The DHCP protocol allows a host to contact a central server which maintains a list of IP addresses which one can assign to one or more subnets. This protocol reduces system administration workload, allowing devices to be added to the network with little or no manual configuration.
WARNING! Many firewalls only allow access to specific name servers only. So make sure your name servers are supported. Also, many corporates block snooping name server such as OpenDNS due to privacy issues.
Information regarding DNS servers are stored in /etc/resolv.conf file. One can see it with cat command:
cat /etc/resolv.conf
You can set or change DNS server by editing the /etc/resolv.conf file. However, this file might get updated by dhcp client on Linux. There are various methods to fix this issue. Use any one of the following methods. Let us see how to stop DHCP from changing resolv.conf file on Linux.
Method 1: Write protecting /etc/resolv.conf file
protect /etc/resolv.conf file using the chattr command. The syntax is:
chattr +i /etc/resolv.conf
The +i option (attribute) write protects /etc/resolv.conf file so that no one can modify it including root user. You can use chflags command on FreeBSD based system.
Method 2: Creating dhclient-script hooks
The DHCP client network configuration script is invoked from time to time by dhclient. This script is used by the dhcp client to set each interface’s initial configuration prior to requesting an address, to test the address once it has been offered, and to set the interface’s final configuration once a lease has been acquired. This script is not meant to be customized by the end user. If local customizations are needed, they should be possible using the enter and exit hooks provided. These hooks will allow the user to override the default behavior of the client in creating a /etc/resolv.conf file. When it starts, the client script first defines a shell function, make_resolv_conf, which is later used to create the /etc/resolv.conf file. To override the default behavior, redefine this function in the enter hook script.
Create hook to avoid /etc/resolv.conf file update
You need to create /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate file under a Debian / Ubuntu Linux:
vi /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
Append following code:
#!/bin/sh
make_resolv_conf(){
:
}
Save and close the file.
or just type the following:
cat </etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
#!/bin/sh
make_resolv_conf(){
:
}
EOF
Set execution permissions using the chmod command:
chmod +x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
The script will replace make_resolv_conf() with our own function. This function does nothing and so no IP address will get added to /etc/resolv.conf file.
A note about resolvconf program on a Debian or Ubuntu based system
If the resolvconf program is installed, you should not edit the resolv.conf configuration file manually on a Debian or Ubuntu based system as it will be dynamically changed by programs in the system. If you need to manually define the nameservers (as with a static interface), add a line something like the following to the interfaces configuration file at /etc/network/interfaces file:
##Place the line indented within an iface stanza, e.g., right after the gateway line.##
dns-nameservers 8.8.8.8 127.0.0.1
A note about RHEL / CentOS / Fedora Linux
Edit /etc/dhclient-enter-hooks file:
vi /etc/dhclient-enter-hooks
Append code:
make_resolv_conf(){
:
}
or just type the following:
cat </etc/dhclient-enter-hooks
make_resolv_conf(){
:
}
EOF