Something repeatedly puts old nameservers into `resolv.conf`

After I use Android thethering to give Internet to my NixOS 22.05 laptop, sometimes (certainly after suspend/resume), something keeps generating the phone as nameservers into /etc/resolv.conf, even though the phone has been detached for days:

# Generated by resolvconf
nameserver          # <- the phone
nameserver              # <- my real wifi nameserver
nameserver 2001:1620:2777:1::10     # <- more stuff from the phone
nameserver 2001:1620:2777:2::20     # <- more stuff from the phone
options edns0

Because the “bad” nameserver is first, it makes all my network connections hang on the DNS queries for many seconds, making browsing and SSHing a total pain.

Only rebooting fixes it.

Any idea where this information could get stuck?

I’m using nm-applet which uses wpa-supplicant for the Wifi.


I can also reliably trigger the problem by switching between my two wifi networks (2.4 GHz and 5 GHz) in nm-applet.

For both, the settings are set to Automatic (DHCP) and no custom nameservers are defined in the NetworkManager GUI.

Where could this info be lingering?

Which resolver daemon are you using?

If it’s any other than systemd-resolved, is systemd-resolved still running?

No, systemd-resolved is not running, and as far as I can tell, services.resolved.enable defaults to false.

I don’t think any resolver is running; doesn’t network-manager just update /etc/resolv.conf directly?

It’s getting evermore absurd. When USB-tethering to the Android, today it inserts the following, of which only the last nameserver actually pings:

# Generated by resolvconf
options edns0

It seems the default resolver with network manager is dnsmasq, which is pretty bad (and have many CVE with super high scores)

I’d suggest using systemd-resolved which handle that kind of situation A LOT BETTER

  networking.networkmanager.dns = "systemd-resolved";
  services.resolved.enable = true;
1 Like

There is no dnsmasq running on my system, neither is systemd-resolved.