On 07/31/2016 10:05 AM, Markus Kilås wrote:
On 02/28/2016 04:13 PM, Markus Kilås wrote:Hi, I am experiencing an issue with DNS queries in my AppVMs in R3.0. Sometimes after booting up, the AppVMS that are connected to sys-firewall are unable to do DNS lookups: user@untrusted ~]$ dig qubes-os.org ; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> qubes-os.org ;; global options: +cmd ;; connection timed out; no servers could be reached The same command works in sys-firewall and netvm and any AppVM connected directly to the netvm but not when going through sys-firewall. There are no firewall rules added in the Qubes VM Manager and changing to allow all network traffic for 5 minutes makes no difference. Besides DNS lookups not working, the networking is working: [user@untrusted ~]$ ping 104.25.119.5 PING 104.25.119.5 (104.25.119.5) 56(84) bytes of data. 64 bytes from 104.25.119.5: icmp_seq=1 ttl=56 time=31.4 ms If I manually change the nameserver to the same as in sys-firewall the resolving works also in the AppVM: With IP from /etc/resolve.conf (sys-firewall): [user@untrusted ~]$ dig @10.137.2.1 qubes-os.org ; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> @10.137.2.1 qubes-os.org ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached Instead with the netvm IP: [user@untrusted ~]$ dig @10.137.5.1 qubes-os.org ; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> @10.137.5.1 qubes-os.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5804 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;qubes-os.org. IN A ;; ANSWER SECTION: qubes-os.org. 127 IN A 104.25.119.5 qubes-os.org. 127 IN A 104.25.118.5 ;; Query time: 11 msec ;; SERVER: 10.137.5.1#53(10.137.5.1) ;; WHEN: Sun Feb 28 16:03:09 CET 2016 ;; MSG SIZE rcvd: 73 Any idea what is going on here?
Very similar issues here...
I think I solved this now. After re-installing with V3.2-rc2 and restoring my VMs (including my old netvm) I still had this problem from time to time. So what I did was to start use the new sys-net VM as NetVM instead of my restored old netvm (I manually copied over the network manager config, private keys, certificates etc from the old VM to not have to reconfigure that). Since then, so far I have not seen the issue again.
I had renamed the sys-firewall VM back to its old "firewallvm" name using Qubes manager after a fresh 3.1rc2 install (otherwise restoring my backup wouldn't have worked: "could not find referenced firewallvm" ...). Maybe the sys-firewall name is hardcoded somewhere? I guess I'll test renaming it back again soon...
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36d8e448-03db-6959-e656-06e33a48b14a%40nurfuerspam.de. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
