On Fri, Jan 05, 2018 at 03:17:38PM +0000, 'Tom Zander' via qubes-users wrote:
> I'm trying to figure out how this works, and I am stuck.
> 
> In every qube (except sys-net) there is  a resolv.conf that points to two 
> name servers.
> 10.139.1.1 and .2
> 
> This raises two questions;
> 
> * how does sys-net handle these requests on this odd address. No 'ip ad' 
> network seems to listen on this address.
> 
> * how can I change this in indidivual qubes in the correct matter.
> I have some qubes routing through sys-vpn and I adjusted the vpn VM to find 
> the DNS, but users of the vpn can't find any DNS service now.
> 
> Any help appreciated.
> 

Hi Tom,

You don't say which Qubes version you're using, or how the sys-vpn is
configured. 
Look at the nat table in the upstream netvm.
You'll see that sys-net NATs these requests to the NS used by sys-net.

You should be able to change name servers in a qube using bind-dirs on
/etc/resolv.conf. Or, (somewhat better since it allows you to switch
qubes in and out of vpn), just change the NAT rules on sys-vpn to
capture DNS traffic and send it down the tunnel.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180105153737.iwf2gmhad2m36f2j%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to