On Wed, Mar 15, 2017 at 01:05:02PM -0400, eldor...@riseup.net wrote:
> I want to set dns in sys-net .
> After installing dnscrypt-proxy in sys-net template i have access to
> internet in sys-net
> via new dns address with these commands.
> "sudo dnscrypt-proxy --daemonize --syslog -R dnscrypt.eu-nl -a 127.0.0.2:53"
> "dig txt opendns.com"
> and dig command shows me i have access to new dns address(127.0.0.2:53).
>
> but sys-firewall doesn't have access to internet.
> How can i fix this?
Do you really mean that sys-firewall and qubes below doesn't have
access to internet? Or do you mean that you have broken DNS resolution?
You could easily check this by accessing a site by IP address rather
than by name from sys-firewall.
Usually, the NAT table rules in sys-net route DNS traffic outbound to
the dns servers set on sys-net (e.g. those given out by DHCP.)
While dnscrypt-proxy is running, look at the iptables rules in the NAT
and filter chains and see what is happening.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20170316010731.GB21254%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.