0

Case of an Amazon EC2 Fedora 23 instance.

The file /etc/resolv.conf which determines how DNS lookups are performed by glibc resolver (see man resolv), looks as follows:

; generated by /usr/sbin/dhclient-script
search eu-west-1.compute.internal club
nameserver 172.31.0.2
  • The nameserver 172.31.0.2 line points to the EC2-provided "DNS cache" on my private virtual local network, which is fine.
  • The search line is bothersome because it instructs the resolver to try to resolve X.eu-west-1.compute.internal and X.club when it is being asked to resolve X. The eu-west-1.compute.internal domain comes from the fact that this is the suffix of the internally-used hostname: Looking up anything in that domain is pointless. The club domain comes from the fact that this is the suffix of the externally-used hostname: Looking up anything in that domain is pointless and possibly a security problem.

So I want to get rid of the search line.

Doing this elegantly apparently demands that I tell /usr/sbin/dhclient-script (see man dhclient-script) to not set it up in the first place.

A look at said script shows that I might modify it and comment out the bash function eventually_add_hostnames_domain_to_search or the calls to it, but is there a better way (some configuration option somewhere)?

David Tonhofer
  • 960
  • 1
  • 10
  • 31

1 Answers1

1

you can set PEERDNS=no in the relevant /etc/syscofig/network-scripts/ifcfg-* file which will stop dhclient from changing /etc/resolv.conf.

Once you've done that you can configure /etc/resolv.conf however you like.

user9517
  • 115,471
  • 20
  • 215
  • 297