Code: https://www.orwell1984.today/Taking_control_of_DNS_for_Linux_users_part1.pdf http://ukp5un24mpxbqcpu.onion/Taking_control_of_DNS_for_Linux_users_part1.pdf
resolv.conf is generated automatically even on more static OSes like OpenBSD without connection managers. I would prefer configuring dhclient or similar software (whatever you're using) to generate expected resolv.conf on each boot. I also prefer one, local caching, recursive nameserver in resolv.conf on localhost (I use unbound) and then specify multiple DNS servers inside its config file. Overall I think it is reasonable guide, because there are a little ways to configure OS to do the same thing.
Yea. The only thing that comes even close to universal DNS handling no matter what connection manager/dhcp client one is using is resolvconf program http://manpages.ubuntu.com/manpages/yakkety/man8/resolvconf.8.html But honestly, I think it feels just so messy. Why can't Linux itself (aka /etc/resolv.conf) have say like extra options for preserving DNS settings? Maybe something like this: options preserve-dns And taking this thing further, if the Linux has default stub DNS resolver built-in (/etc/resolv.conf) then why not complete the package with default dhcp client builtin ? With dhcp configuring done with either /etc/resolv.conf or maybe some similar file under /etc and preferably, with anonymity profiles for dhcp clients (RFC 7844) built right in ? That would solve the messy situation of needing 3rd party dhcp clients and fighting with them to stop messing DNS setting in /etc/resolv.conf. (maybe some Glibc developer should take a look of it?) I use unbound too. It's a wonderfull little DNS server. Previously used Bind and was little sceptical (scared actually that it might be hard to setup) of the Unbound but now I love it. Part 2 will show how to setup Unbound and then some little talk about hosts files and maybe, just maybe, about opportunistic HTTP encryption (not HTTPS but plain ordinary HTTP that can be automatically upgraded to encrypted one, even over port 80 which is good thing if that is only port allowed in/out through firewall)
Updated version uploaded now. Just added mention of other /etc/resolv.conf options and little bit more how Linux firewall works.
