# User specified nameserver setup



## Deleted member 9563 (Feb 9, 2015)

I want to have a different DNS entry on a couple of machines on the lan, but can't figure out how to best do that now. Since the recent switch to  `resolvconf`, the wiki and other information out there is deprecated and I can't seem to find any resolvconf.conf examples for my situation. I guess I could make /etc/resolv.conf unreadable, but that just seems wrong. I would appreciate a little help, and perhaps an example of how to put something like 8.8.8.8 in resolvconf.conf, (or a link to such examples.)


----------



## protocelt (Feb 9, 2015)

Here is an example I use for resolv.conf on one of my machines:

```
search MATRIX
nameserver 208.67.220.220
nameserver 4.2.2.1
nameserver 8.8.8.8
```
If you are using DHCP to get an IP address on the machine, also keep in mind your resolv.conf file will be clobbered... err... altered on each reboot by dhclient(8). To keep dhclient's greedy hands off your resolv.conf file, create a file named dhclient-enter-hooks in /etc and append the following code to it:

```
add_new_resolv_conf() {
      return 0
}
```
Please see dhclient-script(8) for more information.


----------



## Deleted member 9563 (Feb 9, 2015)

I'll try that, just in case I'm not understanding. However, I'm using a static address and from what I've read, newer systems are controlled by `resolvconf` which is what overwrites /etc/resolv.conf. It's all changed from what it was in the old days when we could use resolv.conf, which is what I'm used to.

Edit to add: No, it didn't work. I think I still need to edit /etc/resolvconf.conf.


----------



## junovitch@ (Feb 9, 2015)

There is an easier way than dhclient-scripts(8) in /etc/dhclient.conf.  Here is an example I use on my router to ignore DNS server information from my ISP and allow me to use Unbound on the host. See dhclient.conf(5) for more.

```
interface "em3"
{
  supersede domain-name "my.localdomain.com";
  supersede domain-name-servers 127.0.0.1;
}
```

If you are using a static address then you don't need that.  Just put the entries in /etc/resolv.conf.  There is a script that runs resolvconf(8) on its own, /etc/rc.d/resolv, however I doubt that is running.  You can try running it manually to see if the variable it is looking to be defined actually is.  It shouldn't be if you have a static address.


----------



## Deleted member 9563 (Feb 10, 2015)

Thanks junovitch. I am indeed using a static address. And yes, the script /etc/rc.d/resolv does not overwrite the /etc/resolv.conf file. It appears to be `resolvconf` which is overwriting the /etc/resolv.conf file because this is what it says:

```
# Generated by resolvconf
nameserver 2002:a1e:b23:1::1
```
It is always overwritten to say that. Perhaps I should just delete `/sbin/resolvconf`, but it seems to me that I can't be the only one using a static address and who wants to manually specify name servers.

BTW: your idea of of using `unbound` is what I had planned to do next, but wanted to get resolv.conf working "normally" first since I felt that choosing a nameserver would likely not be deprecated in FreeBSD 10.1-RELEASE and that the default install was probably not in error here. I'm assuming that I'm just not understanding the new way, which according to the handbook seems to be to use resolvconf.conf.

Anyway, judging from the replies I've gotten, I'm starting to think that I'm either not understanding something fundamental here, or that I'm not asking the question properly. I had thought that the idea of editing resolv.conf by hand like I used to do in older FreeBSD versions would still be a fairly common thing to do.


----------



## Deleted member 9563 (Feb 10, 2015)

protocelt said:


> Here is an example I use for resolv.conf on one of my machines:
> 
> ```
> search MATRIX
> ...


Is that on 10.1? How were you able to do that? I'd love to be able to do that too, (just like I did in 9.1)


----------



## junovitch@ (Feb 10, 2015)

You're using a static address but what about IPv6?  The IPv6 in resolv.conf might be the give away.  It looks like in rtsold(8) that resolvconf(8) will get called.  I would have to look at the man page closer but a quick glance over it and I don't see an obvious way to ignore that information.  Take a look at the man page.  If you turn off IPv6 then nothing should be around to update your resolv.conf and it should keep the settings to put there.


----------



## jrm@ (Feb 10, 2015)

I think what you want is 
	
	



```
resolv_conf="/dev/null"
```
 in /etc/resolvconf.conf.

In case it's helpful, here is my configuration.  I use dns/dnscrypt-proxy with local_unbound, but I get my IP via DHCP, so you will have to make adjustments.

This is what I have in /etc/resolvconf.conf.

```
resolv_conf="/dev/null" # prevent updating /etc/resolv.conf
#unbound_conf="/var/unbound/forward.conf"
unbound_pid="/var/run/local_unbound.pid"
unbound_service="local_unbound"
unbound_restart="service local_unbound reload"
```

Here are the relevant bits from /etc/rc.conf.

```
dnscrypt_proxy_enable="YES"
dnscrypt_proxy_flags="-a 127.0.0.2"
ifconfig_lo0_alias0="inet 127.0.0.2 netmask 0xffffffff"
local_unbound_enable="YES"
```

Here is /etc/dhclient.conf.

```
supersede domain-name "mydomain.com";
supersede domain-name-servers 127.0.0.1;
```

Here is /etc/resolv.conf.

```
search mydomain.com otherdomain.org
nameserver 127.0.0.1 
options edns0
```

ADDED:

Here is /var/unbound/unbond.conf

```
server:
    #auto-trust-anchor-file: /var/unbound/root.key
    directory: /var/unbound
    do-not-query-localhost: no
    chroot: /var/unbound
        pidfile: /var/run/local_unbound.pid
        username: unbound
    use-syslog: yes
    verbosity: 1

include: /var/unbound/forward.conf
include: /var/unbound/lan-zones.conf
include: /var/unbound/conf.d/*.conf
```

and /var/unbound/forward.conf

```
forward-zone:
    name: "."
    forward-addr: 127.0.0.2@53
```

Looking back a few months after having set all this up, it seems much more complicated now.  I recall some of these files being generated, but I forget the details at the moment.  If I find any notes, I'll clarify a little more.


----------



## Deleted member 9563 (Feb 10, 2015)

jrm said:


> I think what you want is
> 
> 
> 
> ...



That is exactly what I was looking for. I checked it and it works. Thanks.

So that's the solution to my immediate problem. I'll look into the rest later. I'm not sure about the value of dnscrypt for me at this time, but unbound will be useful and it's up next.


----------



## Deleted member 9563 (Feb 10, 2015)

junovitch said:


> You're using a static address but what about IPv6?  The IPv6 in resolv.conf might be the give away.



That's a good observation. I do want IPv6 enabled, but that could be what's doing it here. You've got me looking closer at that. Thanks.


----------



## protocelt (Feb 12, 2015)

OJ said:


> I'll try that, just in case I'm not understanding. However, I'm using a static address and from what I've read, newer systems are controlled by `resolvconf` which is what overwrites /etc/resolv.conf. It's all changed from what it was in the old days when we could use resolv.conf, which is what I'm used to.
> 
> Edit to add: No, it didn't work. I think I still need to edit /etc/resolvconf.conf.


My apologies OJ. I wasn't aware you were using IPV6 at the time I replied.



junovitch said:


> There is an easier way than dhclient-scripts(8) in /etc/dhclient.conf.  Here is an example I use on my router to ignore DNS server information from my ISP and allow me to use Unbound on the host. See dhclient.conf(5) for more.
> 
> ```
> interface "em3"
> ...


I wasn't aware of being able to do it this way. Thanks for posting this.


----------

