:: Re: [DNG] hijacking resolv.conf - p…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMsawbona at <-
MOlaf Meeuwissen at ->
Delete this message
Reply to this message
Author: tito
Date:  
To: dng
Subject: Re: [DNG] hijacking resolv.conf - possible fix?
On Wed, 19 Mar 2025 18:07:27 -0300
altoid via Dng <dng@???> wrote:

> Hello:
>
> On 19 Mar 2025 at 18:05, Simon wrote:
>
> > If you take a step backwards ...
> I will probably trip on something and fall, the flat is a proper
> mess. 8^D
>
> > ... vast majority of users ...
> When I came across this problem ie: my DNS settings, out of nowhere
> getting changed without my intervention or notice and as a result
> rendering my Pi-hole VM inoperative, I did what most Linux users
> would do: search the web for a solution.
>
> What I found was a huge number of posts by members of that great
> majority of users you mention, many if not most going back many
> years.
>
> They also did not know what was going on and when I came across
> something resembling a solution, it was a clumsy workaround.
> ie: to make [/etc/resolv.conf] (a system file, no less) immutable.
>
> Like Ralph R. cleverly pointed out, I had not RTFM.
> Looking back, it never crossed my mind to check the DHCP man pages.
>
> Why should it?
> For years things were working perfectly well till they suddenly were
> not.
>
> And then, it would seem that none of the great many affected users
> RTFM either.
> Not a coincidence, me thinks.
>
> > ... and "works" really means "has working DNS resolution".
> Which is *exactly* what I had till [connman], making use of a
> configuration *option* the DHCP offered, did away with.
>
> The developers / maintainers of the client I had been using up to
> that point, [WiCD], wisely chose not to go the same way.
>
> [WiCD] had a quick way of setting your DNS from the UI and once you
> set it, it stayed that way.
>
> > ... vast majority of users even Linux ones ...
> Well ...
>
> Some people opine that there are a vast majority of Linux users who
> are quite happy with the default implementation of [systemd] (or some
> other Poettering-ish idea) in their system and then ...
>
> > ... suggest that the vitriol ...
> We have never met, I can assure you that it was not vitriol.
> But I'll make a note of your observation. 8^)
>
> > ... if you have a crippled, ISP supplied router ...
> I have used this same line of vendor supplied (crippled) ISP routers
> and the problem cropped up when [WiCD] was deprecated.
> ie: whatever the router did (reset at random intervals) did not
> affect my DNS settings and my Pi-hole always worked as intended.
>
> > ... not the fault of the DHCP protocol ...
> Granted.
> The fault lies on the developer who thought up the *feature*.
> Quite sure I am not the only one who thinks so.
>
> > ... it´s the fault of the ISP ...
> I believe it is common practise most everywhere.
> Which is probably why VPNs have become so popular.
>
> Like moving around IP assignments, something I actually find to be
> convenient. ie: not having a fixed IP for too long.
>
> > It´s why I´ve turned off the DHCP service ...
> I do not have much of a network to speak of so I may eventually
> resort to turning it off.
>
> > ... multiple ways to solve this issue :
> All of them interesting but far too complex for me.
>
> One easy solution would have been for the Linux installer process to
> ask if the default setting was acceptable to the user of the system
> being installed and also indicate how to change it if needed.
> ie: like when you need to reconfigure your keyboard.
>
> Further down the line, the next easy solution would have been for the
> developers of [connman] (and probably other clients, no idea) to have
> a way to get that done, the same way [WiCD] did, through the UI.
>
> That is what gets me, the fact that someone up the chain decides
> about something important without a second thought to the eventual
> consequences.

Hi,

The next step will be DNS over HTTPS, every single program
on your box will have it hardcoded and do it by default
and simply ignore /etc/resolv.conf.
That obviously will be for your security and because the developers,
(like the firefox ones) know what is best for you.

Ciao,
Tito

> Right ...
>
> @Simon:
> Thank you very much for taking the time to write this up.
> Much appreciated.
>
> Best,
>
> A.
> _______________________________________________
> Dng mailing list
> Dng@???
> Manage your subscription: https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> Archive: https://lists.dyne.org/lurker/list/dng.en.html

This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] hijacking resolv.conf - possible fix?Re: [DNG] hijacking resolv.conf - possible fix?->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)