RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1405431 - NM changes /etc/resolv.conf even though there is PEERDNS=no in ifcfg-* files
Summary: NM changes /etc/resolv.conf even though there is PEERDNS=no in ifcfg-* files
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager
Version: 7.3
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Beniamino Galvani
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks: 1393481 1426748
TreeView+ depends on / blocked
 
Reported: 2016-12-16 13:52 UTC by Rastislav Hepner
Modified: 2021-12-10 14:50 UTC (History)
12 users (show)

Fixed In Version: NetworkManager-1.8.0-0.2.git20170215.1d40c5f4.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1426748 (view as bug list)
Environment:
Last Closed: 2017-08-01 09:22:07 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
[PATCH] policy: don't apply DNS configuration for non-active devices (1.45 KB, patch)
2016-12-19 14:24 UTC, Beniamino Galvani 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:2299 0 normal SHIPPED_LIVE Moderate: NetworkManager and libnl3 security, bug fix and enhancement update 2017-08-01 12:40:28 UTC

Description Rastislav Hepner 2016-12-16 13:52:01 UTC 
Description of problem:
NM changes /etc/resolv.conf even though there is PEERDNS=no in ifcfg-* files
Behaviour was noticed by our customer on NM from RHEL 7.3. NM Version 1.0.6-31.el7_2 seems to work as expected and it doesn't change /etc/resolv.conf if PEERDNS=no is present in ifcfg-* files.

Version-Release number of selected component (if applicable):
problematic version of NM is 1.4.0-12.el7 

How reproducible:
Every time 

Steps to Reproduce:
1.put PEERDNS=no into /etc/sysconfig/network-scripts/ifcfg-* files 
2.install NM version 1.4.0-12.el7.
3.Restart NM and check /etc/resolv.conf for changes

Actual results:
/etc/resolv.conf is changed after NM version 1.4.0-12.el7 is started.
Acc. to my knowledge it shouldn't be changed. when there are PEERDNS=no on interfaces

Expected results:
NM will not change dns settings in /etc/resolv.conf


Additional info:
if there is dns=none in /etc/NetworkManager/NetworkManager.conf /etc/resolv is not changed even with NM version 1.4.0-12.el7

I was able to reproduce it please let me know if something else is needed.
Comment 1 Thomas Haller 2016-12-16 14:23:10 UTC 
This is similar to https://bugzilla.redhat.com/show_bug.cgi?id=1344303#c8


`man nm-settings-ifcfg-rh` says:

   Semantic change of variables
     NetworkManager had to slightly change the semantic for a few variables.

     ยท   PEERDNS - initscripts interpret PEERDNS=no to mean "never touch 
         resolv.conf". NetworkManager interprets it to say "never add 
         automatic (DHCP, PPP, VPN, etc.) nameservers to resolv.conf".


resolv.conf is system-wide, while the PEERDNS configuration is per-connection. Setting PEERDNS=no in an ifcfg-rh causes NM not to add DNS information *from that connection* to resolv.conf.

It doesn't mean not to touch resolv.conf.


That can be configured via "main.dns=none" or "main.rc-manager=unmanaged". See `man NetworkManager.conf`.



If the user didn't expirience that with 1.0.6, it's probably a different bug. IIRC, NetworkManager only updates resolv.conf when it gets some new DNS information. That means, if you for example put NM_CONTROLLED=no for all devices, there are no managed interfaces and usually no DNS configuration. I think that is wrong, because *no* configuration is also a kind of and NM should consistently write whatever is there -- even if there are no DNS servers.



Assign to Beniamino for his opinion :)
Comment 3 Rastislav Hepner 2016-12-19 10:43:52 UTC 
Thomas,

thanks for sharing that doc snippet. It makes sense. 

Wondering now whether the correct behaviour related to /etc/resolv.conf is seen in NM 1.0.6-31.el7_2 or in 1.4.0-12.el7.
Comment 4 Beniamino Galvani 2016-12-19 14:24:37 UTC 
Created attachment 1233391 [details]
[PATCH] policy: don't apply DNS configuration for non-active devices

I agree with Thomas that the proper way to have NM not touching
resolv.conf is through the 'dns=none' option in NetworkManager.conf.
Any other way is not guaranteed to work, as the user may force the
rewrite of resolv.conf (sending SIGHUP to NM or through D-Bus). Also,
NM may automatically create new DHCP connections for hot-plugged
devices (if configured to do so), or there could be a global DNS
configuration set through D-Bus that causes resolv.conf to be modified.

That said, at the moment NM doesn't overwrite resolv.conf at startup
if there is no configured DNS server (or PEERDNS=no). This happens
with both 1.0.6 and 1.4.

However, there is an issue when restarting NM on 1.4, which causes NM
to temporarily write the DNS configuration captured from any existing
DHCP lease to resolv.conf, before clearing it again. The temporary
change in the configuration is why resolv.conf gets rewritten when
restarting NM, and the attached patch fixes this.

Anyway, the recommendation is to always set 'dns=none' if you don't
want NM to interfere with resolv.conf.
Comment 5 Thomas Haller 2016-12-19 15:07:18 UTC 
(In reply to Beniamino Galvani from comment #4)
> Created attachment 1233391 [details]
> [PATCH] policy: don't apply DNS configuration for non-active devices

patch lgtm
Comment 6 Beniamino Galvani 2016-12-21 09:07:31 UTC 
Applied to master:

https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=30a1e17cc032676cdfb04e2abcfab9db0d0cf085
Comment 9 errata-xmlrpc 2017-08-01 09:22:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2299
Note You need to log in before you can comment on or make changes to this bug.