Network nodes

How to take back control of /etc/resolv.conf on Linux

There are a number of programs that wants to automatically manage and handle the DNS name server and resolution configuration file at /etc/resolv.conf. In some situations you may want to manage this file yourself. Here is how you identify which programs are automatically managing this file on your Linux distribution, and how you can take back manual control of the file.

There are quite a few different tools that fight to control a Linux system’s DNS resolution configuration file /etc/resolv.conf including netconfig, NetworkManager, resolvconf, rdnssd, and systemd-resolved. With the exception of NetworkManager, most of these tools are oblivious to each other’s presence which can cause DNS resolution problems. If you simply try to make changes to the file without disabling the managing program, it may overwrite your changes after a few minutes or revert them when you reboot the system.

Identifying which utility currently controls your /etc/resolv.conf

The following command will read the first few lines the resolv.conf file, which should include a comment identifying any programs that has automatically taken over management over the file.

head /etc/resolv.conf

Some utilities don’t include a comment in the resolv.conf file, but you can identify these programs by checking for symbolic links with the following command:

ls -l /etc/resolv.conf

As a last resort, you can check your init system to see if any of the programs mentioned in this article are running. If you can’t identify any management programs using these methods, chances are you should be in control over the resolv.conf file and your system’s DNS resolution.

The next sections will teach you how to disable various programs that automatically manage resolv.conf.

Opting-out of NetworkManager

NetworkManager is by far the most common auto-configuration tool for the entire networking stack including DNS resolution. It’s responsible for /etc/resolv.conf on many popular distribution including Debian and Fedora. After you’ve disable other programs that manages resolv.conf, you may also discover that NetworkManager will jump in to fill the job — as happens on Ubuntu 16.10 and later.

Set the dns option in the main configuration section to none to disable DNS handling in NetworkManager. The below commands sets this option in a new conf.d/no-dns.conf configuration file, restarts the NetworkManager service, and deletes the NetworkManager-generated resolv.conf file.

echo -e "[main]\ndns=none" > /etc/NetworkManager/conf.d/no-dns.conf 
systemctl restart NetworkManager.service
rm /etc/resolv.conf

If you discover that NetworkManager is still managing your resolv.conf, then you may have a configuration conflict (usually caused by dnsmasq). Recursively search through your NetworkManager configuration to discover any conflicts.

grep -ir /etc/NetworkManager/

Refer to the last section of this article for instructions on recreating a /etc/resolv.conf file with manual configuration

Opting-out of netconfig

You’ll encounter netconfig on openSUSE, SUSE, and derivative distributions.

You can disable netconfig’s handling of /etc/resolv.conf by disabling the NETCONFIG_DNS_POLICY option in /etc/sysconfig/network/config to an empty string as shown below.

NETCONFIG_DNS_POLICY=""

Afterwards, you should delete the netconfig-generated resolv.conf file, and reboot the system.

rm /etc/resolv.conf
reboot

Refer to the last section of this article for instructions on recreating a /etc/resolv.conf file with manual configuration.

Disabling resolvconf and rdnssd

If you installed Debian 8.0 or Ubuntu 15.04 with an active IPv6 connection and have upgraded your system, you’d may end up with both resolvconf and rdnssd fighting each other for control over resolv.conf. Both services want to control the file, which may lead to intermittend DNS resolution outages as the two services overwrite each other’s changes every few millisecond.

You can disable both services with the following commands. You can just go ahead and run both commands, as nothing unexpected should happen if disable an already disabled service.

systemctl disable --now resolvconf.service rdnssd.service
rm /etc/resolv.conf

You may also need to follow the instructions in the section on NetworkManager, as it may step in automatically to handle the resolv.conf file after you remove it.

Disabling systemd-resolved

If you’re running Ubuntu 16.10 or later, your DNS resolution will be managed by the systemd-resolved service. You can disable this service without any further ado using the following commands.

systemctl disable --now systemd-resolved.service
rm /etc/resolv.conf

You may also need to follow the instructions in the section on NetworkManager, as it may step in automatically to handle the resolv.conf file after you remove it.


Recreating /etc/resolv.conf

By this point you shouldn’t have anything automatically creating the /etc/resolv.conf file anymore. Please begin again from the top of this article to troubleshoot if the file does exist by this point. You now need to create a world-readable (permission 644) resolv.conf and add some nameservers to it.

The below shows two examples that set IPv4 and IPv6 nameservers. The first example uses the free security-hardened public DNS service from Quad9, and the second example assumes there is a DNS server like Knot Resolver or dnsmasq running on your local device. Both examples are setup for dual-stack IPv4/6 routing for improved reliance and compatibility.

Example /etc/resolv.conf files

Quad9

nameserver=9.9.9.9
nameserver=2620:fe::fe
nameserver=149.112.112.112

Localhost

nameserver=127.0.0.1
nameserver=::1

You generally don’t need to restart any network management services for the changes to take effect. However, some system services or programs may have entered failed state while DNS resolution was disable, so a quick reboot is advisable unless you want to examine that all running services and programs have recovered.

You may want to configuure additional parameters for the resolv.conf file. See man 5 resolv.conf manual for details on other domain resolution configuration options.