@faye 

What I meant is this -- DHCP can give you more than just DNS address. For example it can give you parameters for booting a device over the network making it install modified firmware, or make your device install static route entries which can redirect traffic for certain IP addresses or ranges to their gateways for a MITM attack, or spoof your time source thus working around time limit firewall rules, etc. It is a bit naive to trust DHCP except to provide DNS IP. If you think someone is out to get you they will just use a different method which will be less noticeable than a fake website.

 Note that I don't think that your request does not have merit. I agree that there should be ignore option.

---

@dragon2611 wrote:

also the PPP client config needs a simular option if it's not already there (I can't remember if it was).

---

This feature already exists for PPPoE at least:

[edit]
nvx@ERL# set interfaces ethernet eth2 pppoe 0 name-server
Possible completions:
  auto          Use name server entries provided by peer
  none          Do not use name server entries provided by peer

Probably worth making the dhcp client configuration have the same name for consistency.

I know that DHCP dan do all this, but it depends on what information you want to use from the DHCP, that edgemax pulls DNS with me not able to stop it is a problem. I want to use DHCP for one thing, and one thing only, getting an IP address.

My router will NOT boot from an image provided by dhcp if its not configured to do son, neither get a time source. Im not addressing all the exploits possible here, mearly wanting to have controll over what DNS my networtk uses.

And if you think that adding more DNS servers automaticly, when some already have been added manually, we just have to agree to disagree. On my side, its still wrong.

Perhaps you can get away with setting the Interface to static or no IP then calling dhclient manually with the options you desire?

I used to have to do something similar to pass Auth credentials via option 61 when my ISP was Sky

---

@faye wrote:

I know that DHCP dan do all this, but it depends on what information you want to use from the DHCP, that edgemax pulls DNS with me not able to stop it is a problem. I want to use DHCP for one thing, and one thing only, getting an IP address.

---

I think this is something we should implement, but until then the hack An-Cheng mentioned in #18 should work as a work-around.

Great that you are looking into changing this. Will try the workaround until then.

No this is not in 1.4 yet since that was already close to the end of the beta cycle, so we'll see what can be done in the next release.

If you make this change don't forget to edit the /etc/resolv.conf file to remove the ISP name servers from it. I forgot that bit on the 1.4.0 to 1.4.1 update.

---

@UBNT-ancheng wrote:

Yeah as discussed this is inherited from "upstream", and we do plan to look into making this configurable instead. For now, a possible workaround may be to change the "/sbin/dhclient-script" script (find the "make_resolv_conf()" function and add a "return" as the first line of that function). (Note that it would disable updating resolv.conf from DHCP completely, so it would not work if that is still needed of course.)

---

In version 1.5.0a1 this is supported:

interfaces {
    ethernet eth0 {
        address dhcp
        dhcp-options {
            name-server no-update
        }
    }
}

 And to show you that it works:

admin@ubnt:~$ show dhcp client leases
interface  : eth0
ip address : xx.250.214.195     [Active]
subnet mask: 255.255.255.0
router     : xx.250.214.1
name server: xx.179.104.196 xx.46.228.196
dhcp server: xx.15.43.129
lease time : 156087
last update: Sun Apr 6 06:52:10 CEST 2014
expiry     : Tue Apr 08 02:13:33 CEST 2014
reason     : BOUND

admin@ubnt:~$ cat /etc/resolv.conf
nameserver      192.168.33.6
domain		lan.local

 Good work guys!

Did something change with version 1.6? I try and get  

set interfaces ethernet eth0 address dhcp name-server no-update
The specified configuration node is not valid
Set failed

 EDIT

Never mind, i should have done this instead since my WAN is on eth1:

set interfaces ethernet eth1 dhcp-options name-server no-update

Hello everyone,

I've tried to disable the DNS configuration provided by my ISP, but everytime the connection restarts it continues to add the values of the ISP.

The command i've used is:

set interfaces ethernet eth0 dhcp-options name-server no-update

The manual DNS entries which i've set are added correctly.

My WAN interface is eth0 and i'm running v1.6.0 of the EdgeMAX firmware.

Can someone, please,  tell me what am i missing in order to prevent the auto DNS settings of my ISP?

Thank you in advance.

Regards.

@UBNT-stig Hi, thank you for the quick reply.

I'm attaching a .txt file with all the config (since it's too large for a post here) of the EdgeRouter.

Please, let me know if there is anything i can try and/or test.

Regards.

config.txt

@alfa42 looks like you're getting dns from the pppoe server not dhcp.  So try:

configure
set interfaces ethernet eth0 vif 6 pppoe 0 name-server none
commit
save
exit

disconnect interface pppoe0
connect interface pppoe0

You were right, now settings are not updated by the dhcp:

root@Magrathea:/# cat /etc/resolv.conf
nameserver      109.69.8.34
nameserver      87.216.170.85

Thank you!

Hi!

Have TWC, and got fed up with this behaviour as well, and followed this guide, but still have some leftover in my "resolv.conf" file!

Standard "resolv.conf" before modifications:

$ cat /etc/resolv.conf
nameserver 4.2.2.1
nameserver 4.2.2.2
nameserver 4.2.2.3
nameserver 209.18.47.61 #nameserver written by /opt/vyatta/sbin/vyatta_update_resolv.pl
nameserver 209.18.47.62 #nameserver written by /opt/vyatta/sbin/vyatta_update_resolv.pl
search tx.rr.com #line generated by /opt/vyatta/sbin/vyatta_update_resolv.pl
$

What I did:

configure
set interfaces ethernet eth0 dhcp-options name-server no-update
commit
save
exit

Resulting "resolv.conf" file:

$ cat /etc/resolv.conf
nameserver 4.2.2.1
nameserver 4.2.2.2
nameserver 4.2.2.3
search		 tx.rr.com		#line generated by /opt/vyatta/sbin/vyatta_update_resolv.pl
$

How do I get rid of that last line of TWC crap! What does it do?

Login the GUI and I bet you will find it in the config tree !!!!  Delete the entry and your done.

There is nothing added in my "system > domain-search" branch, so nothing to delete, or?

Thinking it is dynamically added by the "/opt/vyatta/sbin/vyatta_update_resolv.pl", and there for needs to be disabled somehow, similar to how the dhcp-options name-server was set to "no-update".