-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-03-05 13:07, Unman wrote: > On Sun, Mar 05, 2017 at 09:25:07PM +0100, 'Antoine' via qubes-users wrote: >> Hi, >> >> I have recently installed Qubes OS and I am experiencing some slow time >> resolution in my debian VM. I have checked the /etc/resolv.conf file and >> it contains the following lines: >> >> nameserver 10.137.2.1 >> nameserver 10.137.2.254 >> >> Playing with dig I can realise that the first IP is working well while >> all DNS queries sent to the second one finish in timeout: >> >> $ dig +short qubes-os.org @10.137.2.1 >> 104.25.152.101 >> 104.25.151.101 >> $ dig +short qubes-os.org @10.137.2.254 >> ;; connection timed out; no servers could be reached >> >> In sys-firewall, everything seems OK: >> >> $ iptables -S -t nat >> [...] >> -A PR-QBS -d 10.137.2.1/32 -p udp -m udp --dport 53 -j DNAT --to-destination >> 10.137.1.1 >> -A PR-QBS -d 10.137.2.1/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination >> 10.137.1.1 >> -A PR-QBS -d 10.137.2.254/32 -p udp -m udp --dport 53 -j DNAT >> --to-destination 10.137.1.254 >> -A PR-QBS -d 10.137.2.254/32 -p tcp -m tcp --dport 53 -j DNAT >> --to-destination 10.137.1.254 >> >> But I have the feeling something is missing in sys-net: >> >> $ iptables -S -t nat >> [...] >> -A PR-QBS -d 10.137.1.1/32 -p udp -m udp --dport 53 -j DNAT --to-destination >> 192.168.1.1 >> -A PR-QBS -d 10.137.1.1/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination >> 192.168.1.1 >> [...] >> >> where 192.168.1.1 is the expected DNS server on my LAN. >> >> Do you have an idea why this DNAT rule is missing? (I am not sure to >> understand why 2 different nameserver are filled in resolv.conf). >> >> Many thanks for your help, >> >> Antoine >> >> -- > > No idea - report it as a bug >
Filed a bug report: https://github.com/QubesOS/qubes-issues/issues/2674 Antoine, you didn't mention which version of Qubes or Debian you're using, so I assumed Qubes 3.2 and the Debian 8 TemplateVM. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYvLzEAAoJENtN07w5UDAw+rsP/iOfRnkcfKfPONVv5ZjJwIIs 7CONV6Spmp69MK9SrnytzNRu1FXyimXY7/PyDYDkidwF8V/YTIjoxxKVdkCv9nMS O8psTge4AdJXInQCiFtH8iMb6Qb7RnJ7YJYT+rrIGfKW+ThQolW8/yFnvFExlHor 15zMIifI5jqi+khD+iNY1X81Hv2vjiDxmzD0l6VjODb6Bdu1rQnBF/i73axFDyIZ eXGjotqW3t7eAm4OBKjZcKWcKnrDrfItqH67CDwEDco837ECYQsjX/DvB7OQcTMY GkAlNKkXmSMq9GTAyhdMNW4qNUF00vqJeohowlU2WTM0ihDS4rN71TfHnBFi1WRJ MC3/QCBP4NxJpehz1iYTj4i+TDL1X6JWwcIvsyEPJ7yc3shAPF8WUY/GTwUCozly VWF2j3gC46od27iO6RkXCKdpYNZjoN1bwRRgTAh/hnosNHuu4fy8Qj0v6Rj1ktVe JBmdFBI5x2TBuBJatq+wF2SWdEMgu/ThhXelv2sn204P7mqqNa/DgktakGPVNE7X +kxGsgIeMJUZ3npaNNI5As/WZ+EhNm6rC3KloBqNz5V2Aoq4DRbeOqbLSmCx/4mA 577++Ll4ixOzrh0Zpw1f7uOheVhLVI+VlCUxaoHujh+8a/MSxm0UI1v5kKkGqT0f LdVJt02d1Rn96HADm/VF =hp+e -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f0d19a0c-0e58-81a3-a58c-9771e4acf125%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
