager / CentOS 7 / local unbound

2017-04-12 Thread Gordon Messmer

On Tue, Apr 11, 2017 at 1:40 AM, Alice Wonder  wrote:
> http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager
>
> That says it works for CentOS 5 and I *suspect* the methods there (3 listed)
> would work

Across comments, there are actually more than 3 solutions.  The
shortest and simplest solution is to add one line containing
"dns=none" to the [main] section of
/etc/NetworkManager/NetworkManager.conf.  Doing so will instruct
NetworkManager not to update the resolv.conf file.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network Manager / CentOS 7 / local unbound

2017-04-12 Thread Alice Wonder


I think configuring NetworkManager not to touch it is the right solution.

Unless there are cases where NetworkManager ignores its configuration 
but I haven't seen those.


A fancier solution might be to have some kind of systemd script that 
rewrites it if and only if the unbound daemon has successfully started 
and I thought about looking in to doing that, but that means if the 
unbound daemon for some reason doesn't start, it would be using the less 
secure ISP provided DNS resolution and I'd rather have it fail so I know 
there's a problem and can investigate.


On 04/12/2017 02:02 AM, Nux! wrote:

OR just make the file immutable if it's so critical to you.

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -

From: "Jon LaBadie" <j...@labadie.us>
To: "CentOS mailing list" <centos@centos.org>
Sent: Wednesday, 12 April, 2017 07:16:22
Subject: Re: [CentOS] Network Manager / CentOS 7 / local unbound



On Tue, Apr 11, 2017 at 01:40:21AM -0700, Alice Wonder wrote:

Hello list -

http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager

That says it works for CentOS 5 and I *suspect* the methods there (3 listed)
would work, but what is the best way with NetworkManager to set it up to use
the localhost for DNS ?

I'm paranoid about DNS spoofing and really prefer to have a local instance
of DNSSEC enforcing unbound running on my CentOS 7 virtual machines (e.g.
linode)

Currently I just use a cron job that runs once a minute to over-write was it
is /etc/resolv.conf so they don't use the DHCP assigned nameservers, but
that does leave a short window every time the network is restarted.


Besides the suggested configs, if still worried you could set up
an inotify watch on /etc/resolv.conf to let you know, or take
action, whenever it changes.

jon
--
Jon H. LaBadie j...@jgcomp.com
11226 South Shore Rd.  (703) 787-0688 (H)
Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network Manager / CentOS 7 / local unbound

2017-04-12 Thread Nux!

OR just make the file immutable if it's so critical to you.

--
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

- Original Message -
> From: "Jon LaBadie" <j...@labadie.us>
> To: "CentOS mailing list" <centos@centos.org>
> Sent: Wednesday, 12 April, 2017 07:16:22
> Subject: Re: [CentOS] Network Manager / CentOS 7 / local unbound

> On Tue, Apr 11, 2017 at 01:40:21AM -0700, Alice Wonder wrote:
>> Hello list -
>> 
>> http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager
>> 
>> That says it works for CentOS 5 and I *suspect* the methods there (3 listed)
>> would work, but what is the best way with NetworkManager to set it up to use
>> the localhost for DNS ?
>> 
>> I'm paranoid about DNS spoofing and really prefer to have a local instance
>> of DNSSEC enforcing unbound running on my CentOS 7 virtual machines (e.g.
>> linode)
>> 
>> Currently I just use a cron job that runs once a minute to over-write was it
>> is /etc/resolv.conf so they don't use the DHCP assigned nameservers, but
>> that does leave a short window every time the network is restarted.
> 
> Besides the suggested configs, if still worried you could set up
> an inotify watch on /etc/resolv.conf to let you know, or take
> action, whenever it changes.
> 
> jon
> --
> Jon H. LaBadie j...@jgcomp.com
> 11226 South Shore Rd.  (703) 787-0688 (H)
> Reston, VA  20190  (703) 935-6720 (C)
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network Manager / CentOS 7 / local unbound

2017-04-12 Thread Jon LaBadie

On Tue, Apr 11, 2017 at 01:40:21AM -0700, Alice Wonder wrote:
> Hello list -
> 
> http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager
> 
> That says it works for CentOS 5 and I *suspect* the methods there (3 listed)
> would work, but what is the best way with NetworkManager to set it up to use
> the localhost for DNS ?
> 
> I'm paranoid about DNS spoofing and really prefer to have a local instance
> of DNSSEC enforcing unbound running on my CentOS 7 virtual machines (e.g.
> linode)
> 
> Currently I just use a cron job that runs once a minute to over-write was it
> is /etc/resolv.conf so they don't use the DHCP assigned nameservers, but
> that does leave a short window every time the network is restarted.

Besides the suggested configs, if still worried you could set up
an inotify watch on /etc/resolv.conf to let you know, or take
action, whenever it changes.

jon
-- 
Jon H. LaBadie j...@jgcomp.com
 11226 South Shore Rd.  (703) 787-0688 (H)
 Reston, VA  20190  (703) 935-6720 (C)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network Manager / CentOS 7 / local unbound

2017-04-11 Thread Louis Lagendijk

On Tue, 2017-04-11 at 01:40 -0700, Alice Wonder wrote:
> Hello list -
> 
> http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver
> -in-fedora-using-network-manager
> 
> That says it works for CentOS 5 and I *suspect* the methods there (3 
> listed) would work, but what is the best way with NetworkManager to
> set 
> it up to use the localhost for DNS ?
> 
> I'm paranoid about DNS spoofing and really prefer to have a local 
> instance of DNSSEC enforcing unbound running on my CentOS 7 virtual 
> machines (e.g. linode)
> 
> Currently I just use a cron job that runs once a minute to over-
> write 
> was it is /etc/resolv.conf so they don't use the DHCP assigned 
> nameservers, but that does leave a short window every time the
> network 
> is restarted.
> 
> I'd like to know the proper way to set up Network Manager to just
> create
> 
> nameserver 127.0.0.1
> nameserver ::1
> 
> in /etc/resolv.conf
> 
> Via google, it seems every distro approaches it differently and most 
> instructions I have seen involve a GUI.
> 
> I did not see how to do it in the CentOS documentation but it might
> be 
> there and I just did not figure out how to search it for what I
> wanted.
> 
> Those stackexchange methods look like they might work but they
> reference 
> CentOS 5 and I know some NetworkManager stuff changed even just
> between 
> 7.2 and 7.3 as I experienced incorrect IPv6 address after update as
> a 
> result of those changes.
> 
> Is there an "official" way to tell NetworkManager what I want in 
> /etc/resolv.conf ? Or better yet, a way to just tell it to leave
> that 
> file alone?
Use nmtui to manually configure the the interface AND nameservers. That
 puts the correct info in the ifcfg files. Nmtui is a curses UI. Just
don't foret to specify the interface ip-address with the right netmask
(e.g. 1.2.3.4/24, default seems to e a /32, I have been bitten by that
a numer of times)


/Louis
> 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network Manager / CentOS 7 / local unbound

2017-04-11 Thread Gianluca Cecchi

On Tue, Apr 11, 2017 at 12:03 PM, Alice Wonder  wrote:

> From the man page that does tell it not to mess with /etc/resolv.conf -
> thank you. That will work.
>
> On 04/11/2017 02:21 AM, anax wrote:
>
>> Hi Alice
>> man NetworkManager.conf
>>
>> in /etc/NetworkManager/NetworkManager.conf
>>
>> 
>> dns=none
>> 
>>
>>
Hello,
I think another option should be to put this inside ifcfg-xxx of the
involved network adapter:

PEERDNS=no

So that it will not accept dns server eventually proposed by the dhcp server
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network Manager / CentOS 7 / local unbound

2017-04-11 Thread Alice Wonder

From the man page that does tell it not to mess with /etc/resolv.conf - 
thank you. That will work.


On 04/11/2017 02:21 AM, anax wrote:

Hi Alice
man NetworkManager.conf

in /etc/NetworkManager/NetworkManager.conf


dns=none





*snip*

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network Manager / CentOS 7 / local unbound

2017-04-11 Thread anax


Hi Alice
man NetworkManager.conf

in /etc/NetworkManager/NetworkManager.conf


dns=none



suomi

On 04/11/2017 10:40 AM, Alice Wonder wrote:

Hello list -

http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager


That says it works for CentOS 5 and I *suspect* the methods there (3
listed) would work, but what is the best way with NetworkManager to set
it up to use the localhost for DNS ?

I'm paranoid about DNS spoofing and really prefer to have a local
instance of DNSSEC enforcing unbound running on my CentOS 7 virtual
machines (e.g. linode)

Currently I just use a cron job that runs once a minute to over-write
was it is /etc/resolv.conf so they don't use the DHCP assigned
nameservers, but that does leave a short window every time the network
is restarted.

I'd like to know the proper way to set up Network Manager to just create

nameserver 127.0.0.1
nameserver ::1

in /etc/resolv.conf

Via google, it seems every distro approaches it differently and most
instructions I have seen involve a GUI.

I did not see how to do it in the CentOS documentation but it might be
there and I just did not figure out how to search it for what I wanted.

Those stackexchange methods look like they might work but they reference
CentOS 5 and I know some NetworkManager stuff changed even just between
7.2 and 7.3 as I experienced incorrect IPv6 address after update as a
result of those changes.

Is there an "official" way to tell NetworkManager what I want in
/etc/resolv.conf ? Or better yet, a way to just tell it to leave that
file alone?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Network Manager / CentOS 7 / local unbound

2017-04-11 Thread Alice Wonder


Hello list -

http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager

That says it works for CentOS 5 and I *suspect* the methods there (3 
listed) would work, but what is the best way with NetworkManager to set 
it up to use the localhost for DNS ?


I'm paranoid about DNS spoofing and really prefer to have a local 
instance of DNSSEC enforcing unbound running on my CentOS 7 virtual 
machines (e.g. linode)


Currently I just use a cron job that runs once a minute to over-write 
was it is /etc/resolv.conf so they don't use the DHCP assigned 
nameservers, but that does leave a short window every time the network 
is restarted.


I'd like to know the proper way to set up Network Manager to just create

nameserver 127.0.0.1
nameserver ::1

in /etc/resolv.conf

Via google, it seems every distro approaches it differently and most 
instructions I have seen involve a GUI.


I did not see how to do it in the CentOS documentation but it might be 
there and I just did not figure out how to search it for what I wanted.


Those stackexchange methods look like they might work but they reference 
CentOS 5 and I know some NetworkManager stuff changed even just between 
7.2 and 7.3 as I experienced incorrect IPv6 address after update as a 
result of those changes.


Is there an "official" way to tell NetworkManager what I want in 
/etc/resolv.conf ? Or better yet, a way to just tell it to leave that 
file alone?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network Manager / CentOS 7 / local unbound

Re: [CentOS] Network Manager / CentOS 7 / local unbound

Re: [CentOS] Network Manager / CentOS 7 / local unbound

Re: [CentOS] Network Manager / CentOS 7 / local unbound

Re: [CentOS] Network Manager / CentOS 7 / local unbound

Re: [CentOS] Network Manager / CentOS 7 / local unbound

Re: [CentOS] Network Manager / CentOS 7 / local unbound

Re: [CentOS] Network Manager / CentOS 7 / local unbound

[CentOS] Network Manager / CentOS 7 / local unbound

9 matches

Site Navigation

Mail list logo

Footer information