resolveconf -u keeps adding an unwanted search domain to resolve.conf

Question

I have my desktop computer configured with a static IP address:

However, /etc/resolve.conf keeps getting overwritten with:

nameserver 127.0.0.1
search localdomain example.com

This seems to happen periodically or when I run sudo resolvconf -u.

I would really like to get example.com removed from the dns search domain list. I used to have it in there but its causing problems now. I just can't seem to get it out. I don't know where it is coming from or why it keeps getting put back. As far as I can grep, there is nothing referring to example.com anywhere in my /etc directory anymore.

What is putting this search domain into my resolv.conf file and how can I prevent it from doing so?

Whats the output of `sudo grep -rn example.com /etc/network/interfaces /etc/NetworkManager/system-connections /etc/resolvconf/` ? — heemayl, Apr 08 '16 at 18:42
It is possible that a DHCP server is providing it, but I'm not sure how to check that, nor to disable it if that is actually the case. I would already expect not be using DHCP because I have tried to configure the IP as static. — Stephen Ostermiller, Apr 08 '16 at 18:48
not sure if it is related. But, I've had a file named "hyphen" within my home directory under firefox, where it was hard linked to 127.0.0.1:. It's entirely possible that 127 has been taken over by malware. — Miphix, Apr 08 '16 at 18:51
127.0.0.1 is my expected DNS server in this case. I'm running `dnsmasq` locally so that I can hardcode names for the machines on the local network and share them with my laptop. — Stephen Ostermiller, Apr 08 '16 at 18:54
have you checked your logs, or debugged the command that's changing the file? — Miphix, Apr 08 '16 at 19:01
When I run `resolveconf -u` it doesn't add anything to the syslog that I have been able to find, nor do I know of any other log files that it might use. — Stephen Ostermiller, Apr 08 '16 at 19:07
Look in the files under /run/resolvconf/interface. The line "search example.com" or "domain example.com" probably appears in one of those files. The name of the file indicates the source of the information. — jdthood, Apr 14 '16 at 10:32
That looks promising @jdthood. ` /run/resolvconf/interface/NetworkManager` has a line in it with the incorrect information. Should I be editing that file to remove it, or do I need to reconfigure the settings for NetworkManager elsewhere? — Stephen Ostermiller, Apr 14 '16 at 10:48
Editing that file won't do any good: it's a dynamic file that gets created every time NetworkManager configures a connection. The name "example.com" has been supplied to resolvconf by NetworkManager. So you just have to figure out where NetworkManager is getting it from. ;) — jdthood, Apr 14 '16 at 20:45
@StephenOstermiller Regarding "It is possible that a DHCP server is providing it, but I'm not sure how to check that" -- `nmcli --terse connection show ` includes what's in the `.nmconnection` file plus what comes back from the DHCP server. — Samuel Harmer, Feb 07 '20 at 09:31

score 3 · Answer 1 · answered Oct 09 '17 at 01:36

For ipv4, @stalet's suggestion to edit /etc/dhcp/dhclient.conf should work; also try removing domain-search and domain-name from the request. Verify the settings worked in /var/lib/NetworkManager/dhclient-[connection-uuid]-[ifname].lease.

However, the unwanted search domain may be coming from the ipv6 dhcp server, as I found on 16.04/Xenial. If NetworkManager's dhclient -6 command succeeds and the dhcp server sets search domains, NetworkManager will merge those into the ipv4 search domain list.

A simple way to fix this on a connection-by-connection basis is to configure the connection's ipv6 settings to "Method: Automatic, addresses only" or even "Method: Ignore".

Setting this for each connection could become annoying, and I looked pretty hard but couldn't find a way to fix this globally. Adding supersede dhcp6.domain-search to and removing request dhcp6.domain-search from /etc/dhcp/dhclient.conf doesn't seem to help. Also, copying that file to /etc/dhcp/dhclient6.conf caused NetworkManager to correctly template it to /var/lib/NetworkManager/dhclient6-[ifname].conf, but NetworkManager insists on adding also request dhcp6.domain-search;, and the unwanted search domain is still added.

just removing `domain-name` from the request then doing `ifdown eth0 && ifup eth0` worked for me on amazon EC2 — dw1, Nov 03 '18 at 17:29

score 2 · Answer 2 · answered Apr 19 '16 at 11:05

2

The search content is provided by dhcp, and can be overridden in /etc/dhcp/dhclient.conf by supersede these variables with empty values.

Add these lines at the bottom of the /etc/dhcp/dhclient.conf

supersede domain-name "";
supersede domain-search "";
supersede search "";

To make the change affect your system you can reconnect to your network or just restart the network-manager service.

sudo service network-manager restart

answered Apr 19 '16 at 11:05

stalet

589
4
13

2

Even after following those instructions, `example.com` remains in the `search` section of `/etc/resolve.conf`. – Stephen Ostermiller Mar 27 '17 at 13:27
Same. In my case I've tried to add search entries with prepend/append search and this had no effect on it. – Dan M. Jul 16 '21 at 14:58

score 0 · Answer 3 · answered Nov 08 '17 at 00:05

0

I saw an update to resolveconf 1.78ubuntu5 today (https://launchpad.net/ubuntu/xenial/+source/resolvconf/+changelog), referencing this Launchpad bug, https://bugs.launchpad.net/maas/+bug/1711760. Perhaps this issue is resolved now?

answered Nov 08 '17 at 00:05

jdpipe

749
8
21

resolveconf -u keeps adding an unwanted search domain to resolve.conf

3 Answers3