Solved 8.8.8.8 or 1.1.1.1 if set in etc resolv conf doesn't stay as an entry in the file after a network restart

[Sivan!]

Don't know what happened, but suddenly websites stopped loading, ping did not work, network / modem restart didn't help, reboot did not help.

I looked at /etc/resolv.conf

# Generated by resolvconf
nameserver 192.168.1.1

Following instructions from a troubleshooting webpage, I edited /etc/resolv.conf to change the settings to:

# Generated by resolvconf
search localhost
#nameserver 192.168.1.1
nameserver 192.168.1.7
nameserver 8.8.8.8

After service netif restart , /etc/resolv.conf showed this:

# Generated by resolvconf
nameserver 203.153.41.28
nameserver 203.153.44.44

I have observed this many times. Why does the file fall back to this default on this and another computer in the same network? I am unable to add 8.8.8.8 or 1.1.1.1 or 9.9.9.9 as a resolver. Is there some other setting that could possibly conflict with the entries in resolv.conf? How may I troubleshoot this?

Thank you.

P.S. bandwith which measured to a meager 0.5 mbps a while ago (for a short while), now measures 100 mbps up and down. That problem is resolved, but I wish to understand why I can't set my resolver to be 8.8.8.8 or 1.1.1.1 Thank you.

 

[Jose]

The DHCP client rewrites this file when it gets a new lease. It looks like you disable this behavior by adding resolv_enable="NO" to /etc/rc.conf.

It took some time to find this, and I'm still not sure which is used, dhclient-script(8) or resolvconf(8).

You might consider running a local caching resolver. It'll be better than those public DNS servers you're looking to use.

 

[Sivan!]

Thank you Jose dhclient-script() shows this:

When a binding has been completed, a lot of network parameters
are likely to need to be set up. A new /etc/resolv.conf needs
to be created, using the values of $new_domain_name and
$new_domain_name_servers (which may list more than one server,
separated by spaces).

dhcp-options() shows

option ien116-name-servers ip-address [, ip-address ...];
The ien116-name-servers option specifies a list of IEN 116 name
servers available to the client. Servers should be listed in or-
der of preference.

option domain-name-servers ip-address [, ip-address ...];
The domain-name-servers option specifies a list of Domain Name
System (STD 13, RFC 1035) name servers available to the client.
Servers should be listed in order of preference.

Just to make sure, should I add resolv_enable="NO" to /etc/rc.conf. ? And, what else do I need to do based on the port manuals?

Thank you.

 

[Jose]

Just to make sure, should I add resolv_enable="NO" to /etc/rc.conf. ?

Yes.

And, what else do I need to do based on the port manuals?

Nothing.

Thank you.

You're welcome.

 

[Sivan!]

Adding resolv_enable="NO" to /etc/rc.conf didn't help. After a reboot or network restart, twice, with these entries, IP address fell back to

after a reboot

# Generated by resolvconf
nameserver 203.153.41.28
nameserver 203.153.44.44

after changing /etc/resolv.conf once again to include 8.8.8.8 with the resolv enable NO entry, after a network restart, it fell back to:

# Generated by resolvconf
nameserver 192.168.1.1

 

[VladiBG]

How to disable resolv.conf re-write?

If I run IPv6 on automatic configure the resolv.conf gets rewritten by Generated by resolvconf. I guess this also applies to IPv4 DHCP settings. How do I disable the re-write of resolv.conf? Thanks for the help.

forums.freebsd.org

 

[rawthey]

You need to put resolvconf=NO into /etc/resolvconf.conf, not rc.conf. See resolvconf.conf(5).

 

[Sivan!]

I followed the link from VladiBG and did this:

doas nano /etc/dhclient-enter-hooks as suggested in that thread by SirDice

add_new_resolv_conf() {
return 0
}

# chflags schg /etc/resolv.conf

doas nano resolvconf.conf # as suggested by rawthey

resolvconf=NO

It worked too soon. I made the above changes before changing my /etc/resolv.conf entries to include 8.8 etc and when I tried to add these nameservers, the file did not save even with root privileges. I then went back to temporarily tor remove resolvconf.conf and dhclient-enter-hooks , but /etc/resolv.conf still does not accept changes.

How do I reverse chflags schg /etc/resolv.conf ?

 

[SirDice]

How do I reverse chflags schg /etc/resolv.conf ?

     Putting the letters “no” before or removing the letters “no” from a
     keyword causes the flag to be cleared.  For example:

           nouchg  clear the user immutable flag (owner or super-user only)
           dump    clear the nodump flag (owner or super-user only)

chflags(1)

So, chflags noschg /etc/resolv.conf

 

[tyson]

How do I reverse chflags schg /etc/resolv.conf ?

I’m writing from memory
chflags noschg ?

 

[Sivan!]

So, chflags noschg /etc/resolv.conf

Stuck:

# chflags noschg /etc/resolv.conf
chflags: /etc/resolv.conf: Operation not permitted

After a reboot, same status. The flag couldn't be reversed, /etc/resolv.conf opens as un-editable.

# cat /etc/resolvconf.conf

cat: /etc/resolvconf.conf: No such file or directory

# cat /etc/dhclient-enter-hooks

cat: /etc/dhclient-enter-hooks: No such file or directory

# chflags noschg /etc/resolv.conf

chflags: /etc/resolv.conf: Operation not permitted

# cat /etc/resolv.conf

# Generated by resolvconf
nameserver 203.153.41.28
nameserver 203.153.44.44

# sysrc nameserver 1.1.1.1 >> /etc/resolv.conf

/etc/resolv.conf: Operation not permitted.

 

[SirDice]

You still on a high secure level?

     1	   Secure mode - the system immutable and system append-only flags may
	   not be turned off; disks for	mounted	file systems, /dev/mem and
	   /dev/kmem may not be	opened for writing; /dev/io (if	your platform
	   has it) may not be opened at	all; kernel modules (see kld(4)) may
	   not be loaded or unloaded.  The kernel debugger may not be entered
	   using the debug.kdb.enter sysctl.  A	panic or trap cannot be	forced
	   using the debug.kdb.panic, debug.kdb.panic_str and other sysctl's.

 

[chrbr]

Please see below what I have in /etc/dhclient.conf to make DHCP write to /etc/resolv.conf as I like.

interface "lagg0" {
supersede domain-name-servers 10.0.0.254;
}

There may be more than one method to accomplish the task. Just for completeness: lagg0 is the "combined" wlan0 and eth0. Without the "switch option" lagg0 would be the real seleted interface as wlan0, eth0 or so. Here unbound listens at lo1 10.0.0.254.

 

[Sivan!]

SirDice Lowered kernel security level to -1, after reboot, first tried editing /etc/resolv.conf, didn't work. Then I tried chflags noschg ; hash -r and then I could edit /etc/resolv.conf. After that recreated the flag, added an entry to resolvconf.conf and to /etc/dhclient-enter-hooks, brought the kernel security level back up to 3, rebooted, it works fine. The resolver settings are as desired.