Issue #4391: prevent dhcp from overwriting resolv.conf - freeipa

freeipa

#4391 prevent dhcp from overwriting resolv.conf

Closed: Invalid None Opened 9 years ago by rmeggins.

If installing IPA in a DHCP environment, where the DHCP server sets the IPA IP address, and IPA is installed with --setup-dns --forwarder=IP_OF_DHCP_SERVER, if the machine is rebooted, dhclient and/or NetworkManager will overwrite /etc/resolv.conf, which will cause many mysterious problems.

In order to prevent this, you have to do the following after ipa-server|replica-install:

# cat >> /etc/dhcp/dhclient-enter-hooks <<EOF
make_resolv_conf() {
    :
    # skip when using IPA
}
EOF
# chmod +x /etc/dhcp/dhclient-enter-hooks

AND

# edit /etc/NetworkManager/NetworkManager.conf
# add dns=none to the [main] section

I think there should be an option when installing IPA with --setup-dns to do this automatically. I'm willing to be convinced that this is purely a doc issue, but the problems this causes are really annoying and hard to diagnose.

rmeggins commented 9 years ago

Here is the above with correct formatting:

# cat >> /etc/dhcp/dhclient-enter-hooks <<EOF
make_resolv_conf() {
    :
    # skip when using IPA
}
EOF
# chmod +x /etc/dhcp/dhclient-enter-hooks

AND

# edit /etc/NetworkManager/NetworkManager.conf
# add dns=none to the [main] section

mkosek commented 9 years ago

Triage discussion:

rcrit: I believe we document that the IPA server should have a static IP but I don't know if we state that this static IP should not come from DHCP, or the possible repercussions if it does.
D.P. 4.2. It will become a more important issue when we focus on the automated deployment.

mkosek commented 8 years ago

Processing leftovers from 4.2 backlog - this ticket was found as suitable for consideration in next big feature release - 4.4.

pspacek commented 8 years ago

Overwriting resolv.conf should not break anyone's DNS. If it does, then he already has broken configuration in some way.

Also, the proposed fix is very specific to internal implementation details of
current NetworkManager-DHCP integration and will not work in containers (with networkd)
and in later Fedoras (with resolv.conf managed by dnssec-trigger daemon).

For these reasons it seems that FreeIPA is not the right place to fix it.

Metadata Update from @rmeggins:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.4 Backlog

7 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.4 Backlog

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Installation

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

todo

tester

None

changelog

None

design

None

freeipa

Source Code

#4391 prevent dhcp from overwriting resolv.conf Closed: Invalid None Opened 9 years ago by rmeggins.

Metadata

#4391 prevent dhcp from overwriting resolv.conf

Closed: Invalid None Opened 9 years ago by rmeggins.