Hello list - http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager That says it works for CentOS 5 and I *suspect* the methods there (3 listed) would work, but what is the best way with NetworkManager to set it up to use the localhost for DNS ? I'm paranoid about DNS spoofing and really prefer to have a local instance of DNSSEC enforcing unbound running on my CentOS 7 virtual machines (e.g. linode) Currently I just use a cron job that runs once a minute to over-write was it is /etc/resolv.conf so they don't use the DHCP assigned nameservers, but that does leave a short window every time the network is restarted. I'd like to know the proper way to set up Network Manager to just create nameserver 127.0.0.1 nameserver ::1 in /etc/resolv.conf Via google, it seems every distro approaches it differently and most instructions I have seen involve a GUI. I did not see how to do it in the CentOS documentation but it might be there and I just did not figure out how to search it for what I wanted. Those stackexchange methods look like they might work but they reference CentOS 5 and I know some NetworkManager stuff changed even just between 7.2 and 7.3 as I experienced incorrect IPv6 address after update as a result of those changes. Is there an "official" way to tell NetworkManager what I want in /etc/resolv.conf ? Or better yet, a way to just tell it to leave that file alone?
Hi Alice man NetworkManager.conf in /etc/NetworkManager/NetworkManager.conf .... dns=none .... suomi On 04/11/2017 10:40 AM, Alice Wonder wrote:> Hello list - > > http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager > > > That says it works for CentOS 5 and I *suspect* the methods there (3 > listed) would work, but what is the best way with NetworkManager to set > it up to use the localhost for DNS ? > > I'm paranoid about DNS spoofing and really prefer to have a local > instance of DNSSEC enforcing unbound running on my CentOS 7 virtual > machines (e.g. linode) > > Currently I just use a cron job that runs once a minute to over-write > was it is /etc/resolv.conf so they don't use the DHCP assigned > nameservers, but that does leave a short window every time the network > is restarted. > > I'd like to know the proper way to set up Network Manager to just create > > nameserver 127.0.0.1 > nameserver ::1 > > in /etc/resolv.conf > > Via google, it seems every distro approaches it differently and most > instructions I have seen involve a GUI. > > I did not see how to do it in the CentOS documentation but it might be > there and I just did not figure out how to search it for what I wanted. > > Those stackexchange methods look like they might work but they reference > CentOS 5 and I know some NetworkManager stuff changed even just between > 7.2 and 7.3 as I experienced incorrect IPv6 address after update as a > result of those changes. > > Is there an "official" way to tell NetworkManager what I want in > /etc/resolv.conf ? Or better yet, a way to just tell it to leave that > file alone? > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
From the man page that does tell it not to mess with /etc/resolv.conf - thank you. That will work. On 04/11/2017 02:21 AM, anax wrote:> Hi Alice > man NetworkManager.conf > > in /etc/NetworkManager/NetworkManager.conf > > .... > dns=none > .... > >*snip*
On Tue, 2017-04-11 at 01:40 -0700, Alice Wonder wrote:> Hello list - > > http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver > -in-fedora-using-network-manager > > That says it works for CentOS 5 and I *suspect* the methods there (3? > listed) would work, but what is the best way with NetworkManager to > set? > it up to use the localhost for DNS ? > > I'm paranoid about DNS spoofing and really prefer to have a local? > instance of DNSSEC enforcing unbound running on my CentOS 7 virtual? > machines (e.g. linode) > > Currently I just use a cron job that runs once a minute to over- > write? > was it is /etc/resolv.conf so they don't use the DHCP assigned? > nameservers, but that does leave a short window every time the > network? > is restarted. > > I'd like to know the proper way to set up Network Manager to just > create > > nameserver 127.0.0.1 > nameserver ::1 > > in /etc/resolv.conf > > Via google, it seems every distro approaches it differently and most? > instructions I have seen involve a GUI. > > I did not see how to do it in the CentOS documentation but it might > be? > there and I just did not figure out how to search it for what I > wanted. > > Those stackexchange methods look like they might work but they > reference? > CentOS 5 and I know some NetworkManager stuff changed even just > between? > 7.2 and 7.3 as I experienced incorrect IPv6 address after update as > a? > result of those changes. > > Is there an "official" way to tell NetworkManager what I want in? > /etc/resolv.conf ? Or better yet, a way to just tell it to leave > that? > file alone?Use nmtui to manually configure the the interface AND nameservers. That puts the correct info in the ifcfg files. Nmtui is a curses UI. Just don't foret to specify the interface ip-address with the right netmask (e.g. 1.2.3.4/24, default seems to e a /32, I have been bitten by that a numer of times) /Louis>
On Tue, Apr 11, 2017 at 01:40:21AM -0700, Alice Wonder wrote:> Hello list - > > http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager > > That says it works for CentOS 5 and I *suspect* the methods there (3 listed) > would work, but what is the best way with NetworkManager to set it up to use > the localhost for DNS ? > > I'm paranoid about DNS spoofing and really prefer to have a local instance > of DNSSEC enforcing unbound running on my CentOS 7 virtual machines (e.g. > linode) > > Currently I just use a cron job that runs once a minute to over-write was it > is /etc/resolv.conf so they don't use the DHCP assigned nameservers, but > that does leave a short window every time the network is restarted.Besides the suggested configs, if still worried you could set up an inotify watch on /etc/resolv.conf to let you know, or take action, whenever it changes. jon -- Jon H. LaBadie jon at jgcomp.com 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C)
OR just make the file immutable if it's so critical to you. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message -----> From: "Jon LaBadie" <jcu at labadie.us> > To: "CentOS mailing list" <centos at centos.org> > Sent: Wednesday, 12 April, 2017 07:16:22 > Subject: Re: [CentOS] Network Manager / CentOS 7 / local unbound> On Tue, Apr 11, 2017 at 01:40:21AM -0700, Alice Wonder wrote: >> Hello list - >> >> http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager >> >> That says it works for CentOS 5 and I *suspect* the methods there (3 listed) >> would work, but what is the best way with NetworkManager to set it up to use >> the localhost for DNS ? >> >> I'm paranoid about DNS spoofing and really prefer to have a local instance >> of DNSSEC enforcing unbound running on my CentOS 7 virtual machines (e.g. >> linode) >> >> Currently I just use a cron job that runs once a minute to over-write was it >> is /etc/resolv.conf so they don't use the DHCP assigned nameservers, but >> that does leave a short window every time the network is restarted. > > Besides the suggested configs, if still worried you could set up > an inotify watch on /etc/resolv.conf to let you know, or take > action, whenever it changes. > > jon > -- > Jon H. LaBadie jon at jgcomp.com > 11226 South Shore Rd. (703) 787-0688 (H) > Reston, VA 20190 (703) 935-6720 (C) > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
On Tue, Apr 11, 2017 at 1:40 AM, Alice Wonder <alice at domblogger.net> wrote:> http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager > > That says it works for CentOS 5 and I *suspect* the methods there (3 listed) > would workAcross comments, there are actually more than 3 solutions. The shortest and simplest solution is to add one line containing "dns=none" to the [main] section of /etc/NetworkManager/NetworkManager.conf. Doing so will instruct NetworkManager not to update the resolv.conf file.