jotamartos
commented
1 year ago That's a specific question about dhclient and about how it works. You can take a look at any online guide to prevent this from happening.
Closed jazzl0ver closed 1 year ago
jotamartos
commented
1 year ago That's a specific question about dhclient and about how it works. You can take a look at any online guide to prevent this from happening.
jazzl0ver
commented
1 year ago Thanks @jotamartos . Yes, I read that guide and ended up with setting an immutable attribute to resolv.conf as a workaround. But, comparing with Amazon Linux, neither of the suggested solutions are implemented in AML and it still works correctly. I guess the dhclient-script (or its subsidiary) should compare the new settings with the old ones and avoid overwriting resolv.conf in case they didn't change.
jazzl0ver
commented
1 year ago this small patch fixes the issue. it would be great if you incorporated it:
--- dhclient-script.bak 2023-02-20 08:19:43.000000000 +0000
+++ dhclient-script 2023-07-28 15:45:31.927151674 +0000
@@ -84,7 +84,7 @@
chown --reference=$resolv_conf $new_resolv_conf
chmod --reference=$resolv_conf $new_resolv_conf
fi
- mv -f $new_resolv_conf $resolv_conf
+ diff $new_resolv_conf $resolv_conf >/dev/null || mv -f $new_resolv_conf $resolv_conf
# DHCPv6
elif [ -n "$new_dhcp6_domain_search" ] || [ -n "$new_dhcp6_name_servers" ]; then
resolv_conf=$(readlink -f "/etc/resolv.conf" 2>/dev/null) ||it overwrites /etc/resolv.conf file only if it differs from the current
jotamartos
commented
1 year ago Hi @jazzl0ver,
We do not maintain that script. It's part of the system and the packages we install during the initialization process. You should suggest this change to the upstream developers for them to validate the changes.
jazzl0ver
commented
1 year ago yeah, it's already in the upstream's bugtracker: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042464
Platform
AWS
bndiagnostic ID know more about bndiagnostic ID
a5c09fa6-3196-a428-f29f-8703d41fb40a
bndiagnostic output
doesn't relevant to this problem
bndiagnostic was not useful. Could you please tell us why?
it doesn't provide a solution for the issue described
Describe your issue as much as you can
Hi,
Due to compliance requirements we installed an agent that alerts on file integrity changes. It appears that dhclient overwrites /etc/resolv.conf every time it requests a new dhcp lease, which causes the agent to alarm. We don't have such an issue on our other systems (Amazon Linux 2). Any ideas how to fix it?