On Monday 25 September 2017 12:10:10 Reco wrote: > Hi. > > On Mon, Sep 25, 2017 at 11:33:50AM -0400, Gene Heskett wrote: > > > I mean, unless this is a laptop or a tablet or a phone or > > > something. Then it may be appropriate, because you might actually > > > WANT your resolv.conf file to be rewritten every time the wind > > > changes direction. > > > > > > For desktop machines with a static internal network configuration, > > > it's an abomination. And unfortunately it's not the only > > > malevolent fiend trying to usurp control of your resolv.conf file. > > > There's also dhclient, and network-manager, and systemd-resolved, > > > and who knows what else. > > > > > > See <https://www.cyberciti.biz/faq/dhclient-etcresolvconf-hooks/> > > > for some of your options. Of course, before you can apply any of > > > those suggestions, you have to seize back control of your > > > resolv.conf file in the first place. Make sure it's a FILE and > > > not a symlink, and put the correct content into it. Make sure > > > name resolution works. Then choose your favorite solution to keep > > > the file under YOUR control. > > > > For me, its a root session, and a "chattr +i resolv.conf" > > If for some reason you need to edit it later, you'll have to use the > > -i argument first. As long as that +i bit is set, its protected from > > everything but a mke2fs. > > A common misconception. Here's how a determined userspace can beat > immutable bit: > > # mkdir testetc > # touch testetc/resolv.conf > # chattr +i testetc/resolv.conf > # mv testetc/ testetc.orig > # mkdir testetc > # touch testetc/resolv.conf > # echo evil dns > testetc/resolv.conf > > Of course you could try to counter that with "chattr +i /etc", but > doing *that* should break an unimaginable number of things. > > If you really need immutable /etc/resolv.conf you should try the > Read-Only Root Debian - [1]. > > [1] https://wiki.debian.org/ReadonlyRoot > > Reco
Unforch, this isn't /root stuffs, but /etc stuffs. And it works. And I could care less how disappointed n-m or dhcpd is. Or even resolvconf itself. Particularly when its as buggy as a 10 day old road kill in August. Yes, there is a place for dhcp, but its for sure not on a home, small number of machines network thats all static. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
