RHEL 10 must configure a DNS processing mode in Network Manager to avoid conflicts with other Domain Name Server (DNS) managers and to not leak DNS queries to untrusted networks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-281362 | RHEL-10-800300 | SV-281362r1167236_rule | CCI-002385 | medium |
| Description | ||||
| To ensure that DNS resolver settings are respected, a DNS mode in Network Manager must be configured. The following are common DNS values in "NetworkManager.conf [main]": - default: NetworkManager will update "/etc/resolv.conf" to reflect the nameservers provided by currently active connections. - none: NetworkManager will not modify "/etc/resolv.conf". Used when DNS is managed manually or by another service. - systemd-resolved: Uses "systemd-resolved" to manage DNS. - dnsmasq: Enables the internal "dnsmasq" plugin. Satisfies: SRG-OS-000420-GPOS-00186, SRG-OS-000142-GPOS-00091 | ||||
| STIG | Date | |||
| Red Hat Enterprise Linux 10 Security Technical Implementation Guide | 2026-03-11 | |||
Details
Check Text (C-281362r1167236_chk)
Verify RHEL 10 has a DNS mode configured in Network Manager.
$ NetworkManager --print-config
[main]
dns=none
If the dns key under "main" does not exist or is set to "dnsmasq", this is a finding.
Note: If RHEL 10 is configured to use a DNS resolver other than Network Manager, the configuration must be documented and approved by the information system security officer.
Fix Text (F-85828r1167235_fix)
Configure RHEL 10 to use a DNS mode in Network Manager.
In "/etc/NetworkManager/NetworkManager.conf", add the following line in the "[main]" section:
dns = none
Where <dns processing mode> is default, none, or systemd-resolved.
Network Manager must be reloaded for the change to take effect:
$ sudo systemctl reload NetworkManager