Re: [qubes-users] DNS propagation in Qubes

2019-10-27 Thread David Hobach
On 10/27/19 6:33 AM, gas...@gmail.com wrote: Is there a clear guide of how to set up a DNS VM in Qubes OS? I tried setting up dnsmasq in the VPN VM behind sys-firewall, both with NetworkManager and as a standalone service. It didn't work. I also tried on another VM behind the VPN VM. All I

Re: [qubes-users] DNS propagation in Qubes

2019-10-26 Thread gasull
Is there a clear guide of how to set up a DNS VM in Qubes OS? I tried setting up dnsmasq in the VPN VM behind sys-firewall, both with NetworkManager and as a standalone service. It didn't work. I also tried on another VM behind the VPN VM. All I got working is making DNS requests to the

Re: [qubes-users] DNS propagation in Qubes

2018-03-21 Thread Alex Dubois
Sent from my mobile phone. > On 13 Mar 2018, at 18:49, David Hobach wrote: > > On 03/13/2018 07:14 AM, Alex Dubois wrote: >>> On 12 Mar 2018, at 18:40, David Hobach wrote: >>> On 03/11/2018 03:15 PM, David Hobach wrote: An

Re: [qubes-users] DNS propagation in Qubes

2018-03-13 Thread David Hobach
On 03/13/2018 07:14 AM, Alex Dubois wrote: On 12 Mar 2018, at 18:40, David Hobach wrote: On 03/11/2018 03:15 PM, David Hobach wrote: An alternative might be to setup the local DNS service in a VM closer to the Internet, i.e. not in the proxy VM which also implements

Re: [qubes-users] DNS propagation in Qubes

2018-03-13 Thread Alex Dubois
Sent from my mobile phone. > On 12 Mar 2018, at 18:40, David Hobach wrote: > >> On 03/11/2018 03:15 PM, David Hobach wrote: >> An alternative might be to setup the local DNS service in a VM closer to the >> Internet, i.e. not in the proxy VM which also implements the

Re: [qubes-users] DNS propagation in Qubes

2018-03-12 Thread David Hobach
On 03/11/2018 03:15 PM, David Hobach wrote: An alternative might be to setup the local DNS service in a VM closer to the Internet, i.e. not in the proxy VM which also implements the qubes firewall. Something like Internet <-- sys-net <-- sys-firewall <-- DNS server VM <-- proxy VM with

Re: [qubes-users] DNS propagation in Qubes

2018-03-12 Thread Alex Dubois
Sent from my mobile phone. > On 11 Mar 2018, at 10:21, Chris Laprise wrote: > >> On 03/10/2018 04:43 PM, Alex Dubois wrote: >>> On Saturday, 10 March 2018 13:16:37 UTC, Micah Lee wrote: >>> ‐‐‐ Original Message ‐‐‐ >>> On March 8, 2018 11:26 AM, Chris Laprise

Re: [qubes-users] DNS propagation in Qubes

2018-03-11 Thread Chris Laprise
On 03/11/2018 10:03 AM, David Hobach wrote: On 03/11/2018 11:21 AM, Chris Laprise wrote: ...and for now omitted the '-d' destination part in iptables. Then if I issue: sudo iptables -t nat -F PR-QBS sudo iptables -t nat -A PR-QBS  -i vif+ -p udp --dport 53 -j DNAT --to $eth0_address sudo

Re: [qubes-users] DNS propagation in Qubes

2018-03-11 Thread David Hobach
On 03/11/2018 03:03 PM, David Hobach wrote: So yes, if one is aware of that issue, one can certainly use it the way you described. If you rely on the qubes-firewall to work as expected, you shouldn't use it. P.S.: An alternative might be to setup the local DNS service in a VM closer to the

Re: [qubes-users] DNS propagation in Qubes

2018-03-11 Thread David Hobach
On 03/11/2018 11:21 AM, Chris Laprise wrote: ...and for now omitted the '-d' destination part in iptables. Then if I issue: sudo iptables -t nat -F PR-QBS sudo iptables -t nat -A PR-QBS  -i vif+ -p udp --dport 53 -j DNAT --to $eth0_address sudo iptables -t nat -A PR-QBS  -i vif+ -p tcp

Re: [qubes-users] DNS propagation in Qubes

2018-03-11 Thread Chris Laprise
On 03/10/2018 04:43 PM, Alex Dubois wrote: On Saturday, 10 March 2018 13:16:37 UTC, Micah Lee wrote: ‐‐‐ Original Message ‐‐‐ On March 8, 2018 11:26 AM, Chris Laprise wrote: ​​ \> \[1\] https://dnsprivacy.org/wiki/ \[2\] https://www.qubes-os.org/doc/networking/

Re: [qubes-users] DNS propagation in Qubes

2018-03-10 Thread Alex Dubois
On Saturday, 10 March 2018 13:16:37 UTC, Micah Lee wrote: > ‐‐‐ Original Message ‐‐‐ > > On March 8, 2018 11:26 AM, Chris Laprise wrote: > > > ​​ > > > > >>>\> \[1\] https://dnsprivacy.org/wiki/ > > > > > > > > \[2\] https://www.qubes-os.org/doc/networking/ > > > >

Re: [qubes-users] DNS propagation in Qubes

2018-03-10 Thread Micah Lee
‐‐‐ Original Message ‐‐‐ On March 8, 2018 11:26 AM, Chris Laprise wrote: > ​​ > > >>>\> \[1\] https://dnsprivacy.org/wiki/ > > > > > > \[2\] https://www.qubes-os.org/doc/networking/ > > Micah, > > If you have any specific instructions on how to setup the forwarder

Re: [qubes-users] DNS propagation in Qubes

2018-03-08 Thread Chris Laprise
[1] https://dnsprivacy.org/wiki/ [2] https://www.qubes-os.org/doc/networking/ Micah, If you have any specific instructions on how to setup the forwarder you're using, I'd be happy to try it myself and post a solution for use with qubes-firewall. I found the dnsprivacy wiki to be a bit

Re: [qubes-users] DNS propagation in Qubes

2018-03-08 Thread Chris Laprise
On 03/08/2018 01:16 PM, David Hobach wrote: On 03/07/2018 06:40 PM, Unman wrote: On Wed, Mar 07, 2018 at 11:58:21AM -0500, Micah Lee wrote: I'm trying to make all DNS requests in Qubes go over TLS (more information about this [1]). I've got this successfully working in sys-net by running a

Re: [qubes-users] DNS propagation in Qubes

2018-03-08 Thread Yuraeitha
@David On Thursday, March 8, 2018 at 7:18:04 PM UTC+1, David Hobach wrote: > On 03/07/2018 06:40 PM, Unman wrote: > > On Wed, Mar 07, 2018 at 11:58:21AM -0500, Micah Lee wrote: > >> I'm trying to make all DNS requests in Qubes go over TLS (more information > >> about this [1]). > >> > >> I've

Re: [qubes-users] DNS propagation in Qubes

2018-03-08 Thread David Hobach
On 03/07/2018 06:40 PM, Unman wrote: On Wed, Mar 07, 2018 at 11:58:21AM -0500, Micah Lee wrote: I'm trying to make all DNS requests in Qubes go over TLS (more information about this [1]). I've got this successfully working in sys-net by running a local DNS server on udp 53 that forwards DNS

Re: [qubes-users] DNS propagation in Qubes

2018-03-07 Thread Unman
On Wed, Mar 07, 2018 at 11:58:21AM -0500, Micah Lee wrote: > I'm trying to make all DNS requests in Qubes go over TLS (more information > about this [1]). > > I've got this successfully working in sys-net by running a local DNS server > on udp 53 that forwards DNS requests to a remote DNS

Re: [qubes-users] DNS propagation in Qubes

2018-03-07 Thread Micah Lee
Qubes 4.0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to

Re: [qubes-users] DNS propagation in Qubes

2018-03-07 Thread Unman
On Wed, Mar 07, 2018 at 11:58:21AM -0500, Micah Lee wrote: > I'm trying to make all DNS requests in Qubes go over TLS (more information > about this [1]). > > I've got this successfully working in sys-net by running a local DNS server > on udp 53 that forwards DNS requests to a remote DNS

[qubes-users] DNS propagation in Qubes

2018-03-07 Thread Micah Lee
I'm trying to make all DNS requests in Qubes go over TLS (more information about this [1]). I've got this successfully working in sys-net by running a local DNS server on udp 53 that forwards DNS requests to a remote DNS server over TLS, and then setting my only nameserver in /etc/resolv.conf