Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] how to edit /etc/resolv.conf
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
vcmota
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2017
Posts: 131

PostPosted: Sat Mar 03, 2018 4:19 am    Post subject: [SOLVED] how to edit /etc/resolv.conf Reply with quote

This feels like a very basic question, but I just can't get it answered by myself. I need to change my DNS servers in order to have my VPN service working properly. Although it is not PIA, It seems like a very related issue as described here. So that is what I did: I created the file /etc/resolv.conf.head and added the DNS services numbers of my VPN service. But after reboot nothing changes: in /etc/resolv.conf I still dont have those as my DNS servers and the VPN still cant work properly. I looked everywhere for a solution but I just could not found. I chatted with the technical support of my VPN service and they could not help me either. It looks like a simple issue, but I just don't have the basic knowledge to solve it. As a matter of clarification I don't have network manager installed, actually my install is as minimal as I could made it be: regarding internet I have only wpa_supplicant, dhcpcd and openvpn installed, nothing else.

Thank you all for your attention.


Last edited by vcmota on Sun Mar 04, 2018 12:10 am; edited 1 time in total
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5803

PostPosted: Sat Mar 03, 2018 11:33 am    Post subject: Reply with quote

/etc/conf.d/net

Code:

dns_domain_lo="mydomain.ca"
dns_search_lo="mydomain.ca"
dns_servers_lo="127.0.0.1"    # only if you are running your own dns server on the local machine

config_eth0="dhcp"    # i'm going to guess you need or already have this
dhcp_eth0="nodns nontp"    # you definitely need this, adjust as necessary


and this yields... /etc/resolv.conf

Code:

# Generated by net-scripts for interface lo
domain mydomain.ca
search mydomain.ca
nameserver 127.0.0.1


hope this helps. 8)
Back to top
View user's profile Send private message
vcmota
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2017
Posts: 131

PostPosted: Sat Mar 03, 2018 1:11 pm    Post subject: Reply with quote

Thank you very much Bunder for your reply. I just checked and I dont have the /etc/conf.d/net file on my system either... If I just create it the system is going to read it? By the way, those are the files that I have inside /etc/conf.d:


Code:

mossadegh ~ # ls -l /etc/conf.d/* | awk '{print $9}'
/etc/conf.d/agetty
/etc/conf.d/alsasound
/etc/conf.d/auditd
/etc/conf.d/bootmisc
/etc/conf.d/busybox-ntpd
/etc/conf.d/busybox-watchdog
/etc/conf.d/consolefont
/etc/conf.d/cronie
/etc/conf.d/deluge-web
/etc/conf.d/deluged
/etc/conf.d/devfs
/etc/conf.d/device-mapper
/etc/conf.d/dmcrypt
/etc/conf.d/dmesg
/etc/conf.d/elogind
/etc/conf.d/fsck
/etc/conf.d/git-daemon
/etc/conf.d/gpm
/etc/conf.d/hostname
/etc/conf.d/hwclock
/etc/conf.d/ip6tables
/etc/conf.d/iptables
/etc/conf.d/keymaps
/etc/conf.d/killprocs
/etc/conf.d/localmount
/etc/conf.d/lvm
/etc/conf.d/mdadm
/etc/conf.d/mdraid
/etc/conf.d/mit-krb5kadmind
/etc/conf.d/mit-krb5kdc
/etc/conf.d/mit-krb5kpropd
/etc/conf.d/modules
/etc/conf.d/mtab
/etc/conf.d/net-online
/etc/conf.d/netmount
/etc/conf.d/opentmpfiles-dev
/etc/conf.d/opentmpfiles-setup
/etc/conf.d/openvpn
/etc/conf.d/pciparm
/etc/conf.d/pydoc-2.7
/etc/conf.d/pydoc-3.5
/etc/conf.d/rsyncd
/etc/conf.d/slapd
/etc/conf.d/sshd
/etc/conf.d/strelaysrv
/etc/conf.d/swap
/etc/conf.d/syncthing
/etc/conf.d/sysklogd
/etc/conf.d/twistd
/etc/conf.d/udev
/etc/conf.d/udev-settle
/etc/conf.d/udev-trigger
/etc/conf.d/urandom
/etc/conf.d/wpa_supplicant
/etc/conf.d/xdm


Thank you again!
Back to top
View user's profile Send private message
vcmota
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2017
Posts: 131

PostPosted: Sat Mar 03, 2018 2:24 pm    Post subject: Reply with quote

I just found this out, where is stated:

Quote:

/etc/conf.d/net
This file is not created by default; it is created by the system administrator. Its should configuration information for each network interface to be managed by netifrc (details on content can be found below).



So I guess that answer my second question.
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Sat Mar 03, 2018 3:46 pm    Post subject: Reply with quote

You may also want to look at /usr/share/doc/netifrc-*/net.example.bz2
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13512

PostPosted: Sat Mar 03, 2018 3:46 pm    Post subject: Reply with quote

vcmota wrote:
Code:
mossadegh ~ # ls -l /etc/conf.d/* | awk '{print $9}'
This could be written more simply as ls -1 /etc/conf.d/* if you only want the names and no supporting information.
Back to top
View user's profile Send private message
vcmota
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2017
Posts: 131

PostPosted: Sat Mar 03, 2018 4:57 pm    Post subject: Reply with quote

Thank you all for your replies.

I did not solved it yet. I wrote /etc/conf.d/net like this:

Code:

vinicius@mossadegh ~ $ cat /etc/conf.d/net
#manually inserted by myself in order to use NORDVPN DNS servers
dns_search_lo="162.242.211.137 78.46.223.24"
config_eth0="dhcp"
dhcp_eth0="nodns nontp"


and after reestart nothing changes, I still have /etc/resolv.conf with other DNS servers:

Code:

vinicius@mossadegh ~ $ cat /etc/resolv.conf
# Generated by dhcpcd from wlp8s0.dhcp, wlp8s0.dhcp6, wlp8s0.ra
# /etc/resolv.conf.head can replace this line
domain vta.virtua.com.br
nameserver 187.36.192.38
nameserver 187.36.192.43
nameserver 2804:14d:ae10:672:187:36:192:24
nameserver 2804:14d:ae10:672:187:36:192:19
# /etc/resolv.conf.tail can replace this line



But I read in "net.example" this:

Quote:

# Setting name/domain server causes /etc/resolv.conf to be overwritten
# Note that if DHCP is used, and you want this to take precedence then
# please put -R in your dhcpcd options
#dns_servers_SSID="192.168.0.1 192.168.0.2"
#dns_domain_SSID="some.domain"
#dns_search_SSID="search.this.domain search.that.domain"


But how to do that "Note that if DHCP is used, and you want this to take precedence then please put -R in your dhcpcd options" ? It feels as another basic question but how to pass a flag into something that does not run from the command line, that is already running as a service?
Back to top
View user's profile Send private message
vcmota
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2017
Posts: 131

PostPosted: Sat Mar 03, 2018 5:16 pm    Post subject: Reply with quote

It is a little worse, there is no -R flag in the dhcpcd documentation, there is -r, which does not seams to be it:

Code:

-r, --request [address]
             Request the address in the DHCP DISCOVER message.  There is no guarantee this is the address the DHCP server will actually give.  If no address is given then the first address currently
             assigned to the interface is used.
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Sat Mar 03, 2018 6:03 pm    Post subject: Reply with quote

No idea about the -R mystery. That option also appears in /lib/netifrc/net/dhcpcd.sh
I think figuring out that mystery isn't relevant for resolving the issue

Your "dns_search" specifies the "lo" interface, not the "eth0" interface.
Back to top
View user's profile Send private message
vcmota
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2017
Posts: 131

PostPosted: Sun Mar 04, 2018 12:07 am    Post subject: Reply with quote

I did It, after a whole day! And I am happy, I must say...

I was trying to delete the /etc/resolv.conf file and, strangely, not even as root the system was allowing me to do it. I was trying to delete because I was suspecting that the default behavior of the system was not overwrite /etc/resolv.conf in case it was already written... Anyway, the system was not allowing me to delete it no matter what, not even as root, and that was sounding strange. But that remind me that the first failed setup that the nordvpn tech guy gave me was 1) eliminating ipv6 by editing some config file (cant remember now which one), 2) write the nordvpn servers IP into /etc/resolv.conf and 3) chattr +i /etc/resolv.conf. Well, that last command was the source of all evil: /etc/resolv.conf became undeletable, unwritable, etc.. So nothing that I tried after that would work, period. I was condemned to be stuck on this forever if I had not remembered this. So, than I just did "chattr -i /etc/resolv.conf; rm -fr /etc/resolv.conf" and, following the default instructions that are written in /etc/resolv.conf itself, I just wrote the IPs of the DNS servers of nordvpn into /etc/resolv.conf.head. Note that this is exactly the instruction given here for PIA access, and that I have tried without success several times after chattr +i... So after rebooting voila! I have now:

Code:

vinicius@mossadegh ~ $ cat /etc/resolv.conf
# Generated by dhcpcd from wlp8s0.dhcp
nameserver 162.242.211.137
nameserver 78.46.223.24
domain vta.virtua.com.br
nameserver 187.36.192.38
nameserver 187.36.192.43
# /etc/resolv.conf.tail can replace this line


and the VPN service works flawlessly via openvpn. I dont know why the tech guy gave me that instruction though, I suspect that may be important for the default setup for some big distro like Ubuntu or Mint, but for Gentoo was simply hell.


Thank you guys again for your help!
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Sun Mar 04, 2018 11:58 am    Post subject: Reply with quote

Good to know there are people recommending `chattr +i` on /etc/resolv.conf

Add to troubleshooting, to ask people to report the results of `stat /etc/resolv.conf`

There is another recently active thread running here where the poster was applying `chattr +i /etc/resolv.conf`

Edit to add, applying the immutable property to a hard-coded file is a kludge against that file being later manipulated by the ordinary tools. It's a brute force way to defeat normal operation.
Back to top
View user's profile Send private message
vcmota
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2017
Posts: 131

PostPosted: Sun Mar 04, 2018 4:00 pm    Post subject: Reply with quote

Quote:

Add to troubleshooting, to ask people to report the results of `stat /etc/resolv.conf`


If I correctly understood what you said, you are suggesting that I may edit a gentoo documentation page? But how do I do that? I didn't even knew that regular users could do that...
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42596
Location: 56N 3W

PostPosted: Sun Mar 04, 2018 4:06 pm    Post subject: Reply with quote

vcmota,

The wiki is open to all to edit. You need to create an account.
The handbook and project pages are protected but you can edit the talk pages there.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
vcmota
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2017
Posts: 131

PostPosted: Mon Mar 05, 2018 4:01 am    Post subject: Reply with quote

I just did it. Please take a look here. Thank you all again!
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6737
Location: Blighty

PostPosted: Tue Mar 06, 2018 11:12 am    Post subject: Reply with quote

Another way of managing this by using a resolvconf tool like openresolv.
When combined with a powerful resolver such as unbound or dnsmasq. this has the added bonus of openresolv configuring the resolver to forward VPN domains to the VPN nameservers and the rest to your non VPN nameservers.
This is very handy for mobile clients or any client that doesn't want to resolve public addresses via the VPN connection.

https://roy.marples.name/projects/openresolv
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
vcmota
Tux's lil' helper
Tux's lil' helper


Joined: 19 Jun 2017
Posts: 131

PostPosted: Tue Mar 06, 2018 11:42 pm    Post subject: Reply with quote

Thank you UberLord for your reply. I have a very basic knowledge about network configurations, so please if you don't mind can you explain why the set up you mention below
Quote:

or any client that doesn't want to resolve public addresses via the VPN connection.

would be advantageous? thank you again.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13512

PostPosted: Wed Mar 07, 2018 2:34 am    Post subject: Reply with quote

  1. DNS servers can, at the discretion of their operator, log what resolution requests they receive and what client sent those requests. Cross-referencing that with VPN logs would let the operator learn specifically which user was resolving a given host. If you resolve hosts you do not want the VPN operator to know about at all, then you need both to avoid routing that traffic over the VPN and to avoid routing the resolution request to the VPN-provided nameserver. You might want this level of privacy if you were browsing job posting sites (with the intent of finding a new job), competitors' web sites, or anything else you do not want corporate IT to know about.
  2. The VPN-provided nameservers might be substantially slower than your regular nameserver. Modern web browsing requires a disgusting number of DNS resolutions for some sites to load all the supporting resources, and if each resolution cost 500ms due to VPN latency, non-parallel lookups will add up quickly into very noticeable delays.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum