Something repeatedly puts old nameservers into `resolv.conf`

nh2 · July 31, 2022, 7:41pm

After I use Android thethering to give Internet to my NixOS 22.05 laptop, sometimes (certainly after suspend/resume), something keeps generating the phone as nameservers into /etc/resolv.conf, even though the phone has been detached for days:

# Generated by resolvconf
nameserver 192.168.110.175          # <- the phone
nameserver 192.168.1.1              # <- my real wifi nameserver
nameserver 2001:1620:2777:1::10     # <- more stuff from the phone
nameserver 2001:1620:2777:2::20     # <- more stuff from the phone
options edns0

Because the “bad” nameserver is first, it makes all my network connections hang on the DNS queries for many seconds, making browsing and SSHing a total pain.

Only rebooting fixes it.

Any idea where this information could get stuck?

I’m using nm-applet which uses wpa-supplicant for the Wifi.

nh2 · July 31, 2022, 9:24pm

I can also reliably trigger the problem by switching between my two wifi networks (2.4 GHz and 5 GHz) in nm-applet.

For both, the settings are set to Automatic (DHCP) and no custom nameservers are defined in the NetworkManager GUI.

Where could this info be lingering?

Atemu · August 1, 2022, 12:32pm

Which resolver daemon are you using?

If it’s any other than systemd-resolved, is systemd-resolved still running?

nh2 · August 4, 2022, 2:01am

No, systemd-resolved is not running, and as far as I can tell, services.resolved.enable defaults to false.

I don’t think any resolver is running; doesn’t network-manager just update /etc/resolv.conf directly?

nh2 · September 13, 2022, 10:52am

It’s getting evermore absurd. When USB-tethering to the Android, today it inserts the following, of which only the last nameserver actually pings:

# Generated by resolvconf
nameserver 192.168.20.251
nameserver 192.168.224.86
nameserver 192.168.12.6
nameserver 192.168.228.10
nameserver 192.168.181.220
options edns0

Solene · September 13, 2022, 11:17am

It seems the default resolver with network manager is dnsmasq, which is pretty bad (and have many CVE with super high scores)

I’d suggest using systemd-resolved which handle that kind of situation A LOT BETTER

  networking.networkmanager.dns = "systemd-resolved";
  services.resolved.enable = true;

nh2 · September 14, 2022, 11:15am

There is no dnsmasq running on my system, neither is systemd-resolved.