How to ignore dns servers recommended by the router

Hello, I recently got a pihole set up and running and I’d like to make my computer (that runs NixOS 24.05) ignore the dns servers it receives from the router when obtaining an IP lease via dhcp.
The pihole will not have 100% uptime since I am still configuring it and at the same time testing things on the machine running it, I would like to avoid setting the pihole as a DNS server within the router.

Hi and welcome on the forum, you can configure DNS servers with networking.nameservers

Glad to be here!
I know, I do that for my pihole, setting it as my computers “primary” (first in priority) DNS server - my question was, can I somehow ignore the DNS servers routers recommend when giving an IP lease?
Concretely, i have my pihole set up in my config, with networking.nameservers, as you said, but on boot, when my computer asks the internet router for an IP, it also, besides the IP, gets DNS server IPs that it can use for queries, these are lower in priority compared to the ones set in networking.nameservers, but nonetheless get added to /etc/resolv.conf on boot - this leads to behaviour which I do not want, namely, it falling back to those DNS servers when my pihole does not work.

If you’re using networkmanager, the setting you want to use is ignore-auto-dns afaik. I did not do this declaratively yet though, maybe profile options can be used.

2 Likes

Hi.
I wasn’t using NetworkManager, but wpa_supplicant, out of comfort mainly, so I’ve changed to network manager. I’m currently having a bit of an issue - according to networkmanager’s documentation, I’ve configured it correctly, but I’m not sure how to make NixOS use the profile I’ve created. I’ll attach the relevant code-block below:

networking= {
	...
	resolvconf = {
	enable = false;
	};
	wireless.enable=false; #wpa_supplicant
	networkmanager = {
		enable = true;
		ensureProfiles.profiles = {
			wifi = {
				connection			= {
					id				=	"SSID";
					permissions		=	"";
					type			=	"wifi";
					interface-name  =	"wlp4s0";
				};
				ipv4 				= {
					method			=	"auto";
					ignore-auto-dns =	true;
				};
				wifi		= {
					mode	=	"infrastructure";
					ssid	=	"SSID";
				};
				wifi-security	= {
					auth-alg	= "open";
					key-mgmt	= "wpa-psk";
					psk 		= "PSK";
				};
			};
		};
	};
	...
};

You can check if it applied to your current connection with:

nmcli connection show $yourconnection | grep ignore-auto-dns

And to see which profiles are in use you can check with nmcli connection show --active

1 Like

It doesn’t seem to have worked:

ipv4.ignore-auto-dns:                   no
ipv6.ignore-auto-dns:                   no

The internet connection does work, though.

When using dhcpcd you need to disable the hook to update the nameserver using resolvconf:

networking.nameservers = [ "something" ];
networking.dhcpcd.extraConfig = ''
  nohook resolv.conf
'';
1 Like

That seems to have done it. Thank you!

2 Likes

Follow up:
I was bugged by the fact that the networkmanager config did not work - although turning off dhcpcd’s hook on resolv.conf did stop me getting the DNS IPs recommended by the router, the config specified in networking.networkmanager.ensureProfiles.profiles was still not being applied (as per nmcli connection show $connection ) so I started started up nmtui and found out that my profile was co-existing with a profile automatically created by NetworkManager when it connected to the wi-fi for the first time ( when the declarative config was not set up ), deleting that did the trick.
With this, I didn’t have to turn off resolvconf or the dhcpcd hook on resolv.conf, feeling like a much cleaner solution.

1 Like