Description of problem:
NM changes /etc/resolv.conf even though there is PEERDNS=no in ifcfg-* files
Behaviour was noticed by our customer on NM from RHEL 7.3. NM Version 1.0.6-31.el7_2 seems to work as expected and it doesn't change /etc/resolv.conf if PEERDNS=no is present in ifcfg-* files.
Version-Release number of selected component (if applicable):
problematic version of NM is 1.4.0-12.el7
Steps to Reproduce:
1.put PEERDNS=no into /etc/sysconfig/network-scripts/ifcfg-* files
2.install NM version 1.4.0-12.el7.
3.Restart NM and check /etc/resolv.conf for changes
/etc/resolv.conf is changed after NM version 1.4.0-12.el7 is started.
Acc. to my knowledge it shouldn't be changed. when there are PEERDNS=no on interfaces
NM will not change dns settings in /etc/resolv.conf
if there is dns=none in /etc/NetworkManager/NetworkManager.conf /etc/resolv is not changed even with NM version 1.4.0-12.el7
I was able to reproduce it please let me know if something else is needed.
This is similar to https://bugzilla.redhat.com/show_bug.cgi?id=1344303#c8
`man nm-settings-ifcfg-rh` says:
Semantic change of variables
NetworkManager had to slightly change the semantic for a few variables.
· PEERDNS - initscripts interpret PEERDNS=no to mean "never touch
resolv.conf". NetworkManager interprets it to say "never add
automatic (DHCP, PPP, VPN, etc.) nameservers to resolv.conf".
resolv.conf is system-wide, while the PEERDNS configuration is per-connection. Setting PEERDNS=no in an ifcfg-rh causes NM not to add DNS information *from that connection* to resolv.conf.
It doesn't mean not to touch resolv.conf.
That can be configured via "main.dns=none" or "main.rc-manager=unmanaged". See `man NetworkManager.conf`.
If the user didn't expirience that with 1.0.6, it's probably a different bug. IIRC, NetworkManager only updates resolv.conf when it gets some new DNS information. That means, if you for example put NM_CONTROLLED=no for all devices, there are no managed interfaces and usually no DNS configuration. I think that is wrong, because *no* configuration is also a kind of and NM should consistently write whatever is there -- even if there are no DNS servers.
Assign to Beniamino for his opinion :)
thanks for sharing that doc snippet. It makes sense.
Wondering now whether the correct behaviour related to /etc/resolv.conf is seen in NM 1.0.6-31.el7_2 or in 1.4.0-12.el7.
Created attachment 1233391 [details]
[PATCH] policy: don't apply DNS configuration for non-active devices
I agree with Thomas that the proper way to have NM not touching
resolv.conf is through the 'dns=none' option in NetworkManager.conf.
Any other way is not guaranteed to work, as the user may force the
rewrite of resolv.conf (sending SIGHUP to NM or through D-Bus). Also,
NM may automatically create new DHCP connections for hot-plugged
devices (if configured to do so), or there could be a global DNS
configuration set through D-Bus that causes resolv.conf to be modified.
That said, at the moment NM doesn't overwrite resolv.conf at startup
if there is no configured DNS server (or PEERDNS=no). This happens
with both 1.0.6 and 1.4.
However, there is an issue when restarting NM on 1.4, which causes NM
to temporarily write the DNS configuration captured from any existing
DHCP lease to resolv.conf, before clearing it again. The temporary
change in the configuration is why resolv.conf gets rewritten when
restarting NM, and the attached patch fixes this.
Anyway, the recommendation is to always set 'dns=none' if you don't
want NM to interfere with resolv.conf.
(In reply to Beniamino Galvani from comment #4)
> Created attachment 1233391 [details]
> [PATCH] policy: don't apply DNS configuration for non-active devices
Applied to master:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.