4

I have recently installed Debian 8 on a network with IPv6 DHCP Enabled. /etc/resolv.conf is being overwritten by the IPv6 DHCP entires continually despite the fact that all IPv6 DHCP is disabled, autoconfiguration of IPv6 is disabled, and no dhclient process exists. If I modify the IPv6 DHCP DNS servers on the router, they are updated in short order in /etc/resolv.conf. The following are true:

  • resolvconf is not on the system
  • networkmanager is not on the system
  • autoconfiguration of IPv6 has been forcefully disabled by net.ipv6.conf.all.autoconf=0 and net.ipv6.conf.all.accept_ra=0 AND net.ipv6.conf.eth0.autoconf=0 because for some reason the first two were insufficient.
  • No dhclient process is active
  • Auditd returns the PID of some shell that instantly dies when looking for edits to resolv.conf. May need to step up my stack trace game.
  • dns-nameserver entries in /etc/network/interfaces are entirely ignored for both ipv4 and v6

I would prefer an answer that isn't "disable IPv6 entirely" though I'm getting close to that point (and suffice it to say that were this a physical machine and not a virtual one I would have thrown it out the window already).

EDIT: Note that net.ipv6.conf.all.disable_ipv6=0 in sysctl fixes this issue, but it would appear that resolv.conf now gets entirely cleared periodically, breaking DNS.

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address xx.xx.xx.xx
    netmask 255.255.255.248
    gateway xx.xx.xxx.xx
    dns-nameservers 8.8.8.8

#auto 6to4
#iface 6to4 inet6 6to4
#       local xx.xx.xxx.xx
#       dns-nameservers 2001:4860:4860::8888
Nicholas Andre
  • 53
  • 2
  • 5

3 Answers3

5

Do you have the rdnssd package installed? That runs a daemon which spawns shell scripts that certainly behave in the way you've described above.

Note that the dns-nameservers attribute on the interface only works with resolvconf.

Zanchey
  • 3,041
  • 20
  • 28
1

You could monitor things to see what process is modifying the file

https://unix.stackexchange.com/questions/99074/find-which-process-is-modifying-a-file

If desired, temporarily you can edit resolv.conf and then

chattr +i /etc/resolv.conf

To prevent anything from modifying it

Community
  • 1
Ryan Babchishin
  • 6,160
  • 2
  • 16
  • 36
  • I did end up setting the immutable bit on /etc/resolv.conf. I think this is a legitimate bug with Debian's handling of IPv6 so I'm going to pursue that avenue. – Nicholas Andre Oct 25 '15 at 23:23
1

The best way I've found to solve this "issue" is installing resolvconf package.

sudo apt-get install resolvconf

After that, /etc/resolv.conf is replaced by a symbolic link to /etc/resolvconf/run/resolv.conf that is dynamically generated by resolvconf with the info from the file /etc/network/interfaces

Note that dns-nameserver entries in /etc/network/interfaces are ignored if you don't have resolvconf package installed in your system. You can find more info about the resolvconf package info in Debian wiki documentation or using man pages.

man resolvconf
GoBo
  • 26
  • 4