Olaf Meeuwissen <olaf@???> writes:
> Hi,
>
> Gonzalo Pérez de Olaguer Córdoba <salo@???> writes:
>
>> Hi, everybody here.
>>
>> El Tue, 18 Mar 2025 16:44:03 -0300
>> altoid via Dng <dng@???> escribió:
>>
>>> Then, while searching on how to fix something else, I came across
>>> [/sbin/dhclient-script] and within it, this bit which instantly
>>> called my attention:
>>>
>>> [code]
>>> --- snip ---
>>> # update /etc/resolv.conf based on received values # <---- wthf?
>>> make_resolv_conf() {
>>> local new_resolv_conf
>>> --- snip ---
>>> [/code]
>>>
>>> Not in any way script savvy but it seemed I had found the hijacker,
>>> so to speak.
>>>
>>> Those who know more could confirm my suspicions.
>>
>> Take a look at the manual page for dhclient-script(5)
>
> Add dhclient.conf(5) for good measure. Looks like commenting out
Urk! I meant to say uncomment, not comment out :-/
> prepend domain-name-servers 127.0.0.1;
>
> (substitute whatever IP address scratches you itch) would do the trick.
>
>> I have this script at /etc/dhcp/dhclient-enter-hooks.d/no_dns_update
>> (any name will do) that overrides the make_resolv_conf function that
>> you don't like:
>>
>> --- start
>> #!/bin/sh
>>
>> # prevent dhclient from updating /etc/resolv.conf
>> make_resolv_conf() { : ; }
>> --- end
>
> I use a similar approach to inject *additional* variables for things
> that the DHCP server at the office doesn't provide, e.g. NTP servers
> (as the default ones are blocked by the firewall).
>
>> I suppose this works, althought I have set /etc/resolv.conf immutable anyway
>> because over the years I have found LOTS of programs destroying my
>> settings :-)
>>
>> Hope it helps.
>> Salo.
>
> Me too.
--
Olaf Meeuwissen
::
Re: [DNG] hijacking resolv.conf - p…
