On Wed, Oct 25, 2017 at 10:00:03AM -0400, Roberto C. Sánchez wrote:
>
> This is clearly evidence that the problem is with dhclient
> (isc-dhcp-client in my case). I am taking another look at the supersede
> directives in /etc/dhcp/dhclient.conf to make sure that I am specifying
> them correctly. If that fails, then I think I will need to do something
> with /sbin/dhclient-script (which is apparently what is actually
> changing the resolv.conf). According to dhclient-script(8) I can use a
> hook to redefine the make_resolv_conf shell function to do nothing.
>
OK. I was able to dig into this I resolved the problem by telling
dhclient to not request the bits of information that would trigger a
change to /etc/resolv.conf. Here the terminal output that shows the
problem and how I fixed it:
debian:/etc# chattr +i /etc/resolv.conf
debian:/etc# grep -C4 '^request' /etc/dhcp/dhclient.conf
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;
debian:/etc# dhclient -v -r eth1; dhclient -v eth1
Killed old client process
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth1/a0:48:1c:b8:01:d1
Sending on LPF/eth1/a0:48:1c:b8:01:d1
Sending on Socket/fallback
DHCPRELEASE on eth1 to 192.168.63.1 port 67
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth1/a0:48:1c:b8:01:d1
Sending on LPF/eth1/a0:48:1c:b8:01:d1
Sending on Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7
DHCPREQUEST of 192.168.63.197 on eth1 to 255.255.255.255 port 67
DHCPOFFER of 192.168.63.197 from 192.168.63.1
DHCPACK of 192.168.63.197 from 192.168.63.1
mv: cannot move '/etc/resolv.conf.dhclient-new.46741' to '/etc/resolv.conf':
Operation not permitted
bound to 192.168.63.197 -- renewal in 13589 seconds.
debian:/etc# chattr -i /etc/resolv.conf
debian:/etc# dhclient -v -r eth1; dhclient -v eth1
Killed old client process
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth1/a0:48:1c:b8:01:d1
Sending on LPF/eth1/a0:48:1c:b8:01:d1
Sending on Socket/fallback
DHCPRELEASE on eth1 to 192.168.63.1 port 67
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth1/a0:48:1c:b8:01:d1
Sending on LPF/eth1/a0:48:1c:b8:01:d1
Sending on Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4
DHCPREQUEST of 192.168.63.197 on eth1 to 255.255.255.255 port 67
DHCPOFFER of 192.168.63.197 from 192.168.63.1
DHCPACK of 192.168.63.197 from 192.168.63.1
bound to 192.168.63.197 -- renewal in 13628 seconds.
debian:/etc# git diff -- resolv.conf
diff --git a/resolv.conf b/resolv.conf
index 2a3d61d..7841009 100644
--- a/resolv.conf
+++ b/resolv.conf
@@ -1,3 +1 @@
-domain example.com
-search example.com.
-nameserver 127.0.0.1
+nameserver 192.168.63.1
debian:/etc# git checkout -- resolv.conf
debian:/etc# sed -i 's/^\tdomain-name/\t#domain-name/' /etc/dhcp/dhclient.conf
debian:/etc# grep -C4 '^request' /etc/dhcp/dhclient.conf
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
#domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;
debian:/etc# dhclient -v -r eth1; dhclient -v eth1
Killed old client process
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth1/a0:48:1c:b8:01:d1
Sending on LPF/eth1/a0:48:1c:b8:01:d1
Sending on Socket/fallback
DHCPRELEASE on eth1 to 192.168.63.1 port 67
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth1/a0:48:1c:b8:01:d1
Sending on LPF/eth1/a0:48:1c:b8:01:d1
Sending on Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6
DHCPREQUEST of 192.168.63.197 on eth1 to 255.255.255.255 port 67
DHCPOFFER of 192.168.63.197 from 192.168.63.1
DHCPACK of 192.168.63.197 from 192.168.63.1
bound to 192.168.63.197 -- renewal in 16005 seconds.
debian:/etc# git diff -- resolv.conf
(no output here shows that resolv.conf was not changed)
Another approach which worked equally well was to specify the supersede
directive with the values I preferred for domain-name, domain-search,
and domain-name-servers.
In any event, thanks to all who helped and who provided hints on things
to investigate/try. Later today I will update the poorly written wiki
article [0] to explain that immutable is a troubleshooting approach and
I will add documentation about how to properly configure dhclient when
changes to /etc/resolv.conf are undesirable.
As an additional note, it is strange to me that none of the dhclient
interactions are logged in syslog. When I ran dhclient directly and
specified the verbose option, that resulted in the exhanges being logged
to syslog, except for the error message. It appears that the scripts
are not properly capturing/redirecting the standard error stream. I
will also investigate if a bug has been filed for that. If one has not
been filed I will do that as well.
Why dhclient-script(8) mentions the hook scripts for overriding the
behavior of make_resolv_conf() but not the configuration directives that
can be used to affect specific values is also somewhat puzzling.
Regards,
-Roberto
[0] https://wiki.debian.org/resolv.conf
--
Roberto C. Sánchez
