On 6/30/19 4:10 PM, Chris Laprise wrote:
A shortcut you can take to setting up iptables for DNS is to populate
/etc/resolv.conf and then run '/usr/lib/qubes/qubes-setup-dnat-to-ns'.
This should configure the nat/PR-QBS chain with the DNS addresses you
set.
So check that your DoT setup is updating /etc/resolv.conf, then run
'/usr/lib/qubes/qubes-setup-dnat-to-ns'.
Additional thought: The sys-net VM may not be the best place to secure
any data, DNS included. Putting DoT in sys-firewall or similar proxyVM
(and using qubes-setup-dnat-to-ns there) would be a better choice and
has a fair chance of working.
There is also a chance that configuring DoT to run in your AppVMs,
instead, could work and without any special Qubes steps.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/9625b54f-2711-cddd-3095-4fbdd99e5f65%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
