I found the solution by googling “cloud-init overwriting resolv.conf”

https://cloudinit.readthedocs.io/en/latest/topics/boot.html

; Created by cloud-init on instance boot automatically, do not edit.
;
nameserver 67.207.67.2
nameserver 67.207.67.3
search
~

The file I was looking for all along was “vi /etc/network/interfaces”

Generated by the DigitalOcean provisioning process on 2019-01-16T08:48:42Z

See ‘man interfaces’ on a Debian/Ubuntu systems.

The network configuration was generated from http://169.254.169.254/metadata/v1.json.

You may also find the it on the locally attached CDROM under 'digitaloceanmetadata.json’

auto lo
iface lo inet loopback
dns-nameservers 67.207.67.2 67.207.67.3

This article is not the fix but relevant and helpful.

Title: Red Hat Enterprise Linux RHEL6 - How Does the resolv.conf File Get Changed on Boot

Document Type: Support Information
Original owner: KCS - Linux
Disclosure level: Public

FACT:The file /etc/sysconfig/network-scripts/ifcfg-ethx has a parameter PEERDNS = yes
Questions/Symptoms

SYMPTOM:The file /etc/resolv.conf is changed on boot.
Cause

CAUSE:Parameters used in the network configuration files can be used to change the resolver configuration, when the network is started.
Answer/Solution

FIX:The ifcfg parameter PEERDNS determines if the file /etc/resolv.conf file is modified or not. If it is set to a yes then the parameters DOMAIN, DNS1 and DNS2 will be used to set search and nameservers entries in the file /etc/resolv.conf. If PEERDNS is set to no then the file /etc/resolv.conf is not modified.

The script /etc/sysconfig/network-scripts/ifup-post performs any changes to resolv.conf.

So these lines added to the file /etc/sysconfig/network-scripts/ifcfg-eth0.

PEERDNS=yes

DOMAIN=test.corp.net

DNS1=192.168.1.1

DNS2=192.168.1.2

Will result in the following /etc/resolv.conf file.

cat /etc/resolv.conf

nameserver 192.168.1.1

nameserver 192.168.1.2

search test.corp.net

You would want to limit these parameters to only one ifcfg-ethx file. If you have multiple DNSx and DOMAIN parameters in different files the resolv.conf you get would be based on the last interface that was brought up.

PEERDNS defaults to no unless DHCP is used, in which case it defaults to yes.

There should be a warning telling you not to edit resolv.conf. Edit /etc/network/interfaces instead.

Or edit /etc/resolvconf/resolveconf.d/base instead. This is used to build resolv.conf

Edit the resolv.conf as you wish, save/close the file and then type this on command line:

chattr +i /etc/resolv.conf ((to protect the file from write))
chattr -i /etc/resolv.conf ((to unprotect, default mode))

editing base file only appends the dns server after the ‘head’ which is also overwritten but digital ocean. chattr doesn’t seem to work either. Anyone have other suggestions?

I have knocked out the nameserver lines from /etc/network/interface.d files too, this has not worked
I have edited /etc/resolvconf/resolv.conf.d/base < this has no impact

Some [DO] insight would be very helful

I have a support ticket into DO about this, I have had a really hard time figuring out where those default addresses are coming from as well.

I seem to have been able to get around the problem on a fresh Ubuntu 16.04 box, by:

1. adding the nameservers I want in /etc/resolvconf/resolv.conf.d/head
2. comment out the line dns-nameservers 67.207.67.3 67.207.67.2 in /etc/network/interfaces.d/50-cloud-init.cfg

I’ve rebooted a few times and the settings seem to persist, but this is a hacky solution. I just want to know where the defaults are coming from so I can change them and then never do this again.