resolvconf modifies real file /etc/resolv.conf in lieu of /run/resolvconf/resolv.conf

Asked by MarianoAbsatz on 2012-08-03

I manually compiled and installed the unbound DNS resolver on my 12.04 server (upgraded from a 10.04).

Yesterday, after reading http://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/ and http://manpages.ubuntu.com/manpages/precise/man8/resolvconf.8.html I took the "minimum breakage path" and simply erased the symlink /etc/resolv.conf (which points to /run/resolvconf/resolv.conf) and created a plain file for /etc/resolv.conf using ::1 as my only resolver.

However, today I found that the file /etc/resolv.conf had been rewritten with the same contents it had before.

Checking a little I found the file modification time was 12:35 and found the following on my syslog:

Aug 3 12:35:40 abako dhclient: DHCPREQUEST of 66.228.40.90 on eth0 to 207.192.68.72 port 67
Aug 3 12:35:40 abako dhclient: DHCPACK of 66.228.40.90 from 207.192.68.72
Aug 3 12:35:40 abako dhclient: bound to 66.228.40.90 -- renewal in 38228 seconds.

So, the primary cuplrit seems to be resolvconf.

What's more, the file modification time for /run/resolvconf/resolv.conf is on June 20th (the day I upgraded from 10.04 to 12.04.

So, IMHO, either resolvconf has a bug or the following paragraph of its manpage is plain wrong:

      The most important piece of software that subscribes to the
       notification service is the set of functions that make up the GNU C
       Library resolver(3). When nameserver information is updated, the
       script /etc/resolvconf/update.d/libc writes a new resolver
       configuration file to /run/resolvconf/resolv.conf and then runs the
       scripts in /etc/resolvconf/update-libc.d/. To make the resolver use
       the dynamically generated resolver configuration file the administrator
       should ensure that /etc/resolv.conf is a symbolic link to
       /run/resolvconf/resolv.conf. This link is never modified by
       resolvconf(8). If you find that /etc/resolv.conf is not being updated,
       check to make sure that the link is intact.

FWIW, resolvconf's version is 1.63ubuntu14

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu resolvconf Edit question
Assignee:
No assignee Edit question
Last query:
2012-08-03
Last reply:
2012-08-16
MarianoAbsatz (el-baby) said : #1

Hi vorlon,

thanks again for your message. I just tried to convert this bug into a question but launchpad wouldn't let me since it seems that should've been done before turning it into invalid.

Please don't rush an answer since, at least for me, it is now more of a will for understanding what happens than a bug in need of a fix.

On 03/08/12 22:17, Steve Langasek wrote:
> On Sat, Aug 04, 2012 at 12:44:34AM -0000, MarianoAbsatz wrote:
>> So Network Manager and dhclient are NOT currently invoking resolvconf,
>> BUT they're actually handling /etc/resolv.conf by themselves?
>
> This will definitely be the case for dhclient. It may or may not also be
> the case for NM, depending on how NM decides whether to invoke resolvconf
> vs. editing directly. (I haven't looked closely at the details.)
>
>> This is not what the manpage implies (or what I understand form it)
>
> If you can point to particular language in the manpage which contradicts
> this, we should fix it.

Quoting http://manpages.ubuntu.com/manpages/precise/man8/resolvconf.8.html section PUBLICATION:
      Normally resolvconf is run only by hook scripts attached to network
       interface configurers such as pppd(8) (for ppp interfaces), to DHCP
       clients such as dhclient(8), to ifup(8) and ifdown, and to DNS caches
       such as dnsmasq(8) (for the loopback interface). These hook scripts
       furnish resolvconf with information about nameservers. For example,
       dhclient receives one or more nameserver addresses during its
       negotiation with the DHCP server; its hook script /etc/dhcp/dhclient-
       enter-hooks.d/resolvconf pushes this information to resolvconf.

From this paragraph I understand that resolvconf is invoked by dhclient.

Below that, in section PUBLICATION:

      The most important piece of software that subscribes to the
       notification service is the set of functions that make up the GNU C
       Library resolver(3). When nameserver information is updated, the
       script /etc/resolvconf/update.d/libc writes a new resolver
       configuration file to /run/resolvconf/resolv.conf and then runs the
       scripts in /etc/resolvconf/update-libc.d/. To make the resolver use
       the dynamically generated resolver configuration file the administrator
       should ensure that /etc/resolv.conf is a symbolic link to
       /run/resolvconf/resolv.conf. This link is never modified by
       resolvconf(8). If you find that /etc/resolv.conf is not being updated,
       check to make sure that the link is intact.

From this paragraph I understand that resolvconf modifies /run/resolvconf/resolv.conf AND NOT /etc/resolv.conf

After reading these two paragraph I thought (though I can be wrong) that:

1) dhclient doesn't handle /etc/resolv.conf directly but, instead, invokes resolvconf
2) resolvconf NEVER modifies /etc/resolv.conf but, instead, modifies /run/resolvconf/resolv.conf

3) (implied by me) If dhclient doesn't modify /etc/resolv.conf directly AND neither does resolvconf, then, if /etc/resolv.conf is NOT a symlink to /run/resolvconf/resolv.conf, no one (at least not dhclient or resolvconf) would mess with it (at least on a small server with hardly any non-official-ubuntu software installed/configured).

Stéphane's article at http://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/ also implies something similar (although he clearly doesn't recommend it) when he writes:

 * I really don’t want resolvconf, how can I disable it?
   I certainly wouldn’t recommend disabling resolvconf
   but you can do it by making /etc/resolv.conf a regular
   file instead of a symlink.
   Though please note that you may then be getting
   inconsistent /etc/resolv.conf when multiple software are
   fighting to change it.

Since I thought the only piece of software that might be "fighting" for it was dhclient and I had that covered by 3) above, I went ahead.

>
>> Who/what are using resolvconf, then?
>
> By default, when /etc/resolv.conf is not a symlink, nothing is.

Does this imply that dhclient checks whether /etc/resolv.conf is a symlink and, if true, it calls resolvconf and otherwise, it messes with /etc/resolv.conf directly?

Maybe then I have to mess with dhclient and convince it NOT to handle /etc/resolv.conf at all.

Thomas Hood (jdthood) said : #2

This has been answered at bug #1032855. For convenience here's what I said.

MarianoAbsatz wrote:
> After reading these two paragraph I thought (though I can be wrong) that:
>
> 1) dhclient doesn't handle /etc/resolv.conf directly but, instead, invokes resolvconf

If resolvconf is installed then dhclient calls resolvconf, otherwise it writes to /etc/resolv.conf directly. For details please read the make_resolv_conf() function in /sbin/dhclient-script. And for details of what happens when resolvconf is installed, look at /etc/dhcp/dhclient-enter-hooks.d/resolvconf.

> 2) resolvconf NEVER modifies /etc/resolv.conf but, instead, modifies
> /run/resolvconf/resolv.conf

Correct. The program /bin/resolvconf never touches /etc/resolv.conf directly.

But please note that the resolvconf *package* does put a symbolic link at /etc/resolv.conf at installation time unless you have told it not to or it thinks that it has already been installed before.

My advice: Install resolvconf which causes dhclient and similar programs to refrain from stomping on /etc/resolv.conf. Make sure that /etc/resolv.conf is a symbolic link "../run/resolvconf/resolv.conf". Then configure resolvconf so that it behaves the way you want.

Can you help with this problem?

Provide an answer of your own, or ask MarianoAbsatz for more information if necessary.

To post a message you must log in.