‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, July 2, 2019 7:34 AM, Sphere <nvidiatempatg...@gmail.com> wrote:
> With my experience of using DNSCrypt I actually think that Qubes' has some > unique way of handling DNS queries given how the nameservers automatically > put into /etc/resolv.conf are on a different subnet. > > I actually think there must be some sort of bind or unbound being ran in > there that resolves all the DNS queries for you by using sys-net or your > netvm as a proxy. > > In order to make a sys-dns qube or to turn any other qube into a sys-dns qube > you must ensure that it is listening on port 53 UDP for any DNS queries. > > This command alone given by Chris should be enough. > iptables -I INPUT -p udp --dport 53 -j ACCEPT > > Afterwards you should change your /etc/resolv.conf to the IP address of your > sys-dns qube. The IP address can be found out using Qubes Manager and try to > ping that ip address first to verify if it is reachable by your AppVM in the > first place. > > If your sys-dns qube is not your sys-net or netvm then you should ensure that > TCP port 853 outbound is allowed through if your firewall rules do not > explicitly allow all outbound (all outbound is allowed by default for each > qube) > > (In dom0 terminal) > qvm-firewall [sys-firewall or/and sys-dns] add action=accept proto=tcp > dstports=853 --before 0 > > If this doesn't solve it then it may be best to provide us with some logs of > your stubby > Hi both, thanks for your suggestions. I am a kind of busy for a couple of days. Once things get better I will try to set up a sys-dns qube running DoT following your indications and write a report for the mailing list. Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/68GHBYcztx2oOiBx0vCqnB91ytiqMTna2vROHcVgs9e0p0R2a0giMiBRck63N-EcFBNqGONoOugI6c4TwNRvTl2wuafEZ7WJgJDlHwX3BGk%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
