Home / server / Questions / 746445
In Process
David Tonhofer
Asked: 2016-01-04 02:34:20 +0800 CST

Get rid of default "search" entry in "/etc/resolv.conf" on Amazon EC2 Fedora instance

  • 772

Case of an Amazon EC2 Fedora 23 instance.

The file /etc/resolv.conf which determines how DNS lookups are performed by glibc resolver (see man resolv), looks as follows:

; generated by /usr/sbin/dhclient-script
search eu-west-1.compute.internal club
nameserver 172.31.0.2
  • The nameserver 172.31.0.2 line points to the EC2-provided "DNS cache" on my private virtual local network, which is fine.
  • The search line is bothersome because it instructs the resolver to try to resolve X.eu-west-1.compute.internal and X.club when it is being asked to resolve X. The eu-west-1.compute.internal domain comes from the fact that this is the suffix of the internally-used hostname: Looking up anything in that domain is pointless. The club domain comes from the fact that this is the suffix of the externally-used hostname: Looking up anything in that domain is pointless and possibly a security problem.

So I want to get rid of the search line.

Doing this elegantly apparently demands that I tell /usr/sbin/dhclient-script (see man dhclient-script) to not set it up in the first place.

A look at said script shows that I might modify it and comment out the bash function eventually_add_hostnames_domain_to_search or the calls to it, but is there a better way (some configuration option somewhere)?

dhclient

1 Answers

  1. you can set PEERDNS=no in the relevant /etc/syscofig/network-scripts/ifcfg-* file which will stop dhclient from changing /etc/resolv.conf.

    Once you've done that you can configure /etc/resolv.conf however you like.

    • 1