How to persist resolv.conf options such as rotate, timeout in CentOS?

Solution 1:

The answer can be found in the /sbin/dhclient-script:

if [ -n "${RES_OPTIONS}" ]; then
    echo "options ${RES_OPTIONS}" >> ${rscf}

But, it's not terribly obvious where you can set RES_OPTIONS to make the script pick it up - some things like the search domain can be set in the ifcfg-ethX file, but resolver options are set elsewhere. The file you want is in fact /etc/sysconfig/network. To set the relevant options, add something like this line to that file:

RES_OPTIONS="rotate timeout:1 retries:1"

That will set the timeout to 1 second, use a single retry and tell the client to rotate its resolvers per request instead of sequentially going through the list each time.

If you would like to have the changes take effect immediately, then issue a service network restart command and check out your new /etc/resolv.conf in all its glory. Here's what mine looked like when testing this out:

# cat /etc/resolv.conf 
; generated by /sbin/dhclient-script
options rotate timeout:1 retries:1

Solution 2:

The accepted answer is when using legacy networking scripts. If you use NetworkManager you might not even have /etc/sysconfig/network, and if you do it will still not be used for connections managed by NetworkManager.

If you use NetworkManager:

To add options, ex adding rotate to bond0:

nmcli con mod bond0 +ipv4.dns-options rotate

To remove that option:

nmcli con mod bond0 -ipv4.dns-options rotate

The + is good to change options too; NetworkManager is smart enough to detect existing options and update them. For example, changing the timeout value:

root@debian:~# nmcli con show bond0 |grep ipv4.dns-options
ipv4.dns-options:                       "rotate,timeout:5"
root@debian:~# nmcli con mod bond0 +ipv4.dns-options timeout:3
root@debian:~# nmcli con show bond0 |grep ipv4.dns-options
ipv4.dns-options:                       "rotate,timeout:3"

This means the value is ignored for remove and not even needed. To remove timeout:

nmcli con mod bond0 -ipv4.dns-options timeout

It will work with a timeout value too but that value will be ignored, so removing timeout:5 will also remove any other timeout value.

NB: While looking into this I came across a related bug that was fixed in network-manager v1.14.6, v1.15.2-dev and v1.16. If you encounter any issue check your network-manager version first.