events freebsd labs

Using resolvconf.conf to Tweak resolv.conf

Abstract

FreeBSD 9.1, when a DHCP client, uses resolvconf to construct /etc/resolv.conf (which defines the DNS nameservers to query); however, this may be undesired behavior, especially when already running a local nameserver—The local nameserver will be ignored; the local domain won’t be searched; the reverse-lookups for RFC 1918 networks (e.g. 10.0.0.0/8) will fail or timeout.

This blog post describes a technique to override the DHCP-distributed DNS information with local information.

Problem Description

The original /etc/resolv.conf on the FreeBSD machine:

search nono.com
nameserver 127.0.0.1

This had the following advantages:

  • Hostnames were searched for within the nono.com domain. For example, when attempting to connect to the printer hp1536, one didn’t need an FQDN (i.e. hp1536.nono.com).
  • Reverse-lookups worked properly: arp -a, displayed the correct hostnames instead of uninformative question marks (“?”).

After configuring the FreeBSD machine as a DHCP client on the Comcast network, /etc/resolv.conf was overwritten:

# Generated by resolvconf
search hsd1.ca.comcast.net.
nameserver 75.75.75.75
nameserver 75.75.76.76

Comcast had configured a reasonable default domain to search, i.e. hsd1.ca.comcast.net., but that is unhelpful for the minority who have set up their own domains. Comcast also gave a reasonable set of nameservers to query, but similarly that is unhelpful for the minority who have set up RFC 1918 zones (e.g. 10.in-addr.arpa) (i.e. arp -a shows question marks, not hostnames).

The Fix

The fix is to configure resolvconf(8) to use the local search domain and nameservers before querying the DHCP-supplied search domains and nameservers. That is accomplished by creating /etc/resolvconf.conf:

search_domains="nono.com"
name_servers="127.0.0.1"

Now make sure that your configuration file is good by running resolvconf to update /etc/resolv.conf:

sudo resolvconf -u

Your new /etc/resolv.conf file should look something like the following:

# Generated by resolvconf
search nono.com hsd1.ca.comcast.net.
nameserver 127.0.0.1
nameserver 75.75.75.75
nameserver 75.75.76.76

Admittedly, the Comcast-supplied directives are still there, but we don’t care—our nameserver is queried first, our domain is searched first.

These overrides are persistent. When you reboot your machine, /etc/resolv.conf will be configured with your nameserver first and your search domain first.

Related Articles