Re: [CentOS] Network Manager / CentOS 7 / local unbound
On Tue, Apr 11, 2017 at 1:40 AM, Alice Wonderwrote: > http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager > > That says it works for CentOS 5 and I *suspect* the methods there (3 listed) > would work Across comments, there are actually more than 3 solutions. The shortest and simplest solution is to add one line containing "dns=none" to the [main] section of /etc/NetworkManager/NetworkManager.conf. Doing so will instruct NetworkManager not to update the resolv.conf file. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network Manager / CentOS 7 / local unbound
I think configuring NetworkManager not to touch it is the right solution. Unless there are cases where NetworkManager ignores its configuration but I haven't seen those. A fancier solution might be to have some kind of systemd script that rewrites it if and only if the unbound daemon has successfully started and I thought about looking in to doing that, but that means if the unbound daemon for some reason doesn't start, it would be using the less secure ISP provided DNS resolution and I'd rather have it fail so I know there's a problem and can investigate. On 04/12/2017 02:02 AM, Nux! wrote: OR just make the file immutable if it's so critical to you. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: "Jon LaBadie" <j...@labadie.us> To: "CentOS mailing list" <centos@centos.org> Sent: Wednesday, 12 April, 2017 07:16:22 Subject: Re: [CentOS] Network Manager / CentOS 7 / local unbound On Tue, Apr 11, 2017 at 01:40:21AM -0700, Alice Wonder wrote: Hello list - http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager That says it works for CentOS 5 and I *suspect* the methods there (3 listed) would work, but what is the best way with NetworkManager to set it up to use the localhost for DNS ? I'm paranoid about DNS spoofing and really prefer to have a local instance of DNSSEC enforcing unbound running on my CentOS 7 virtual machines (e.g. linode) Currently I just use a cron job that runs once a minute to over-write was it is /etc/resolv.conf so they don't use the DHCP assigned nameservers, but that does leave a short window every time the network is restarted. Besides the suggested configs, if still worried you could set up an inotify watch on /etc/resolv.conf to let you know, or take action, whenever it changes. jon -- Jon H. LaBadie j...@jgcomp.com 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network Manager / CentOS 7 / local unbound
OR just make the file immutable if it's so critical to you. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - > From: "Jon LaBadie" <j...@labadie.us> > To: "CentOS mailing list" <centos@centos.org> > Sent: Wednesday, 12 April, 2017 07:16:22 > Subject: Re: [CentOS] Network Manager / CentOS 7 / local unbound > On Tue, Apr 11, 2017 at 01:40:21AM -0700, Alice Wonder wrote: >> Hello list - >> >> http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager >> >> That says it works for CentOS 5 and I *suspect* the methods there (3 listed) >> would work, but what is the best way with NetworkManager to set it up to use >> the localhost for DNS ? >> >> I'm paranoid about DNS spoofing and really prefer to have a local instance >> of DNSSEC enforcing unbound running on my CentOS 7 virtual machines (e.g. >> linode) >> >> Currently I just use a cron job that runs once a minute to over-write was it >> is /etc/resolv.conf so they don't use the DHCP assigned nameservers, but >> that does leave a short window every time the network is restarted. > > Besides the suggested configs, if still worried you could set up > an inotify watch on /etc/resolv.conf to let you know, or take > action, whenever it changes. > > jon > -- > Jon H. LaBadie j...@jgcomp.com > 11226 South Shore Rd. (703) 787-0688 (H) > Reston, VA 20190 (703) 935-6720 (C) > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network Manager / CentOS 7 / local unbound
On Tue, Apr 11, 2017 at 01:40:21AM -0700, Alice Wonder wrote: > Hello list - > > http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager > > That says it works for CentOS 5 and I *suspect* the methods there (3 listed) > would work, but what is the best way with NetworkManager to set it up to use > the localhost for DNS ? > > I'm paranoid about DNS spoofing and really prefer to have a local instance > of DNSSEC enforcing unbound running on my CentOS 7 virtual machines (e.g. > linode) > > Currently I just use a cron job that runs once a minute to over-write was it > is /etc/resolv.conf so they don't use the DHCP assigned nameservers, but > that does leave a short window every time the network is restarted. Besides the suggested configs, if still worried you could set up an inotify watch on /etc/resolv.conf to let you know, or take action, whenever it changes. jon -- Jon H. LaBadie j...@jgcomp.com 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network Manager / CentOS 7 / local unbound
On Tue, 2017-04-11 at 01:40 -0700, Alice Wonder wrote: > Hello list - > > http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver > -in-fedora-using-network-manager > > That says it works for CentOS 5 and I *suspect* the methods there (3 > listed) would work, but what is the best way with NetworkManager to > set > it up to use the localhost for DNS ? > > I'm paranoid about DNS spoofing and really prefer to have a local > instance of DNSSEC enforcing unbound running on my CentOS 7 virtual > machines (e.g. linode) > > Currently I just use a cron job that runs once a minute to over- > write > was it is /etc/resolv.conf so they don't use the DHCP assigned > nameservers, but that does leave a short window every time the > network > is restarted. > > I'd like to know the proper way to set up Network Manager to just > create > > nameserver 127.0.0.1 > nameserver ::1 > > in /etc/resolv.conf > > Via google, it seems every distro approaches it differently and most > instructions I have seen involve a GUI. > > I did not see how to do it in the CentOS documentation but it might > be > there and I just did not figure out how to search it for what I > wanted. > > Those stackexchange methods look like they might work but they > reference > CentOS 5 and I know some NetworkManager stuff changed even just > between > 7.2 and 7.3 as I experienced incorrect IPv6 address after update as > a > result of those changes. > > Is there an "official" way to tell NetworkManager what I want in > /etc/resolv.conf ? Or better yet, a way to just tell it to leave > that > file alone? Use nmtui to manually configure the the interface AND nameservers. That puts the correct info in the ifcfg files. Nmtui is a curses UI. Just don't foret to specify the interface ip-address with the right netmask (e.g. 1.2.3.4/24, default seems to e a /32, I have been bitten by that a numer of times) /Louis > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network Manager / CentOS 7 / local unbound
On Tue, Apr 11, 2017 at 12:03 PM, Alice Wonderwrote: > From the man page that does tell it not to mess with /etc/resolv.conf - > thank you. That will work. > > On 04/11/2017 02:21 AM, anax wrote: > >> Hi Alice >> man NetworkManager.conf >> >> in /etc/NetworkManager/NetworkManager.conf >> >> >> dns=none >> >> >> Hello, I think another option should be to put this inside ifcfg-xxx of the involved network adapter: PEERDNS=no So that it will not accept dns server eventually proposed by the dhcp server ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network Manager / CentOS 7 / local unbound
From the man page that does tell it not to mess with /etc/resolv.conf - thank you. That will work. On 04/11/2017 02:21 AM, anax wrote: Hi Alice man NetworkManager.conf in /etc/NetworkManager/NetworkManager.conf dns=none *snip* ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network Manager / CentOS 7 / local unbound
Hi Alice man NetworkManager.conf in /etc/NetworkManager/NetworkManager.conf dns=none suomi On 04/11/2017 10:40 AM, Alice Wonder wrote: Hello list - http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager That says it works for CentOS 5 and I *suspect* the methods there (3 listed) would work, but what is the best way with NetworkManager to set it up to use the localhost for DNS ? I'm paranoid about DNS spoofing and really prefer to have a local instance of DNSSEC enforcing unbound running on my CentOS 7 virtual machines (e.g. linode) Currently I just use a cron job that runs once a minute to over-write was it is /etc/resolv.conf so they don't use the DHCP assigned nameservers, but that does leave a short window every time the network is restarted. I'd like to know the proper way to set up Network Manager to just create nameserver 127.0.0.1 nameserver ::1 in /etc/resolv.conf Via google, it seems every distro approaches it differently and most instructions I have seen involve a GUI. I did not see how to do it in the CentOS documentation but it might be there and I just did not figure out how to search it for what I wanted. Those stackexchange methods look like they might work but they reference CentOS 5 and I know some NetworkManager stuff changed even just between 7.2 and 7.3 as I experienced incorrect IPv6 address after update as a result of those changes. Is there an "official" way to tell NetworkManager what I want in /etc/resolv.conf ? Or better yet, a way to just tell it to leave that file alone? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Network Manager / CentOS 7 / local unbound
Hello list - http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager That says it works for CentOS 5 and I *suspect* the methods there (3 listed) would work, but what is the best way with NetworkManager to set it up to use the localhost for DNS ? I'm paranoid about DNS spoofing and really prefer to have a local instance of DNSSEC enforcing unbound running on my CentOS 7 virtual machines (e.g. linode) Currently I just use a cron job that runs once a minute to over-write was it is /etc/resolv.conf so they don't use the DHCP assigned nameservers, but that does leave a short window every time the network is restarted. I'd like to know the proper way to set up Network Manager to just create nameserver 127.0.0.1 nameserver ::1 in /etc/resolv.conf Via google, it seems every distro approaches it differently and most instructions I have seen involve a GUI. I did not see how to do it in the CentOS documentation but it might be there and I just did not figure out how to search it for what I wanted. Those stackexchange methods look like they might work but they reference CentOS 5 and I know some NetworkManager stuff changed even just between 7.2 and 7.3 as I experienced incorrect IPv6 address after update as a result of those changes. Is there an "official" way to tell NetworkManager what I want in /etc/resolv.conf ? Or better yet, a way to just tell it to leave that file alone? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos