Re: dhclient, resolv.conf
Hello! I have a question about dhclient-script. I am not sh programmer, and have only few knowledge about dhclient. I copied bellow the last part of /sbin/dhclient-script. Does this mean that at TIMEOUT it must exit with error, unless it changes resolv.conf, what I dont want? I have a wanted lease only until TIMEOUT, after that I must accept that dhclient change resolv.conf against my will? I would realy like to delete the call to add_new_resolv_conf (that changes resolv.conf), but the life is limited until TIMEOUT. Rod. TIMEOUT) delete_old_alias add_new_address sleep 1 if [ -n "$new_routers" ]; then set "$new_routers" if ping -q -c 1 -w 1 "$1"; then if [ "$new_ip_address" != "$alias_ip_address" ]; then add_new_alias fi add_new_routes if add_new_resolv_conf; then exit 0 fi fi fi ifconfig $interface inet $new_ip_address delete $medium # XXX Why not a delete_old_address as before all other invocations of # delete_old_routes? delete_old_routes exit 1 ;; esac exit 0
Re: dhclient, resolv.conf
Boudewijn Dijkstra wrote: > If the DHCP server says things that are wrong, then _that_ needs to be > fixed. I think, a functional and proactive secure operating system should not do anythyng some DHCP Server somewhere tells him in a way that cannot be controlled with an appropriate configuration file. Rod.
Re: dhclient, resolv.conf
Op Sat, 22 Oct 2011 10:41:56 +0200 schreef Philippe Meunier : Kenneth R Westerback wrote: If you are using dhclient, then /etc/resolv.conf is not really a configuration file. Unless your machine runs its own DNS server. Then you really don't want dhclient-script to mess with your /etc/resolv.conf. But dhclient-script will still blindly mess with /etc/resolv.conf if the DHCP server says so, despite the fact that your /etc/dhclient.conf never asked for anything related to DNS servers in the first place. Then you will have to mess with "supersede" and /etc/resolv.conf.tail in order to fix dhclient-script's mess. If the DHCP server says things that are wrong, then _that_ needs to be fixed. -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply.)
Re: dhclient, resolv.conf
the dhclient in base, and possibly the isc one, interprets options set to the empty string as unset On Sun, Oct 23, 2011 at 1:38 PM, wrote: > Jurjen Oskam wrote: > >> supersede domain-name-servers 192.168.1.1; >> supersede domain-name ""; > > My dhclient completely ignores > > B supersede domain-name ""; > > and sets an unwanted search line given by the server. Indeed > you must give > > B supersede domain-name "."; > > To obtain > > B search . > > in resolv.conf, what seems to be no problem. > > Rod.
Re: dhclient, resolv.conf
Jurjen Oskam wrote: > supersede domain-name-servers 192.168.1.1; > supersede domain-name ""; My dhclient completely ignores supersede domain-name ""; and sets an unwanted search line given by the server. Indeed you must give supersede domain-name "."; To obtain search . in resolv.conf, what seems to be no problem. Rod.
Re: dhclient, resolv.conf
On Sun, Oct 23, 2011 at 12:08:22AM +0200, Jan Stary wrote: > On Oct 22 04:41:56, Philippe Meunier wrote: > > Kenneth R Westerback wrote: > > >If you are using dhclient, then /etc/resolv.conf is not really a > > >configuration file. > > > > Unless your machine runs its own DNS server. > > Just out of curiosity, what would be an example > situation for using a machine that simultaneously > > (1) acts as a name-server for others > (2) gets its network settings dynamicaly reconfigured An example would be an ISP that uses DHCP to maintain a DSL connection. Even with a static IP address, I *must* get it using a DHCP client and keep it running so the lease is properly renewed. If the lease isn't renewed on time, the connection just stops routing IP. Even with a static IP address. Since I run my own resolving DNS server, it was annoying that the DHCP server not only gave me my static IP address, but also the addresses of the ISP's resolving name servers. I just used "chflags uchg /etc/resolv.conf", until I properly read the manual and discovered how I can use the supersede option in dhclient.conf: supersede domain-name-servers 192.168.1.1; supersede domain-name ""; Regards, -- Jurjen Oskam Savage's Law of Expediency: You want it bad, you'll get it bad.
Re: dhclient, resolv.conf
On Sun, Oct 23, 2011 at 12:08:22AM +0200, Jan Stary wrote: > Just out of curiosity, what would be an example > situation for using a machine that simultaneously > > (1) acts as a name-server for others > (2) gets its network settings dynamicaly reconfigured Any kind of box that is connected to an internet connection using DHCP? It is needed because kittens are at risk of death every time you run a resolver for a trivial amount of clients that does not use forwarders. Passing on the ISP's DNS is of course also an option, but a local cache never hurts. When the ISP's resolver breaks and you want to switch to something else, it's also nice to be able to do it without waiting for all the hosts to renew their lease.
Re: dhclient, resolv.conf
On 10/23/11 00:08, Jan Stary wrote: On Oct 22 04:41:56, Philippe Meunier wrote: Kenneth R Westerback wrote: If you are using dhclient, then /etc/resolv.conf is not really a configuration file. Unless your machine runs its own DNS server. Just out of curiosity, what would be an example situation for using a machine that simultaneously (1) acts as a name-server for others (2) gets its network settings dynamicaly reconfigured The gateways on my local internet connection. Since the gateway itself gets its ip and nameserver config via dhcp I cannot simply pass that on via dhcpd.conf but instead I set up a local caching nameserver for the internal network. That said, I had to confirm my suspicion by finding this last line in dhclient.conf: prepend domain-name-servers 127.0.0.1; with prepend instead of supersede, just in case. /Alexander
Re: dhclient, resolv.conf
On Oct 22 04:41:56, Philippe Meunier wrote: > Kenneth R Westerback wrote: > >If you are using dhclient, then /etc/resolv.conf is not really a > >configuration file. > > Unless your machine runs its own DNS server. Just out of curiosity, what would be an example situation for using a machine that simultaneously (1) acts as a name-server for others (2) gets its network settings dynamicaly reconfigured
Re: dhclient, resolv.conf
Kenneth R Westerback wrote: >If you are using dhclient, then /etc/resolv.conf is not really a >configuration file. Unless your machine runs its own DNS server. Then you really don't want dhclient-script to mess with your /etc/resolv.conf. But dhclient-script will still blindly mess with /etc/resolv.conf if the DHCP server says so, despite the fact that your /etc/dhclient.conf never asked for anything related to DNS servers in the first place. Then you will have to mess with "supersede" and /etc/resolv.conf.tail in order to fix dhclient-script's mess. Philippe
Re: dhclient, resolv.conf
Kenneth R Westerback wrote: > If you are using dhclient, then /etc/resolv.conf is not really a > configuration file. Then it should be called /rmp/resolv.conf If you see dhclient-script, you find a file inflation: /etc/resolv.conf.std, /etc/resolv.conf, /etc/resolv.conf.save, /etc/resolv.conf.std6, /etc/resolv.conf.tail All them belog to /tmp, tot to /etc (in your logic). Rodrigo
Re: dhclient, resolv.conf
On Thu, Oct 20, 2011 at 08:53:16PM +, sophia.ort...@googlemail.com wrote: > Rogier Krieger wrote: > > > you can use the 'script' parameter described in dhclient.conf > > Perhaps the best solution, not far from what I had in mind from > the beginning, but not a simple configuration for a simple task. > > > I do not see why you prefer editing resolv.conf over dhclient.conf, > > though, but I trust you have your reasons. > > I find the idea of bringing dhclient with tricks to write a > configuration file that I can type myself absurd. I didnt manage to > avoid that dhclient write a "search" option in resolv.conf. If you are using dhclient, then /etc/resolv.conf is not really a configuration file. You are choosing to have your host dynamically configured by an outside agency and /etc/resolv.conf becomes a tool to implement that dynamic configuration. So, to me, the logical approach is to control the dynamic configuration process to produce the result you want, not artificially contrain the implementation mechanism available to the dynamic configuration you receive. Neither approach is perfect. Ken > > ?ukasz Czarniecki wrote: > > > chflags uchg /etc/resolv.conf > > Thanks! But that sounds like brute force. :) > > Do you know why opaque flag disappeared in OpenBSD? I think it > can be usefull under circumstances. > > Regards > SO
Re: dhclient, resolv.conf
Antoine Jacoutot wrote: >I use this: > >send dhcp-lease-time 3600; >request subnet-mask, broadcast-address, routers; > >And my resolv.conf is not modified. That's because you happen to be using a DHCP server that has good enough manners not to try to shove unrequested options (like name servers) down your machine's throat. My experience is that there are in fact quite a few DHCP servers out there which are not so well behaved. Then dhclient-script will happily mess with your resolv.conf even though your dhclient.conf never asked the DHCP server for anything related to DNS servers. See http://marc.info/?l=openbsd-tech&m=131302612614702&w=2 for my complete opinion on the matter... Rogier Krieger wrote: >I do not see why you prefer editing resolv.conf over dhclient.conf, >though, but I trust you have your reasons. See the link above. It "leads to the duplication of information between /etc/resolv.conf, /etc/resolv.conf.tail, and /etc/dhclient.conf, and thus has the feel of curing the /etc/resolv.conf symptom instead of curing the dhclient-script disease :-)" In short, "supersede" and resolv.conf.tail work but they are aesthetically unpleasing, IMHO (I'm not speaking for the original poster, who might have a different rational). Philippe
Re: dhclient, resolv.conf
Rogier Krieger wrote: > you can use the 'script' parameter described in dhclient.conf Perhaps the best solution, not far from what I had in mind from the beginning, but not a simple configuration for a simple task. > I do not see why you prefer editing resolv.conf over dhclient.conf, > though, but I trust you have your reasons. I find the idea of bringing dhclient with tricks to write a configuration file that I can type myself absurd. I didnt manage to avoid that dhclient write a "search" option in resolv.conf. ?ukasz Czarniecki wrote: > chflags uchg /etc/resolv.conf Thanks! But that sounds like brute force. :) Do you know why opaque flag disappeared in OpenBSD? I think it can be usefull under circumstances. Regards SO
Re: dhclient, resolv.conf
W dniu 2011-10-20 20:11, sophia.ort...@googlemail.com pisze: > But again, I insist in my first question: how I get that > dhclient respect my resolv.conf and do not touch it? chflags uchg /etc/resolv.conf
Re: dhclient, resolv.conf
On Thu, Oct 20, 2011 at 20:11, wrote: > But again, I insist in my first question: how I get that > dhclient respect my resolv.conf and do not touch it? If you insist on dhclient not touching resolv.conf and do not want to edit the in-base dhclient-script, you can use the 'script' parameter described in dhclient.conf(5). As a bonus, you get to maintain your changes from then on. I do not see why you prefer editing resolv.conf over dhclient.conf, though, but I trust you have your reasons. Regards, Rogier -- If you don't know where you're going, any road will get you there.
Re: dhclient, resolv.conf
On Thu, 20 Oct 2011, sophia.ort...@googlemail.com wrote: > Again: I dont want that dhclient touch my resolv.conf. I use this: send dhcp-lease-time 3600; request subnet-mask, broadcast-address, routers; And my resolv.conf is not modified. -- Antoine
Re: dhclient, resolv.conf
On Thu, Oct 20, 2011 at 11:11 AM, wrote: > Johan Beisser wrote: > >> Check dhclient.conf(5) and read about the supersede statement. > > Thank you very much for your kind answer. Of course I read not > only dhclient.conf (5), but also a lot of man pages, a lot of > postings in the internet. I think, you misunderstood my question. No, I really didn't. You don't want dhclient(8) to touch resolve.conf. I'm simply suggesting you set up dhclient.conf(5) to use supersede to set some things statically. Specifically set domain-name-servers and domain-name there, and when dhclient(8) fires off, it'll use your settings in resolv.conf. > Again: I dont want that dhclient touch my resolv.conf. > > This means that I am also unhappy even if dhclient creates a > resolv.conf containing exactly what I wanted that it contains, > I am also unhapy if dhclient fakes the file metadata, the dates, > in order that it appears as the file were untouched. You're screwed. You may want to check chmod(1) instead. Set resolv.conf(5) to be read only. I don't know if that'll prevent dhclient(8) from overwriting the file. I doubt it. > If that were the goal, I have another question: I want no > search statement in resolv.conf, the most near to that I get > is a line containing "search ." in resolv.conf with a line > containing > > supersede domain-name "."; > > in dhclient.conf. Do you how to get dhclient without it? I'm not sure what you mean. What may get you what you want (search domains) is in resolve.conf(5): On a machine whose network connection does not change frequently (such as a desktop machine on a local-area network), the resolv.conf.tail file should not be necessary. However the resolv.conf.tail file may be useful on notebooks, to search multiple domains, to refer to hard-coded informa- tion in local files, or otherwise override the defaults. > But again, I insist in my first question: how I get that > dhclient respect my resolv.conf and do not touch it? You read man pages.
Re: dhclient, resolv.conf
Johan Beisser wrote: > Check dhclient.conf(5) and read about the supersede statement. Thank you very much for your kind answer. Of course I read not only dhclient.conf (5), but also a lot of man pages, a lot of postings in the internet. I think, you misunderstood my question. Again: I dont want that dhclient touch my resolv.conf. This means that I am also unhappy even if dhclient creates a resolv.conf containing exactly what I wanted that it contains, I am also unhapy if dhclient fakes the file metadata, the dates, in order that it appears as the file were untouched. If that were the goal, I have another question: I want no search statement in resolv.conf, the most near to that I get is a line containing "search ." in resolv.conf with a line containing supersede domain-name "."; in dhclient.conf. Do you how to get dhclient without it? But again, I insist in my first question: how I get that dhclient respect my resolv.conf and do not touch it? Thanks SO.
Re: dhclient, resolv.conf
Check dhclient.conf(5) and read about the supersede statement. jb Semt frim my ipHnoe. On Oct 20, 2011, at 8:35, sophia.ort...@googlemail.com wrote: > Dear Sirs! > > I realy do not want that dhclient touch resolv.conf. > > The recomendation in > > http://www.openbsd.org/faq/faq6.html#DHCPclient > > namely, uncommenting "request", errasing "domain-name" and > "domain-name-servers", does not work. The only idea I have is > to change "/sbin/dhclient-script", but I think that is a delicate > thing. Do someone know a better solution? > > I am sure I am not the only one with this problem, but I did not > find a solution with google. > > Best regards, > SO.
dhclient, resolv.conf
Dear Sirs! I realy do not want that dhclient touch resolv.conf. The recomendation in http://www.openbsd.org/faq/faq6.html#DHCPclient namely, uncommenting "request", errasing "domain-name" and "domain-name-servers", does not work. The only idea I have is to change "/sbin/dhclient-script", but I think that is a delicate thing. Do someone know a better solution? I am sure I am not the only one with this problem, but I did not find a solution with google. Best regards, SO.