Short Update after further testing how to setup NextDNS in Qubes. I was able to change the DNS servers in my AppVM by editing /etc/systemd/resolv.conf and adding the following lines:
DNS=<REMOVED>dns1.nextdns.io DNS=<REMOVED>.dns1.nextdns.io DNS=<REMOVED>.dns2.nextdns.io DNS=<REMOVED>.dns2.nextdns.io DNSOverTLS=yes The exakt settings can be found in your NextDNS account under Setup for systemd. I had to restart the service after changing the config file: systemctl restart systemd-resolved DNS queries will now go via NextDNS as seen in the Live Log but if stop the system-resolved service DNS is still working. Most likely because /etc/resolv.conf in the AppVM is still pointing to the default Qubes DNS IPs: bash-5.0# cat /etc/resolv.conf nameserver 10.139.1.1 nameserver 10.139.1.2 how can I make the DNS leakproof, so that DNS queries will only work via the NextDNS nameservers and not via Qubes DNS? Additionally what would be the best setup to place those DNS servers? sys-net <- sys-vpn (expressvpn) <- sys-firewall <-- <APPVMs> In each AppVM? Firewall-VM? VPN-VM? regards one7two99 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vAjtviUd%3D69yHjhCR32wMCC-kTu8G2uk%3Du0OZbyMA2wQ%40mail.gmail.com.