On Fri, Jan 05, 2018 at 03:17:38PM +0000, 'Tom Zander' via qubes-users wrote: > I'm trying to figure out how this works, and I am stuck. > > In every qube (except sys-net) there is a resolv.conf that points to two > name servers. > 10.139.1.1 and .2 > > This raises two questions; > > * how does sys-net handle these requests on this odd address. No 'ip ad' > network seems to listen on this address. > > * how can I change this in indidivual qubes in the correct matter. > I have some qubes routing through sys-vpn and I adjusted the vpn VM to find > the DNS, but users of the vpn can't find any DNS service now. > > Any help appreciated. >
Hi Tom, You don't say which Qubes version you're using, or how the sys-vpn is configured. Look at the nat table in the upstream netvm. You'll see that sys-net NATs these requests to the NS used by sys-net. You should be able to change name servers in a qube using bind-dirs on /etc/resolv.conf. Or, (somewhat better since it allows you to switch qubes in and out of vpn), just change the NAT rules on sys-vpn to capture DNS traffic and send it down the tunnel. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180105153737.iwf2gmhad2m36f2j%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.