# [SOLVED] how to edit /etc/resolv.conf

## vcmota

This feels like a very basic question, but I just can't get it answered by myself. I need to change my DNS servers in order to have my VPN service working properly. Although it is not PIA, It seems like a very related issue as described here. So that is what I did: I created the file /etc/resolv.conf.head and added the DNS services numbers of my VPN service. But after reboot nothing changes: in /etc/resolv.conf I still dont have those as my DNS servers and the VPN still cant work properly. I looked everywhere for a solution but I just could not found. I chatted with the technical support of my VPN service and they could not help me either. It looks like a simple issue, but I just don't have the basic knowledge to solve it. As a matter of clarification I don't have network manager installed, actually my install is as minimal as I could made it be: regarding internet I have only wpa_supplicant, dhcpcd and openvpn installed, nothing else.

Thank you all for your attention.Last edited by vcmota on Sun Mar 04, 2018 12:10 am; edited 1 time in total

----------

## bunder

/etc/conf.d/net

```

dns_domain_lo="mydomain.ca"

dns_search_lo="mydomain.ca"

dns_servers_lo="127.0.0.1"    # only if you are running your own dns server on the local machine

config_eth0="dhcp"    # i'm going to guess you need or already have this

dhcp_eth0="nodns nontp"    # you definitely need this, adjust as necessary

```

and this yields...  /etc/resolv.conf

```

# Generated by net-scripts for interface lo

domain mydomain.ca

search mydomain.ca

nameserver 127.0.0.1

```

hope this helps.   :Cool: 

----------

## vcmota

Thank you very much Bunder for your reply. I just checked and I dont have the /etc/conf.d/net file on my system either... If I just create it the system is going to read it? By the way, those are the files that I have inside /etc/conf.d:

```

mossadegh ~ # ls -l /etc/conf.d/* | awk '{print $9}'

/etc/conf.d/agetty

/etc/conf.d/alsasound

/etc/conf.d/auditd

/etc/conf.d/bootmisc

/etc/conf.d/busybox-ntpd

/etc/conf.d/busybox-watchdog

/etc/conf.d/consolefont

/etc/conf.d/cronie

/etc/conf.d/deluge-web

/etc/conf.d/deluged

/etc/conf.d/devfs

/etc/conf.d/device-mapper

/etc/conf.d/dmcrypt

/etc/conf.d/dmesg

/etc/conf.d/elogind

/etc/conf.d/fsck

/etc/conf.d/git-daemon

/etc/conf.d/gpm

/etc/conf.d/hostname

/etc/conf.d/hwclock

/etc/conf.d/ip6tables

/etc/conf.d/iptables

/etc/conf.d/keymaps

/etc/conf.d/killprocs

/etc/conf.d/localmount

/etc/conf.d/lvm

/etc/conf.d/mdadm

/etc/conf.d/mdraid

/etc/conf.d/mit-krb5kadmind

/etc/conf.d/mit-krb5kdc

/etc/conf.d/mit-krb5kpropd

/etc/conf.d/modules

/etc/conf.d/mtab

/etc/conf.d/net-online

/etc/conf.d/netmount

/etc/conf.d/opentmpfiles-dev

/etc/conf.d/opentmpfiles-setup

/etc/conf.d/openvpn

/etc/conf.d/pciparm

/etc/conf.d/pydoc-2.7

/etc/conf.d/pydoc-3.5

/etc/conf.d/rsyncd

/etc/conf.d/slapd

/etc/conf.d/sshd

/etc/conf.d/strelaysrv

/etc/conf.d/swap

/etc/conf.d/syncthing

/etc/conf.d/sysklogd

/etc/conf.d/twistd

/etc/conf.d/udev

/etc/conf.d/udev-settle

/etc/conf.d/udev-trigger

/etc/conf.d/urandom

/etc/conf.d/wpa_supplicant

/etc/conf.d/xdm

```

Thank you again!

----------

## vcmota

I just found this out, where is stated:

 *Quote:*   

> 
> 
> /etc/conf.d/net 
> 
> This file is not created by default; it is created by the system administrator. Its should configuration information for each network interface to be managed by netifrc (details on content can be found below).
> ...

 

So I guess that answer my second question.

----------

## cboldt

You may also want to look at   /usr/share/doc/netifrc-*/net.example.bz2

----------

## Hu

 *vcmota wrote:*   

> 
> 
> ```
> mossadegh ~ # ls -l /etc/conf.d/* | awk '{print $9}'
> ```
> ...

 This could be written more simply as ls -1 /etc/conf.d/* if you only want the names and no supporting information.

----------

## vcmota

Thank you all for your replies. 

I did not solved it yet. I wrote /etc/conf.d/net like this:

```

vinicius@mossadegh ~ $ cat /etc/conf.d/net

#manually inserted by myself in order to use NORDVPN DNS servers

dns_search_lo="162.242.211.137 78.46.223.24"

config_eth0="dhcp"

dhcp_eth0="nodns nontp"

```

and after reestart nothing changes, I still have /etc/resolv.conf with other DNS servers:

```

vinicius@mossadegh ~ $ cat /etc/resolv.conf

# Generated by dhcpcd from wlp8s0.dhcp, wlp8s0.dhcp6, wlp8s0.ra

# /etc/resolv.conf.head can replace this line

domain vta.virtua.com.br

nameserver 187.36.192.38

nameserver 187.36.192.43

nameserver 2804:14d:ae10:672:187:36:192:24

nameserver 2804:14d:ae10:672:187:36:192:19

# /etc/resolv.conf.tail can replace this line

```

But I read in "net.example" this:

 *Quote:*   

> 
> 
> # Setting name/domain server causes /etc/resolv.conf to be overwritten
> 
> # Note that if DHCP is used, and you want this to take precedence then
> ...

 

But how to do that "Note that if DHCP is used, and you want this to take precedence then please put -R in your dhcpcd options" ? It feels as another basic question but how to pass a flag into something that does not run from the command line, that is already running as a service?

----------

## vcmota

It is a little worse, there is no -R flag in the dhcpcd documentation, there is -r, which does not seams to be it:

```

-r, --request [address]

             Request the address in the DHCP DISCOVER message.  There is no guarantee this is the address the DHCP server will actually give.  If no address is given then the first address currently

             assigned to the interface is used.

```

----------

## cboldt

No idea about the -R mystery.  That option also appears in /lib/netifrc/net/dhcpcd.sh

I think figuring out that mystery isn't relevant for resolving the issue

Your "dns_search" specifies the "lo" interface, not the "eth0" interface.

----------

## vcmota

I did It, after a whole day! And I am happy, I must say...

I was trying to delete the /etc/resolv.conf file and, strangely, not even as root the system was allowing me to do it. I was trying to delete because I was suspecting that the default behavior of the system was not overwrite /etc/resolv.conf in case it was already written... Anyway, the system was not allowing me to delete it no matter what, not even as root, and that was sounding strange. But that remind me that the first failed setup that the nordvpn tech guy gave me was 1) eliminating ipv6 by editing some config file (cant remember now which one), 2) write the nordvpn servers IP into /etc/resolv.conf and 3) chattr +i /etc/resolv.conf. Well, that last command was the source of all evil: /etc/resolv.conf became undeletable, unwritable, etc.. So nothing that I tried after that would work, period. I was condemned to be stuck on this forever if I had not remembered this. So, than I just did "chattr -i /etc/resolv.conf; rm -fr /etc/resolv.conf" and, following the default instructions that are written in /etc/resolv.conf itself, I just wrote the IPs of the DNS servers of nordvpn into /etc/resolv.conf.head. Note that this is exactly the instruction given here for PIA access, and that I have tried without success several times after chattr +i... So after rebooting voila! I have now:

```

vinicius@mossadegh ~ $ cat /etc/resolv.conf

# Generated by dhcpcd from wlp8s0.dhcp

nameserver 162.242.211.137

nameserver 78.46.223.24

domain vta.virtua.com.br

nameserver 187.36.192.38

nameserver 187.36.192.43

# /etc/resolv.conf.tail can replace this line

```

and the VPN service works flawlessly via openvpn. I dont know why the tech guy gave me that instruction though, I suspect that may be important for the default setup for some big distro like Ubuntu or Mint, but for Gentoo was simply hell.

Thank you guys again for your help!

----------

## cboldt

Good to know there are people recommending `chattr +i` on /etc/resolv.conf

Add to troubleshooting, to ask people to report the results of `stat /etc/resolv.conf`

There is another recently active thread running here where the poster was applying `chattr +i  /etc/resolv.conf`

Edit to add, applying the immutable property to a hard-coded file is a kludge against that file being later manipulated by the ordinary tools.  It's a brute force way to defeat normal operation.

----------

## vcmota

 *Quote:*   

> 
> 
> Add to troubleshooting, to ask people to report the results of `stat /etc/resolv.conf` 
> 
> 

 

If I correctly understood what you said, you are suggesting that I may edit a gentoo documentation page? But how do I do that? I didn't even knew that regular users could do that...

----------

## NeddySeagoon

vcmota,

The wiki is open to all to edit. You need to create an account.

The handbook and project pages are protected but you can edit the talk pages there.

----------

## vcmota

I just did it. Please take a look here. Thank you all again!

----------

## UberLord

Another way of managing this by using a resolvconf tool like openresolv.

When combined with a powerful resolver such as unbound or dnsmasq. this has the added bonus of openresolv configuring the resolver to forward VPN domains to the VPN nameservers and the rest to your non VPN nameservers.

This is very handy for mobile clients or any client that doesn't want to resolve public addresses via the VPN connection.

https://roy.marples.name/projects/openresolv

----------

## vcmota

Thank you UberLord for your reply. I have a very basic knowledge about network configurations, so please if you don't mind can you explain why the set up you mention below

 *Quote:*   

> 
> 
> or any client that doesn't want to resolve public addresses via the VPN connection.
> 
> 

 

would be advantageous? thank you again.

----------

## Hu

DNS servers can, at the discretion of their operator, log what resolution requests they receive and what client sent those requests.  Cross-referencing that with VPN logs would let the operator learn specifically which user was resolving a given host.  If you resolve hosts you do not want the VPN operator to know about at all, then you need both to avoid routing that traffic over the VPN and to avoid routing the resolution request to the VPN-provided nameserver.  You might want this level of privacy if you were browsing job posting sites (with the intent of finding a new job), competitors' web sites, or anything else you do not want corporate IT to know about.The VPN-provided nameservers might be substantially slower than your regular nameserver.  Modern web browsing requires a disgusting number of DNS resolutions for some sites to load all the supporting resources, and if each resolution cost 500ms due to VPN latency, non-parallel lookups will add up quickly into very noticeable delays.

----------

