Linux Make Sure /etc/resolv.conf Never Get Updated By DHCP Client

I am using GNU/Linux with the Internet Systems Consortium DHCP Client. The dhclient, provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol. It also updates my /etc/resolv.conf file each time my laptop connects to the different network. I would like to keep my existing nameservers. How do I skip /etc/resolv.conf update on a Linux based system? How do I stop DHCP client from changing resolv.conf on Linux?

[donotprint]
Tutorial details
Difficulty Intermediate (rss)
Root privileges Yes
Requirements ISC DHCP client
Time 5m
[/donotprint]The DHCP protocol allows a host to contact a central server which maintains a list of IP addresses which one can assign to one or more subnets. This protocol reduces system administration workload, allowing devices to be added to the network with little or no manual configuration.

WARNING! Many firewalls only allow access to specific nameservers only. So make sure your nameservers are supported. Also, many corporates block snooping name server such as OpenDNS due to privacy issues.

Make Sure /etc/resolv.conf never get updated By DHCP client

Information regarding DNS servers are stored in /etc/resolv.conf file. One can see it with cat command:
$ cat /etc/resolv.conf

You can set or change DNS server by editing the /etc/resolv.conf file. However, this file might get updated by dhcp client on Linux. There are various methods to fix this issue. Use any one of the following methods. Let us see how to stop DHCP from changing resolv.conf file on Linux.

Write protecting /etc/resolv.conf file

Method 1: I am going to write protect your /etc/resolv.conf file using the chattr command on a Linux bases system. The syntax is:
# chattr +i /etc/resolv.conf
The +i option (attribute) write protects /etc/resolv.conf file on Linux so that no one can modify it including root user. You can use chflags command on FreeBSD based system.

Creating dhclient-script hooks

Method 2: The DHCP client network configuration script is invoked from time to time by dhclient. This script is used by the dhcp client to set each interface’s initial configuration prior to requesting an address, to test the address once it has been offered, and to set the interface’s final configuration once a lease has been acquired. This script is not meant to be customized by the end user. If local customizations are needed, they should be possible using the enter and exit hooks provided. These hooks will allow the user to override the default behavior of the client in creating a /etc/resolv.conf file. When it starts, the client script first defines a shell function, make_resolv_conf, which is later used to create the /etc/resolv.conf file. To override the default behavior, redefine this function in the enter hook script.

Create hook to avoid /etc/resolv.conf file update

You need to create /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate file under a Debian / Ubuntu Linux:
# vi /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
Append following code:

#!/bin/sh
make_resolv_conf(){
	:
}

Save and close the file. Set permissions using the chmod command:
# chmod +x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
The script will replace make_resolv_conf() with our own function. This functions does nothing and so no IP address will get added to /etc/resolv.conf file.

A note about resolvconf program on a Debian or Ubuntu based system

If the resolvconf program is installed, you should not edit the resolv.conf configuration file manually on a Debian or Ubuntu based system as it will be dynamically changed by programs in the system. If you need to manually define the nameservers (as with a static interface), add a line something like the following to the interfaces configuration file at /etc/network/interfaces file:

##Place the line indented within an iface stanza, e.g., right after the gateway line.##
dns-nameservers 8.8.8.8 127.0.0.1

A note about RHEL / CentOS / Fedora Linux

Place following code in /etc/dhclient-enter-hooks file:
# vi /etc/dhclient-enter-hooks
Append code:

make_resolv_conf(){
	:
}

Save and close the file. Another option is to modify your interface configuration file such as /etc/sysconfig/network-scripts/ifcfg-eth0 file and append any one of the following option:

# do not overwrite /etc/resolv.conf ##
PEERDNS=no

OR

## use the following nameservers in /etc/resolv.conf ##
PEERDNS=no
DNS1=8.8.8.8
DNS2=1.2.3.4

Save and close the file. Where,

  1. PEERDNS=yes|no – Modify /etc/resolv.conf if peer uses msdns extension (PPP only) or DNS{1,2} are set, or if using dhclient. default to “yes”.
  2. DNS{1,2}=<ip address> – Provide DNS addresses that are dropped into the resolv.conf file if PEERDNS is not set to “no”.

Configure dhclient.conf file

Method 3: The /etc/dhclient.conf or /etc/dhcp/dhclient.conf file contains configuration information for dhclient. You can turn on or off DNS update and other options for specific interface or all interface using this file. The man pages for DHCLIENT.CONF and DHCP-OPTIONS point out that in dhclient.conf, you should add this:

supersede domain-name-servers 202.54.1.2, 199.2.3.4;

OR

prepend domain-name-servers 1.2.3.4, 1.2.3.5;

Here is a sample config for you:

       timeout 60;
       retry 60;
       reboot 10;
       select-timeout 5;
       initial-interval 2;
       reject 192.33.137.209;

       interface "eth0" {
           send host-name "laptop-area51.nixcraft.net.in.home";
           send dhcp-client-identifier 00:30:48:33:BC:32;
           send dhcp-lease-time 3600;
           supersede domain-search "net.in.home", "cyberciti.biz", "vpx.nixcraft.net.in";
           prepend domain-name-servers 8.8.8.8, 127.0.0.1;
           request subnet-mask, broadcast-address, time-offset, routers,
                domain-search, domain-name, domain-name-servers, host-name;
           require subnet-mask, domain-name-servers;
       }

How to stop network-manger updating /etc/resolv.conf on Linux

Method 4: Edit the /etc/NetworkManager/NetworkManager.conf file using a text editor such as vim command or nano command:
$ sudo vi /etc/NetworkManager/NetworkManager.conf
Add/edit/append as follows in [main] dns=none
Here is a full config:

[main]
plugins=ifupdown,keyfile
dns=none
 
[ifupdown]
managed=false
 
[device]
wifi.scan-rand-mac-address=no

Save and close the file in vim text editor. Next time you reboot the Linux box your /etc/resolv.conf file will not get updated when using nm (network-manager) on Linux.

Further readings:
🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
33 comments… add one
  • Christian Bolliger Jun 23, 2012 @ 7:45

    On RHEL:
    The hook script doesn’t replace make_resolv_conf() it will just run additionally. As mentioned before PEERDNS=no is the official solution.
    Of course you can use the hook script to rechange your resolv.conf to the values you need.

  • pouya Sep 21, 2012 @ 8:38

    EDIT /etc/sysconfig/network-scripts/ifcfg-eth0

    ADD PREDNS=no

  • rohit Dec 4, 2012 @ 7:23

    In the similar way can i make my dhclient to receive IP on virtual interface also ie on eth0 and eth0:1 ? i tried it with using different client-identifier for each virtual interface and dhcp server also seems to assign them different IP but somehow only the IP offered last is configured on interface and no ip is configured on virtual interface..

  • LV Mar 30, 2013 @ 19:21

    In RHEL/CentOS, you can simply add option: PEERDNS=”no” to your network interface script (/etc/sysconfig/network-scripts/ifcfg-ethX).

  • simon Sep 4, 2013 @ 5:32

    under ubuntu 12.04

    cat < /etc/network/if-up.d/remove_dhcp_dns.sh
    if [ “${METHOD}” != “dhcp” ]; then
    return 0;
    fi
    if [ -f /var/run/resolvconf/interface/${LOGICAL}.dhclient ]; then
    resolvconf -d ${LOGICAL}.dhclient
    fi
    EOF

    and in /etc/network/interfaces run the script as a post-up for dhcp interfaces

    auto eth0
    iface eth0 inet dhcp
    pre-up sleep 2
    post-up /etc/network/if-up.d/remove_dhcp_dns.sh

    • simon Sep 4, 2013 @ 5:33

      the cat line should be:

      cat < /etc/network/if-up.d/remove_dhcp_dns.sh

      • simon Sep 4, 2013 @ 5:35

        hm. the post is getting mangled … i’ll try html. the cat line once more

        cat <<‘EOF’ > /etc/network/if-up.d/remove_dhcp_dns.sh

  • Antonio Nov 9, 2013 @ 14:04

    In CentOS there is another way to do that: set PEERDNS=no
    http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-dhcp-configuring-client.html

  • Robert Jan 3, 2014 @ 8:54

    Hello~
    I had try all kind of 3 way you said, but I can’t resolve it.
    whenever OS connect network it change /etc/resolv.conf file.

    most above line is changed like this…
    “; generated by /sbin/dhclient-script”

    and nameserver ip was changed.

    Help…

  • Vorms Jun 6, 2014 @ 18:22

    Hello,
    I add a file /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate with a empty make_resolv_conf() but these function doesn’t repalce the original function.
    I don’t undertand why ?

    Many thanks for your help,
    Best regards.

    Thierry

  • someguy Aug 7, 2014 @ 18:00

    Thanks very much for this.

    I’ve gone with the “redefine make_resolv_conf” approach in CentOS 6.5 and it works a treat!

  • zamaan Jun 24, 2016 @ 8:37

    Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.