-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, Aug 01, 2016 at 08:31:12AM +0200, David Hobach wrote: > > > On 07/31/2016 10:05 AM, Markus Kilås wrote: > > On 02/28/2016 04:13 PM, Markus Kilås wrote: > > > Hi, > > > > > > I am experiencing an issue with DNS queries in my AppVMs in R3.0. > > > > > > Sometimes after booting up, the AppVMS that are connected to > > > sys-firewall are unable to do DNS lookups: > > > user@untrusted ~]$ dig qubes-os.org > > > ; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> qubes-os.org > > > ;; global options: +cmd > > > ;; connection timed out; no servers could be reached > > > > > > The same command works in sys-firewall and netvm and any AppVM connected > > > directly to the netvm but not when going through sys-firewall. There are > > > no firewall rules added in the Qubes VM Manager and changing to allow > > > all network traffic for 5 minutes makes no difference. > > > > > > Besides DNS lookups not working, the networking is working: > > > [user@untrusted ~]$ ping 104.25.119.5 > > > PING 104.25.119.5 (104.25.119.5) 56(84) bytes of data. > > > 64 bytes from 104.25.119.5: icmp_seq=1 ttl=56 time=31.4 ms > > > > > > If I manually change the nameserver to the same as in sys-firewall the > > > resolving works also in the AppVM: > > > > > > With IP from /etc/resolve.conf (sys-firewall): > > > [user@untrusted ~]$ dig @10.137.2.1 qubes-os.org > > > ; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> @10.137.2.1 > > > qubes-os.org > > > ; (1 server found) > > > ;; global options: +cmd > > > ;; connection timed out; no servers could be reached > > > > > > Instead with the netvm IP: > > > [user@untrusted ~]$ dig @10.137.5.1 qubes-os.org > > > ; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> @10.137.5.1 > > > qubes-os.org > > > ; (1 server found) > > > ;; global options: +cmd > > > ;; Got answer: > > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5804 > > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 > > > > > > ;; OPT PSEUDOSECTION: > > > ; EDNS: version: 0, flags:; udp: 4096 > > > ;; QUESTION SECTION: > > > ;qubes-os.org. IN A > > > > > > ;; ANSWER SECTION: > > > qubes-os.org. 127 IN A 104.25.119.5 > > > qubes-os.org. 127 IN A 104.25.118.5 > > > > > > ;; Query time: 11 msec > > > ;; SERVER: 10.137.5.1#53(10.137.5.1) > > > ;; WHEN: Sun Feb 28 16:03:09 CET 2016 > > > ;; MSG SIZE rcvd: 73 > > > > > > > > > Any idea what is going on here? > > > > > Very similar issues here...
I think it's this issue: https://github.com/QubesOS/qubes-issues/issues/1067 > > I think I solved this now. > > > > After re-installing with V3.2-rc2 and restoring my VMs (including my old > > netvm) I still had this problem from time to time. > > > > So what I did was to start use the new sys-net VM as NetVM instead of my > > restored old netvm (I manually copied over the network manager config, > > private keys, certificates etc from the old VM to not have to > > reconfigure that). > > > > Since then, so far I have not seen the issue again. > > I had renamed the sys-firewall VM back to its old "firewallvm" name using > Qubes manager after a fresh 3.1rc2 install (otherwise restoring my backup > wouldn't have worked: "could not find referenced firewallvm" ...). Enable option "ignore missing" during backup restoration. This will use default VMs in place of missing ones (default netvm, default template etc). > Maybe the > sys-firewall name is hardcoded somewhere? I guess I'll test renaming it back > again soon... It shouldn't matter. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXoZ3UAAoJENuP0xzK19cs2+8H/2RvRRp8hJzdTdL25sW9k3pS fBejELvPrYHyqcodoRRnUUdVzycld598Jgj7nxx3MSt+hwv90ueA7iti7PjtHYLE f+dnubN/69I2ZaqOS36JmrarCAUPE32NLuE9bw/+cs/5l5X0tnkOODgI0ZWm11zm 9lZC0l/23gAhofxQvdirllvBa+6qYL8YfDrQSpznJq0lQmsrRvquL7P7n1+pKtwd G0FY8zFJuNX9oEUuytdR0lgwDlZAIKRk2C8W0FWpELoZDDQE4slQUMsy2AEUx4cA Dad5BBR/pbqgynsSV4NrjfdOF2BIrJ/Bi8N5J9ur46hmTiYiUGenVV3jXt7sNFk= =bYHd -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160803073131.GL32095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
