Removing all domains from Network Manager DNS Search List
I'm trying to remove all values from the domain search list that's generated by the network manager. However I cannot get it to provide a blank list. I have tried using "ignore-auto-dns but the domain is still present. Are there any other commands that I can issue to remove all domains from the list?
I have also tried the following:
nmcli con mod "System eth0" ipv4.dns-search "" and
nmcli con mod "System eth0" ipv4.dns-search ".", but neither would remove search c.project.internal from /etc/resolv.conf
[[email protected]:/home] $ nmcli con mod "System eth0" ipv4.ignore-auto-dns no
[[email protected]:/home] $ nmcli con down "System eth0" && nmcli con up "System eth0"
Connection 'System eth0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[[email protected]:/home] $ nmcli device show eth0
GENERAL.DEVICE: eth0
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 42:01:0A:F8:06:9A
GENERAL.MTU: 1460
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: System eth0
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/2
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 10.248.6.154/32
IP4.GATEWAY: 10.248.0.1
IP4.ROUTE[1]: dst = 10.248.0.1/32, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 10.248.0.1, mt = 100
IP4.ROUTE[3]: dst = 10.248.6.154/32, nh = 0.0.0.0, mt = 100
IP4.DNS[1]: 10.248.253.253
IP4.DNS[2]: 10.248.254.254
IP4.DNS[3]: 169.254.169.254
IP4.DOMAIN[1]: c.project.internal
IP6.ADDRESS[1]: fe80::4001:aff:fef8:69a/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 100
IP6.ROUTE[2]: dst = ff00::/8, nh = ::, mt = 256, table=255
[[email protected]:/home] $ cat /etc/resolv.conf
# Generated by NetworkManager
search c.project.internal google.internal
nameserver 10.248.253.253
nameserver 10.248.254.254
nameserver 169.254.169.254
[[email protected]:/home] $ nmcli con mod "System eth0" ipv4.ignore-auto-dns yes
[[email protected]:/home] $ nmcli con down "System eth0" && nmcli con up "System eth0"
Connection 'System eth0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[[email protected]:/home] $ nmcli device show eth0
GENERAL.DEVICE: eth0
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 42:01:0A:F8:06:9A
GENERAL.MTU: 1460
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: System eth0
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/3
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 10.248.6.154/32
IP4.GATEWAY: 10.248.0.1
IP4.ROUTE[1]: dst = 10.248.0.1/32, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 10.248.0.1, mt = 100
IP4.ROUTE[3]: dst = 10.248.6.154/32, nh = 0.0.0.0, mt = 100
IP4.DNS[1]: 10.248.253.253
IP4.DNS[2]: 10.248.254.254
IP6.ADDRESS[1]: fe80::4001:aff:fef8:69a/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 100
IP6.ROUTE[2]: dst = ff00::/8, nh = ::, mt = 256, table=255
[[email protected]:/home] $ cat /etc/resolv.conf
# Generated by NetworkManager
search c.project.internal
nameserver 10.248.253.253
nameserver 10.248.254.254
The above example shows that ignore-auto-dns is in fact ignoring the domain passd from DHCP, but the network manager is still getting a domain from somewhere.
Solution 1:
I assume that you want to "remove all values from the domain search list" from /etc/resolv.conf.
Have a look at the documentation Advanced VPC concepts:
DNS server
Each instance's metadata server acts as a DNS server. It stores the DNS entries for all VPC network IP addresses in the local VPC network and calls Google's public DNS server for entries outside the VPC network. You cannot configure this DNS server. The DHCP client on each instance is configured to manage the instance's /etc/resolv.conf file.
You can add your own search domain or nameservers to the instance's
/etc/resolv.confby modifying the DHCP policy. Many Linux distributions allow these modifications to persist via/etc/dhcp/dhclient.conf. See the Internal DNS documentation for more information.
Also, have a look at the documentation Internal DNS section Internal DNS and resolv.conf:
By default, most Linux distributions store DHCP information in resolv.conf. Compute Engine instances are configured to renew DHCP leases every 24 hours. For instances that are enabled for zonal DNS, the DHCP lease expires every hour. DHCP renewal overwrites this file, undoing any changes that you might have made. Instances using zonal DNS have both zonal and global entries in the resolv.conf file.
and at the section Accessing VMs by internal DNS:
Important: Compute Engine instances receive internal DNS resolution information as part of their DHCP leases. By default, resolution of internal DNS names is handled by the instance's metadata server (169.254.169.254). If you change the name server configuration for your instance, you might not be able to use internal DNS names. Any replacement name server software must support the Local Subnet Routes feature of RFC 3442.
In addition, have a look at the documentation VPC firewall rules overview section VPC Documentation:
Google runs a local metadata server alongside each instance at 169.254.169.254. This server is essential to the operation of the instance, so the instance can access it regardless of any firewall rules you configure.
So, if you really want to change values in resolv.conf it's safer to modify the DHCP policy.