Have you recently been seriously bothered, after one of the updates from older to newer Debian / Ubuntu / CentOS or other Linux distributions by the fact /etc/resolv.conf has become a dynamic file that pretty much in the spirit of cloud technologies is being regenerated and ovewritten on each and every system (server) OS update / reboot and due to that you start getting some wrong inappropriate DNS records /etc/resolv.conf causing you harm to the server infrastructure?
During my set of server infra i have faced that odditty for some years now and i guess every system administrator out there has suffered at a point by having to migrate an older Linux release to a newer one, where something gets messed up with DNS resolving due to that Linux OS new feature of /etc/resolv.conf not being really static any more.
The Dynamic resolv.conf file for glibc resolver is often generated used to be regenerated by resolvconf command and consequentially can be tampered by dhcpd resolved systemd service as well perhaps other mechanism depending on how the different Linux distribution architects make it to behave …
There are more than one ways to stop the annoying /etc/resolv.conf ovewritten behavior
1. Using dhcpd to stop /etc/resolv.conf being overwritten
Using dhcpd either a small null up script can be used or a separate hook script.
The null script would look like this
root@pcfreak:/root# vim /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
#!/bin/sh
make_resolv_conf() {
:
}
root@pcfreak:/root# chmod +x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
This script overrides an internal function called make_resolv_conf() that would normally overwrite resolv.conf and instead does nothing.
On old Ubuntu s and Debian versions this should work.
Alternative method is to use a small hook dhcp script like this:
root@pcfreak:/root# echo 'make_resolv_conf() { :; }' > /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
chmod 755 /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
Next boot when dhclient runs onreboot or when you manually run sudo ifdown -a ; sudo ifup -a ,
it loads this script nodnsupdate or the hook script and hopefully your manually configured values of /etc/resolv.conf would not mess up your file anymore.
2. Use a chattr and set immutable flag attribute to /etc/resolv.conf to prevent re-boot to ovewrite it
Anyways the universal and simple way "hack" to prevent /etc/resolv.conf many prefer to use instead of dhcp (especially as not everyone is running a dhcp on a server) , to overwrite is to delete the file and make it immutable with chattr (assuming chattr is supported by the filesystem i.e. EXT3 / EXT4 / XFS , you use on the Linux.).
You might need to check the filesystem type, before using chattr.
root@pcfreak:/root# blkid | awk '{print $1 ,$3, $4}'
/dev/xvda1: TYPE="xfs"
/dev/xvda2: TYPE="LVM2_member"
/dev/mapper/centos-root: TYPE="xfs"
/dev/mapper/centos-swap: TYPE="swap"
/dev/loop0:
/dev/loop1:
/dev/loop2:
Normally EXT fs and XFS support it, note that this is not going to be the case with a network filesystem like NFS.
If you have some weird Filesystem type and you try to chattr you will get error like:
chattr: Inappropriate ioctl for device while reading flags on /etc/resolv.conf
To make /etc/resolv.conf file unchangeable on next boot by dhcpd or systemd-resolved
a systemd service that provides network name resolution to local applications via a D-Bus interface, the resolve NSS service (nss-resolve)
root@pcfreak:/root# rm -f /etc/resolv.conf
{ echo "nameserver 1.1.1.1";
echo "nameserver 1.0.0.1;
echo "search mydomain.com"; } > /etc/resolv.conf
chattr +i /etc/resolv.conf
reboot
Also it is a good think if you don't plan after some update to have unexpected results caused by systemd-resolved doing something strange is to rename to /etc/systemd/resolved.conf.dpkg-bak or completely remove file
/etc/systemd/resolved.conf
To prevent dhcpd to overwrite the server /etc/resolv.conf from something automatically taken from preconfigured central DNS inside the network configurations made from /etc/network/interfaces configurations such as:
dns-nameservers 127.0.0.1 8.8.8.8 8.8.4.4 207.67.222.222 208.67.220.220
You need to change the DHCP configuration file named dhclient.conf and use the supersede option.
To so Edit /etc/dhcp/dhclient.conf.
Look for lines like these:
#supersede domain-name "fugue.com home.vix.com";
#prepend domain-name-servers 127.0.0.1;
Remove the preceding “#” comment and use the domain-name and/or domain-name-servers which you want (your DNS FQDN). Save and hopefully the DNS related ovewrite to /etc/resolv.conf would be stopped, e.g. changes inside /etc/resolv.conf mnually done should stay permanent.
Also it is a good practice to disable ddns-update-style direcive inside /etc/dhcp/dhcpd.conf
root@pcfreak:/root# vim /etc/dhcp/dhcpd.conf
##ddns-update-style none;
However on many newer Debian Linux as of 2025 and its .deb based derivative distros, you have to consider the /etc/resolv.conf is a symlink to another file /etc/resolvconf/run/resolv.conf
If that is the case with you then you'll have to set the immutable chattr attribute flag like so
root@pcfreak:~# chattr -V +i /etc/resolvconf/run/resolv.conf
chattr 1.47.0 (5-Feb-2023)
Flags of /etc/resolvconf/run/resolv.conf set as —-i—————–root@pcfreak:/root# lsattr /etc/resolvconf/run/resolv.conf
—-i—————– /etc/resolvconf/run/resolv.conf
3. Make /etc/resolv.conf permanent with simple custom a rc.local boot triggered resolv.conf ovewrite from a resolv.conf_actual template file
Consider that due to the increasing complexity of how Linux based OS-es behaves and the fact the Linux is more and more written to fit integration into the Cloud and be as easy as possible to containerize or orchestrate (with lets say docker or some cloud PODs) and other multitude of OS virtualiozation stuff modernities /etc/resolv.conf might still continue to ovewrite ! 🙂
Thus I've come up with my very own unique and KISS (Keep it Simple Stupid) method to make sure /etc/resolv.conf is kept permanent and ovewritten on every boot for that "hack" trick you only need to have the good old /etc/rc.local enabled – i have written a short article how it can be enabled on newer debian / ubuntu / fedora / centos Linux here.
Prepare your permanent and static /etc/resolv.conf file containing your preferred server DNSes under a file /etc/resolv.conf_actual
Here is an example of one of my /etc/resolv.conf template files that gets ovweritten on each boot.
root@pcfreak:/root# cat /etc/resolv.conf_actual
domain pc-freak.net
search pc-freak.net
#nameserver 192.168.0.1nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 212.39.90.42
nameserver 212.39.90.43
nameserver 208.67.222.222
nameserver 208.67.220.220
options timeout:2 rotate
And in /etc/rc.local place before the exit directive inside the file simple copy over the original /etc/resolv.conf file real location.
Before proceeding to add it to execute /etc/rc.local assure yourself file is being venerated by OS.
root@pcfreak:/etc/dhcp# systemctl status rc-local
● rc-local.service – /etc/rc.local Compatibility
Loaded: loaded (/etc/systemd/system/rc-local.service; enabled; preset: enabled)
Drop-In: /usr/lib/systemd/system/rc-local.service.d
└─debian.conf
Active: active (exited) since Sun 2024-12-08 21:59:01 EET; 1 month 27 days ago
Docs: man:systemd-rc-local-generator(8)
Process: 1417 ExecStart=/etc/rc.local start (code=exited, status=0/SUCCESS)
CPU: 302msNotice: journal has been rotated since unit was started, output may be incomplete.
root@pcfreak:/root# vim /etc/rc.local
cp -rpf /etc/resolv.conf_actual /etc/resolvconf/run/resolv.conf
NB ! Make sure those line is placed before any exit 0 command in /etc/rc.local otherwise that won''t work
That's it folks 🙂
Using this simple trick you should be no longer bothered by a mysterious /etc/resolv.conf overwritten on next server reboot or system update (via a puppet / ansible or some other centralized update automation stuff) causing you a service or infrastructure outage.
Enjoy !
