Le mardi 14 février 2017 02:57:28 UTC+2, Unman a écrit : > On Mon, Feb 13, 2017 at 05:10:28AM -0800, ThierryIT wrote: > > Hi, > > > > Thx a lot for these information. > > > > I have installed dnssec-trigger on a newly created VM from a debian > > template as ProxyVM type. This is working, I have checked for the DNSSEC > > and all are ok. > > > > In the same way, I do have a VM to browse on internet, and I want all DNS > > request forwarded to this ProxyVM freshly installed ... How to do this ?? > > > > Thx > > > > Le lundi 13 février 2017 09:40:42 UTC+2, Andrew David Wong a écrit : > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA512 > > > > > > On 2017-02-12 23:18, ThierryIT wrote: > > > > Hi, > > > > > > > > I think that I have missed something concerning Qubes. When I > > > > installed, let's say "Unbound" packages, after a reboot of the VM > > > > it disappear ... Normal ? > > > > > > > > Thx > > > > > > > > > > You have to install it in the TemplateVM (or, for more advanced users, > > > pick a persistent dir and/or use bind-dirs): > > > > > > https://www.qubes-os.org/doc/templates/ > > > > > > - -- > > > Andrew David Wong (Axon) > > > Community Manager, Qubes OS > > > https://www.qubes-os.org > > > -----BEGIN PGP SIGNATURE----- > > > > > > iQIcBAEBCgAGBQJYoWLcAAoJENtN07w5UDAwAoQQAM+eiQ77VRPjYIf/0pKepUh0 > > > eMpVANLYuKUC1yOnkyQR4p+eZBY1aRxLenC1y5pZXfk0ZFySKATa+lw2gZR0A6dn > > > oMzZVtMxqDpVs3SQOImFvGEJCrhmaro1NmyL7+xNTgbEIO7Q35Az+AMLT3nNUa5N > > > qclPsdCi48MWki4YhCMOaNLxxeFYlJoN1JMdqVg9wWKfPWWL7t15koO0gB2hWAj0 > > > izroJeb9jDOW73PCo13zIs3nBrgmUnP/1VTg7emipVTfeQabHbpads61dNNSCgfv > > > TEQfXI8+b4TX1ajN5mT90sX5N11OOY0rePRHhhSlRlGMNM+2P6rxjMPvXTrxkF1q > > > 6TX12i2f2MxKg0uY7wJj2bCqG20Mo9sIsbxybvtFXKphnHZYOGaRmasdw4QciW/m > > > 1Ojy9dFUdLlqRSsbJRsk91CE6MwhmCqGQAsJsFd1WKdY6+EyH1cSuNpr+PEt01xl > > > hY91+ljOpI2/wYAQ+cumRV7JAydeCVv59Qs3k5yeFnpeqPMbPe9hKOnTj6eLyDbb > > > WCCHJzmJJ0NIqzEvdsaiJnfOy9gTSKVdX4YIOoC5b2wjW4+vqJwqPUssSC511zpa > > > OxEmKTSN7raMuuNLG370oplr5pRnrA/iolg/W/tDM2TbyfGQuEOHZXh91C6vyKKv > > > mFM7z+UCGxMljbNCEuDN > > > =laqs > > > -----END PGP SIGNATURE----- > > > > Please don't top post. > > If the new proxyVM is upstream from the browsing machine then you will > need to adjust iptables in the nat table to redirect dns requests to the > dnssec-trigger listener. > > If the new proxy is not upstream, but connected to the same upstream > proxy then you can set the ip address in /etc/resolv.conf in the > browsing qube, and allow traffic between the qubes as shown in this > page: > www.qubes-os.org/doc/firewall in the section "Enabling networking > between two qubes" > You could set the dns record from /rw/config/rc.local.
For me it will be the first case. So to do it right, I will need to: In the Browsing VM (10.137.4.16): - DNS resolver to the IP of the ProxyVM - VM settings: NetVM to ProxyVM In the ProxyVM (10.137.2.13): - VM settings: NetVM to sys-firewall - DNS resolver to 127.0.0.1 (already done) - New iptables NAT rules to forward all DNS request from the BrowsingVM to the local DNS listener Is it right ? Thx -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d4cdac77-bcd7-4bad-8a96-f15bc3bcf5cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
