Remove EC2's entry from resolv.conf

Question

I have private DNS servers and I want to write them to resolv.conf with resolvconf on Debian on AWS/EC2. There is a problem in the order of nameserver entries. In my resolv.conf, EC2's default nameserver is always written at first line like so:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#    DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 172.16.0.23
nameserver 10.0.1.185
nameserver 10.100.0.130
search ap-northeast-1.compute.internal

172.16.0.23 is EC2's default nameserver and others are mine.

How to remove EC2 entry? Or, how to move EC2 entry to third?

Here I have an interface file:

% ls -l /etc/resolvconf/run/interface/
-rw-r--r-- 1 root root  62 Jun  7 23:35 eth0

It seems that the file eth0 is automatically generated by dhcp so can't remove it permanently.

% cat /etc/resolvconf/run/interface/eth0
search ap-northeast-1.compute.internal
nameserver 172.16.0.23

My private DNS entry is here:

% cat /etc/resolvconf/resolv.conf.d/base
nameserver 10.0.1.185
nameserver 10.100.0.130

Please help.

Answer 1

I think I just solved a very similar problem. I was bothered by Amazon EC2's crappy internal DNS servers so I wanted to run a local caching dnsmasq daemon and use that in /etc/resolv.conf. At first I just did echo nameserver 127.0.0.1 > /etc/resolv.conf but then I realized that my change would eventually be overwritten by the DHCP client after a reboot or DHCP lease refresh.

What I've now done instead is to edit /etc/dhcp3/dhclient.conf and uncomment the line prepend domain-name-servers 127.0.0.1;. You should be able to use the prepend directive in a very similar way.

Update: These instructions are based on Ubuntu Linux but I imagine the general concept applies on other systems as well, even other DHCP clients must have similar configuration options.

Answer 2

I'm approaching this problem from the other direction (wanting the internal nameservers), much of what I've learned may be of interest.

There are several options to control name resolution in the VPC management console.

VPC -> DHCP option sets -> Create dhcp option set

You can specify your own name servers there. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html Be sure to attach this dhcp option set to your VPC to get it to take effect.

Alternatively (I found this out by mistake) local dns servers are not set if the following settings are disabled in VPC settings:

DnsHostnames

and

DnsSupport

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html

Settings can also be overridden locally (which you'll notice if you move instances between vpcs). /etc/dhcp/dhclient.conf

The following line might be of interest:

prepend domain-name-servers

Changes, of course, take effect on dhclient start.

Answer 3

How do I assign a static DNS server to a private Amazon EC2 instance running Ubuntu, RHEL, or Amazon Linux?

Short Description

Default behavior for an EC2 instance associated with a virtual private cloud (VPC) is to request a DNS server address at startup using the Dynamic Host Configuration Protocol (DHCP). The VPC responds to DHCP requests with the address of an internal DNS server. The DNS server addresses returned in the DHCP response are written to the local /etc/resolv.conf file and are used for DNS name resolution requests. Any manual modifications to the resolv.conf file are overwritten when the instance is restarted.

Resolution

To configure an EC2 instance running Linux to use static DNS server entries, use a text editor such as vim to edit the file /etc/dhcp/dhclient.conf and add the following line to the end of the file:

supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;

Ubuntu - dhclient.conf - DHCP client configuration file 

The supersede statement

supersede [ option declaration ] ;

If for some option the client should always  use  a  locally-configured  value  or  values
rather  than  whatever  is  supplied  by  the  server,  these values can be defined in the
supersede statement.

The prepend statement

prepend [ option declaration ] ;

If for some set of options the client should use a value you  supply,  and  then  use  the
values  supplied  by  the  server,  if  any,  these  values  can be defined in the prepend
statement.  The prepend statement can only be used for options which allow more  than  one
value  to  be  given.   This restriction is not enforced - if you ignore it, the behaviour
will be unpredictable.

The append statement

append [ option declaration ] ;

If for some set of options the client should first use the values supplied by the  server,
if  any,  and  then  use  values  you  supply,  these  values can be defined in the append
statement.  The append statement can only be used for options which allow  more  than  one
value  to  be  given.   This restriction is not enforced - if you ignore it, the behaviour
will be unpredictable.

Answer 4

In here someone come with solution that basically replaces the file on boot using rc.local

https://forums.aws.amazon.com/thread.jspa?threadID=74497

1. Edit /etc/sysconfig/network-scripts/ifcfg-eth0 to say PEERDNS=no
2. Create a file called /etc/resolv.backup with what you want
3. Add the following 2 lines to /etc/rc.local:

rm -f /etc/resolv.conf cp /etc/resolv.backup /etc/resolv.conf

Answer 5

This is what we are doing for our servers in the environment.

interface "eth0"
{
 prepend domain-name-servers 10.x.x.x;
 supersede host-name "{Hostname}";
 append domain-search "domain";
 supersede domain-name "DOMAIN";
}

Hope this helps.

Answer 6

The following worked in a Debian stretch on AWS EC2.

Just create /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate:

#!/bin/sh
make_resolv_conf(){
        :
}

Then you can modify /etc/resolv.conf and it will persist your changes across restarts.

Answer 7

Setup in crontab as

@reboot cp -r /home/.../resolv.conf /etc/resolv.conf