> On 11/17/18 8:31 AM, Alice Wonder wrote: >> On 11/17/2018 07:01 AM, Alice Wonder wrote: >>> On 11/17/2018 06:43 AM, Alice Wonder wrote: >>>> CentOS 7.5 image running on linode. >>>> >>>> unbound running on localhost. >>>> >>>> Have to use a cron job once a minute to keep /etc/resolv.conf using >>>> the localhost for name resolution - whenever NetworkManager gets >>>> restarted (usually only a system boot) it gets over-written. >>>> >>>> It seems every distro has a different way of preventing >>>> NetworkManager from replacing that file. >>>> >>>> I found instructions for Fedora that said create >>>> /etc/NetworkManager/conf.d/no-dns.conf containing >>>> >>>> [main] >>>> dns=none >>>> >>>> That doesn't seem to have any effect. >>>> >>>> Poking around, I find a file on boot seems to be created called >>>> >>>> /var/run/NetworkManager/resolv.conf >>>> >>>> It has most of the contents of what ends up in /etc/resolv.conf - >>>> except w/o the last line, which just reads rotate in generated >>>> /etc/resolv.conf. >>>> >>>> It says it's generated by NetworkManager (both /etc/resolv.conf and >>>> the one in /var/run/NetworkManager) but neither are specific enough >>>> to indicate what is causing them to be created so I can turn it off. >>>> >>>> Anyone know how to tell NetworkManager to just not create that file? >>>> >>>> Using a cron job to overwrite it once a minute works but there must >>>> be a proper way. >>>> >>>> I really wish KISS was a design goal when designing system >>>> configuration. >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> https://lists.centos.org/mailman/listinfo/centos >>> >>> Just found this - >>> >>> # cat dhclient-exit-hooks >>> echo 'options rotate' >> /etc/resolv.conf >>> >>> That's where the last line in /etc/resolv.conf is coming from. >> >> Okay replacing the contents of dhclient-exit-hooks with >> >> echo -e 'nameserver 127.0.0.1\nnameserver ::1' > /etc/resolv.conf >> >> seems to do what I need. >> >> I hope RHEL/CentOS 8 do networking better, as in, not have spaghetti >> scripts called here and there making something that should be a config >> option hard to do. >> >> With DNS the only way to trust results is if the zone is signed and >> local resolver validates. You can't ever trust external nameservers >> defined by dhcp to validate. So there's very valid reasons to want to >> use local unbound. >> _______________________________________________ > > > I don't know about CentOS 7 because I'm running CentOS 6, but on other > systemd distributions where I've run into similar issues I was either > able to add a hardcoded DNS server to network manager or resolve the > problem through systemd-resolved. > > In one case I resolved the issue best by disabling systemd-resolved, but > if you check the man page for systemd-resolved as wells as the man page > for? resolved.conf (/etc/systemd/resolved.conf on other distributions) > my sense is you will find a cleaner solution.? It would seem to me that > if you are running bind or powerdns on your local host, then it would > make sense to me to disable systemd-resolved, since you don't need so > many layers of caching dns resolvers.Alice was talking about CentOS 7.5, which doesn't have systemd-resolved nor does it have systemd-networkd. I didn't look at EL8 betas yet but we can probably expect systemd-networkd to be included there. If that's the case, we'll probably have legacy script based configs, NetworkManager and systemd-networkd/systemd-resolved. In other words, things may not get easier in the future but even more confusing. At least that's already the case if you run different distributions. Regards, Simon
On 11/19/18 6:49 AM, Simon Matter wrote:>> On 11/17/18 8:31 AM, Alice Wonder wrote: >>> On 11/17/2018 07:01 AM, Alice Wonder wrote: >>>> On 11/17/2018 06:43 AM, Alice Wonder wrote: >>>>> CentOS 7.5 image running on linode. >>>>> >>>>> unbound running on localhost. >>>>> >>>>> Have to use a cron job once a minute to keep /etc/resolv.conf using >>>>> the localhost for name resolution - whenever NetworkManager gets >>>>> restarted (usually only a system boot) it gets over-written. >>>>> >>>>> It seems every distro has a different way of preventing >>>>> NetworkManager from replacing that file. >>>>> >>>>> I found instructions for Fedora that said create >>>>> /etc/NetworkManager/conf.d/no-dns.conf containing >>>>> >>>>> [main] >>>>> dns=none >>>>> >>>>> That doesn't seem to have any effect. >>>>> >>>>> Poking around, I find a file on boot seems to be created called >>>>> >>>>> /var/run/NetworkManager/resolv.conf >>>>> >>>>> It has most of the contents of what ends up in /etc/resolv.conf - >>>>> except w/o the last line, which just reads rotate in generated >>>>> /etc/resolv.conf. >>>>> >>>>> It says it's generated by NetworkManager (both /etc/resolv.conf and >>>>> the one in /var/run/NetworkManager) but neither are specific enough >>>>> to indicate what is causing them to be created so I can turn it off. >>>>> >>>>> Anyone know how to tell NetworkManager to just not create that file? >>>>> >>>>> Using a cron job to overwrite it once a minute works but there must >>>>> be a proper way. >>>>> >>>>> I really wish KISS was a design goal when designing system >>>>> configuration. >>>>> _______________________________________________ >>>>> CentOS mailing list >>>>> CentOS at centos.org >>>>> https://lists.centos.org/mailman/listinfo/centos >>>> >>>> Just found this - >>>> >>>> # cat dhclient-exit-hooks >>>> echo 'options rotate' >> /etc/resolv.conf >>>> >>>> That's where the last line in /etc/resolv.conf is coming from. >>> >>> Okay replacing the contents of dhclient-exit-hooks with >>> >>> echo -e 'nameserver 127.0.0.1\nnameserver ::1' > /etc/resolv.conf >>> >>> seems to do what I need. >>> >>> I hope RHEL/CentOS 8 do networking better, as in, not have spaghetti >>> scripts called here and there making something that should be a config >>> option hard to do. >>> >>> With DNS the only way to trust results is if the zone is signed and >>> local resolver validates. You can't ever trust external nameservers >>> defined by dhcp to validate. So there's very valid reasons to want to >>> use local unbound. >>> _______________________________________________ >> >> >> I don't know about CentOS 7 because I'm running CentOS 6, but on other >> systemd distributions where I've run into similar issues I was either >> able to add a hardcoded DNS server to network manager or resolve the >> problem through systemd-resolved. >> >> In one case I resolved the issue best by disabling systemd-resolved, but >> if you check the man page for systemd-resolved as wells as the man page >> for? resolved.conf (/etc/systemd/resolved.conf on other distributions) >> my sense is you will find a cleaner solution.? It would seem to me that >> if you are running bind or powerdns on your local host, then it would >> make sense to me to disable systemd-resolved, since you don't need so >> many layers of caching dns resolvers. > > Alice was talking about CentOS 7.5, which doesn't have systemd-resolved > nor does it have systemd-networkd. I didn't look at EL8 betas yet but we > can probably expect systemd-networkd to be included there. If that's the > case, we'll probably have legacy script based configs, NetworkManager and > systemd-networkd/systemd-resolved. > > In other words, things may not get easier in the future but even more > confusing. At least that's already the case if you run different > distributions. > > Regards, > Simon > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >Hi in august 1017 i had put away the following remark about this item: #edit gvim /var/run/NetworkManager/resolv.conf # to your needs # make /etc/resolv.conf a link to the above file rm /etc/resolv.conf ln -s /lib/systemd/resolv.conf /etc/resolv.conf # dns=none does not work in either /etc/NetworkManager/NetworkManager.conf # nor in /etc/NetworkManager/conf.d/dns.conf ------------------- OR, much simpler: in /etc/sysconfig/network-scripts/ifcfg-ethX .... PEERDNS=no IPV6_PEERDNS=no .... suomi
> > On 11/19/18 6:49 AM, Simon Matter wrote: >>> On 11/17/18 8:31 AM, Alice Wonder wrote: >>>> On 11/17/2018 07:01 AM, Alice Wonder wrote: >>>>> On 11/17/2018 06:43 AM, Alice Wonder wrote: >>>>>> CentOS 7.5 image running on linode. >>>>>> >>>>>> unbound running on localhost. >>>>>> >>>>>> Have to use a cron job once a minute to keep /etc/resolv.conf using >>>>>> the localhost for name resolution - whenever NetworkManager gets >>>>>> restarted (usually only a system boot) it gets over-written. >>>>>> >>>>>> It seems every distro has a different way of preventing >>>>>> NetworkManager from replacing that file. >>>>>> >>>>>> I found instructions for Fedora that said create >>>>>> /etc/NetworkManager/conf.d/no-dns.conf containing >>>>>> >>>>>> [main] >>>>>> dns=none >>>>>> >>>>>> That doesn't seem to have any effect. >>>>>> >>>>>> Poking around, I find a file on boot seems to be created called >>>>>> >>>>>> /var/run/NetworkManager/resolv.conf >>>>>> >>>>>> It has most of the contents of what ends up in /etc/resolv.conf - >>>>>> except w/o the last line, which just reads rotate in generated >>>>>> /etc/resolv.conf. >>>>>> >>>>>> It says it's generated by NetworkManager (both /etc/resolv.conf and >>>>>> the one in /var/run/NetworkManager) but neither are specific enough >>>>>> to indicate what is causing them to be created so I can turn it off. >>>>>> >>>>>> Anyone know how to tell NetworkManager to just not create that file? >>>>>> >>>>>> Using a cron job to overwrite it once a minute works but there must >>>>>> be a proper way. >>>>>> >>>>>> I really wish KISS was a design goal when designing system >>>>>> configuration. >>>>>> _______________________________________________ >>>>>> CentOS mailing list >>>>>> CentOS at centos.org >>>>>> https://lists.centos.org/mailman/listinfo/centos >>>>> >>>>> Just found this - >>>>> >>>>> # cat dhclient-exit-hooks >>>>> echo 'options rotate' >> /etc/resolv.conf >>>>> >>>>> That's where the last line in /etc/resolv.conf is coming from. >>>> >>>> Okay replacing the contents of dhclient-exit-hooks with >>>> >>>> echo -e 'nameserver 127.0.0.1\nnameserver ::1' > /etc/resolv.conf >>>> >>>> seems to do what I need. >>>> >>>> I hope RHEL/CentOS 8 do networking better, as in, not have spaghetti >>>> scripts called here and there making something that should be a config >>>> option hard to do. >>>> >>>> With DNS the only way to trust results is if the zone is signed and >>>> local resolver validates. You can't ever trust external nameservers >>>> defined by dhcp to validate. So there's very valid reasons to want to >>>> use local unbound. >>>> _______________________________________________ >>> >>> >>> I don't know about CentOS 7 because I'm running CentOS 6, but on other >>> systemd distributions where I've run into similar issues I was either >>> able to add a hardcoded DNS server to network manager or resolve the >>> problem through systemd-resolved. >>> >>> In one case I resolved the issue best by disabling systemd-resolved, >>> but >>> if you check the man page for systemd-resolved as wells as the man page >>> for? resolved.conf (/etc/systemd/resolved.conf on other distributions) >>> my sense is you will find a cleaner solution.? It would seem to me that >>> if you are running bind or powerdns on your local host, then it would >>> make sense to me to disable systemd-resolved, since you don't need so >>> many layers of caching dns resolvers. >> >> Alice was talking about CentOS 7.5, which doesn't have systemd-resolved >> nor does it have systemd-networkd. I didn't look at EL8 betas yet but we >> can probably expect systemd-networkd to be included there. If that's the >> case, we'll probably have legacy script based configs, NetworkManager >> and >> systemd-networkd/systemd-resolved. >> >> In other words, things may not get easier in the future but even more >> confusing. At least that's already the case if you run different >> distributions. >> >> Regards, >> Simon >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > Hi > in august 1017 i had put away the following remark about this item: > > > #edit > gvim /var/run/NetworkManager/resolv.conf > # to your needs > # make /etc/resolv.conf a link to the above file > rm /etc/resolv.conf > ln -s /lib/systemd/resolv.conf /etc/resolv.conf > > # dns=none does not work in either /etc/NetworkManager/NetworkManager.conf > # nor in /etc/NetworkManager/conf.d/dns.conf > > ------------------- > > OR, much simpler: > > in /etc/sysconfig/network-scripts/ifcfg-ethX > .... > PEERDNS=no > IPV6_PEERDNS=no > ....With the init scripts I have in /etc/sysconfig/network-scripts/ifcfg-ethX RESOLV_MODS="no" Regards, Simon
On Mon, 19 Nov 2018, Simon Matter wrote:> Alice was talking about CentOS 7.5, which doesn't have systemd-resolved > nor does it have systemd-networkd. I didn't look at EL8 betas yet but we > can probably expect systemd-networkd to be included there. If that's the > case, we'll probably have legacy script based configs, NetworkManager and > systemd-networkd/systemd-resolved.No, you get to keep NetworkManager. https://bugzilla.redhat.com/show_bug.cgi?id=1650342 Michal Sekletar: "In RHEL-7 we shipped it in Optional channel, hence it was not officially supported. We decided to remove it for a couple for reasons, * networkd is not mature enough and is somewhat poorly maintained upstream * networkd is still missing management interfaces (DBUS interface) * RHEL's default network configuration tool is NetworkManager and we didn't want to send mixed signals to users * RHEL-8 was supposed to be as small as possible in terms of packages * we didn't see too much networkd usage (even experimental) in RHEL-7"