On Wed, Oct 25, 2017 at 11:35:20PM -0400, Stefan Monnier wrote: > `resolvconf` only touches /etc/resolv.conf when it is installed/initialized. > What it does to it is to replace it with a symlink. > After that, it doesn't touch it any morel instead it only modifies the file > that is the target of that symlink. > > So there's your answer: > - rm /etc/resolv.conf > - zile /etc/resolv.conf
How is this supposed to prevent dhclient (et al.) from modifying the file, then? A quick read of /sbin/dhclient-script shows me nothing promising. (It's also full of bugs, which is exactly what one expects in a shell script provided by an OS package, or to be fair, any shell script at all.) A quick read of <https://manpages.debian.org/stretch/openresolv/resolvconf.8.en.html> is... interesting, but low on details. It doesn't tell me what resolvconf actually DOES, how it prevents other things from writing to the file. But see below. Hmm... how COULD it work? Checking <https://packages.debian.org/stretch/all/resolvconf/filelist> .... Aha! Installing resolvconf creates a file named /etc/dhcp/dhclient-enter-hooks.d/resolvconf in the dhclient hooks directory. Maybe this file overrides the make_resolv_conf shell function that dhclient-script provides. I would have to download and extract the resolvconf package to find out, since I don't have it installed anywhere. But what's most interesting to me is this paragraph in the resolvconf man page: In some situations resolvconf needs to act as a deterrent to writing to /etc/resolv.conf. Where this file cannot be made immutable or you just need to toggle this behaviour, resolvconf can be disabled by adding resolvconf=NO to resolvconf.conf(5). Sounds like chattr +i IS actually the preferred solution. Installing and configuring resolvconf is the fallback solution.
