Hi, I have recently installed Qubes OS and I am experiencing some slow time resolution in my debian VM. I have checked the /etc/resolv.conf file and it contains the following lines:
nameserver 10.137.2.1 nameserver 10.137.2.254 Playing with dig I can realise that the first IP is working well while all DNS queries sent to the second one finish in timeout: $ dig +short qubes-os.org @10.137.2.1 104.25.152.101 104.25.151.101 $ dig +short qubes-os.org @10.137.2.254 ;; connection timed out; no servers could be reached In sys-firewall, everything seems OK: $ iptables -S -t nat [...] -A PR-QBS -d 10.137.2.1/32 -p udp -m udp --dport 53 -j DNAT --to-destination 10.137.1.1 -A PR-QBS -d 10.137.2.1/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 10.137.1.1 -A PR-QBS -d 10.137.2.254/32 -p udp -m udp --dport 53 -j DNAT --to-destination 10.137.1.254 -A PR-QBS -d 10.137.2.254/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 10.137.1.254 But I have the feeling something is missing in sys-net: $ iptables -S -t nat [...] -A PR-QBS -d 10.137.1.1/32 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.1.1 -A PR-QBS -d 10.137.1.1/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.1.1 [...] where 192.168.1.1 is the expected DNS server on my LAN. Do you have an idea why this DNAT rule is missing? (I am not sure to understand why 2 different nameserver are filled in resolv.conf). Many thanks for your help, Antoine -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170305202507.sskvrkfd4ho6sea2%40fedora-23-dvm. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
