Hi Bernhard,
nice to see you're still around. :-)
I hadn't seen you active for a long time, probably I just don't know your nick
on the forum.
And I ignore if TOR does use "cross checking requests" to detect
manipulation? The question of " best practice " seems non-trivial to me.
Setting up a
Hi all,
I have the impression that DNS questions should get more attention than
the often attract, with the purpose of caching, anonymity, censorship
prvention & securing against DNS manipulation. Let me start my question
with a citation, that -at the end- is not that surprising:
"more than
Hello,
I upgraded my fedora templates to fedora 33 recently, but I have
sometimes a problem with the DNS when I use a vpn (it's a vpn just for
local addresses under univ-rouen.fr). I first disabled systemd-resolved
and enabled NetworkManager in the TemplateVM, and when I start the vpn
On Tue, May 11, 2021 at 11:47:50PM +0200, 'qtpie' via qubes-users wrote:
> I have a very annoying issue with DNS recently. I'm using the standard DNS
> device and servers provided by my internetprovider which runs a full
> dual-stack IPv4/6. Other non-qubes devices have no issues. I think this
>
I have a very annoying issue with DNS recently. I'm using the standard
DNS device and servers provided by my internetprovider which runs a full
dual-stack IPv4/6. Other non-qubes devices have no issues. I think this
might be a Qubes bug but I want to ask for help first to rule out an
error on
On 10/27/19 6:33 AM, gas...@gmail.com wrote:
Is there a clear guide of how to set up a DNS VM in Qubes OS?
I tried setting up dnsmasq in the VPN VM behind sys-firewall, both with
NetworkManager and as a standalone service. It didn't work. I also tried
on another VM behind the VPN VM.
All I
Is there a clear guide of how to set up a DNS VM in Qubes OS?
I tried setting up dnsmasq in the VPN VM behind sys-firewall, both with
NetworkManager and as a standalone service. It didn't work. I also tried
on another VM behind the VPN VM.
All I got working is making DNS requests to the
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Wednesday, July 3, 2019 5:24 AM, Sphere wrote:
> You're welcome and good luck!
> In any case, I was reminded that any sort of communication between
> non-interconnected qubes are not allowed. So even if both of your
You're welcome and good luck!
In any case, I was reminded that any sort of communication between
non-interconnected qubes are not allowed. So even if both of your AppVM qubes
and sys-dns qube are connected to sys-firewall then they won't be able to
communicate with each other by default.
‐‐‐ Original Message ‐‐‐
On Tuesday, July 2, 2019 7:34 AM, Sphere wrote:
> With my experience of using DNSCrypt I actually think that Qubes' has some
> unique way of handling DNS queries given how the nameservers automatically
> put into /etc/resolv.conf are on a different subnet.
>
>
With my experience of using DNSCrypt I actually think that Qubes' has some
unique way of handling DNS queries given how the nameservers automatically put
into /etc/resolv.conf are on a different subnet.
I actually think there must be some sort of bind or unbound being ran in there
that
On 7/1/19 3:40 PM, 'qubeslover' via qubes-users wrote:
Hello,
I tried but without results.
1. dnf install getdns-stubby in fedora-30-firewall (template).
2. servicectl enable stubby in fedora-30-firewall.
3. Shutdown fedora-30-firewall.
4. Restart sys-firewall
4. Sudo nano /etc/resolv.conf
‐‐‐ Original Message ‐‐‐
On Sunday, June 30, 2019 11:20 PM, 'qubeslover' via qubes-users
wrote:
> ‐‐‐ Original Message ‐‐‐
> On Sunday, June 30, 2019 10:36 PM, Chris Laprise tas...@posteo.net wrote:
>
> > On 6/30/19 4:10 PM, Chris Laprise wrote:
> >
> > > > > A shortcut you can
‐‐‐ Original Message ‐‐‐
On Sunday, June 30, 2019 10:36 PM, Chris Laprise wrote:
> On 6/30/19 4:10 PM, Chris Laprise wrote:
>
> > > > A shortcut you can take to setting up iptables for DNS is to populate
> > > > /etc/resolv.conf and then run '/usr/lib/qubes/qubes-setup-dnat-to-ns'.
> >
On 6/30/19 4:10 PM, Chris Laprise wrote:
A shortcut you can take to setting up iptables for DNS is to populate
/etc/resolv.conf and then run '/usr/lib/qubes/qubes-setup-dnat-to-ns'.
This should configure the nat/PR-QBS chain with the DNS addresses you
set.
So check that your DoT setup is
On 6/30/19 2:46 PM, 'qubeslover' via qubes-users wrote:
Dear tasket,
today here is so hot that I feel like I am drunk. I typed the wrong title. The
topic actually was
"Dns-over-TLS in *sys-net*. Is it possible? How?"
Obviously, as you correctly (and politely) pointed out, it doesn't make
Dear tasket,
today here is so hot that I feel like I am drunk. I typed the wrong title. The
topic actually was
"Dns-over-TLS in *sys-net*. Is it possible? How?"
Obviously, as you correctly (and politely) pointed out, it doesn't make sense
at all to run DoT over VPN. Actually, I want to run
On 6/30/19 9:17 AM, 'qubeslover' via qubes-users wrote:
Dear qubes users,
I wish you a good Sunday.
I'd like to use DoT on my qubes laptop. However, I am not sure how to do. I
have followed a couple of pretty straightforward tutorials
Dear qubes users,
I wish you a good Sunday.
I'd like to use DoT on my qubes laptop. However, I am not sure how to do. I
have followed a couple of pretty straightforward tutorials
(https://www.techrepublic.com/article/how-to-use-dns-over-tls-on-ubuntu-linux/
and
Sent from my mobile phone.
> On 13 Mar 2018, at 18:49, David Hobach wrote:
>
> On 03/13/2018 07:14 AM, Alex Dubois wrote:
>>> On 12 Mar 2018, at 18:40, David Hobach wrote:
>>>
On 03/11/2018 03:15 PM, David Hobach wrote:
An
On 03/13/2018 07:14 AM, Alex Dubois wrote:
On 12 Mar 2018, at 18:40, David Hobach wrote:
On 03/11/2018 03:15 PM, David Hobach wrote:
An alternative might be to setup the local DNS service in a VM closer to the
Internet, i.e. not in the proxy VM which also implements
Sent from my mobile phone.
> On 12 Mar 2018, at 18:40, David Hobach wrote:
>
>> On 03/11/2018 03:15 PM, David Hobach wrote:
>> An alternative might be to setup the local DNS service in a VM closer to the
>> Internet, i.e. not in the proxy VM which also implements the
On 03/11/2018 03:15 PM, David Hobach wrote:
An alternative might be to setup the local DNS service in a VM closer to
the Internet, i.e. not in the proxy VM which also implements the qubes
firewall.
Something like
Internet <-- sys-net <-- sys-firewall <-- DNS server VM <-- proxy VM
with
Sent from my mobile phone.
> On 11 Mar 2018, at 10:21, Chris Laprise wrote:
>
>> On 03/10/2018 04:43 PM, Alex Dubois wrote:
>>> On Saturday, 10 March 2018 13:16:37 UTC, Micah Lee wrote:
>>> ‐‐‐ Original Message ‐‐‐
>>>
On March 8, 2018 11:26 AM, Chris Laprise
On 03/11/2018 10:03 AM, David Hobach wrote:
On 03/11/2018 11:21 AM, Chris Laprise wrote:
...and for now omitted the '-d' destination part in iptables.
Then if I issue:
sudo iptables -t nat -F PR-QBS
sudo iptables -t nat -A PR-QBS -i vif+ -p udp --dport 53 -j DNAT
--to $eth0_address
sudo
On 03/11/2018 03:03 PM, David Hobach wrote:
So yes, if one is aware of that issue, one can certainly use it the way
you described. If you rely on the qubes-firewall to work as expected,
you shouldn't use it.
P.S.:
An alternative might be to setup the local DNS service in a VM closer to
the
On 03/11/2018 11:21 AM, Chris Laprise wrote:
...and for now omitted the '-d' destination part in iptables.
Then if I issue:
sudo iptables -t nat -F PR-QBS
sudo iptables -t nat -A PR-QBS -i vif+ -p udp --dport 53 -j DNAT --to
$eth0_address
sudo iptables -t nat -A PR-QBS -i vif+ -p tcp
On 03/10/2018 04:43 PM, Alex Dubois wrote:
On Saturday, 10 March 2018 13:16:37 UTC, Micah Lee wrote:
‐‐‐ Original Message ‐‐‐
On March 8, 2018 11:26 AM, Chris Laprise wrote:
\> \[1\] https://dnsprivacy.org/wiki/
\[2\] https://www.qubes-os.org/doc/networking/
On Saturday, 10 March 2018 13:16:37 UTC, Micah Lee wrote:
> ‐‐‐ Original Message ‐‐‐
>
> On March 8, 2018 11:26 AM, Chris Laprise wrote:
>
> >
> >
> > >>>\> \[1\] https://dnsprivacy.org/wiki/
> >
> > > > > > \[2\] https://www.qubes-os.org/doc/networking/
> >
> >
‐‐‐ Original Message ‐‐‐
On March 8, 2018 11:26 AM, Chris Laprise wrote:
>
>
> >>>\> \[1\] https://dnsprivacy.org/wiki/
>
> > > > > \[2\] https://www.qubes-os.org/doc/networking/
>
> Micah,
>
> If you have any specific instructions on how to setup the forwarder
[1] https://dnsprivacy.org/wiki/
[2] https://www.qubes-os.org/doc/networking/
Micah,
If you have any specific instructions on how to setup the forwarder
you're using, I'd be happy to try it myself and post a solution for use
with qubes-firewall.
I found the dnsprivacy wiki to be a bit
On 03/08/2018 01:16 PM, David Hobach wrote:
On 03/07/2018 06:40 PM, Unman wrote:
On Wed, Mar 07, 2018 at 11:58:21AM -0500, Micah Lee wrote:
I'm trying to make all DNS requests in Qubes go over TLS (more
information about this [1]).
I've got this successfully working in sys-net by running a
@David
On Thursday, March 8, 2018 at 7:18:04 PM UTC+1, David Hobach wrote:
> On 03/07/2018 06:40 PM, Unman wrote:
> > On Wed, Mar 07, 2018 at 11:58:21AM -0500, Micah Lee wrote:
> >> I'm trying to make all DNS requests in Qubes go over TLS (more information
> >> about this [1]).
> >>
> >> I've
On 03/07/2018 06:40 PM, Unman wrote:
On Wed, Mar 07, 2018 at 11:58:21AM -0500, Micah Lee wrote:
I'm trying to make all DNS requests in Qubes go over TLS (more information
about this [1]).
I've got this successfully working in sys-net by running a local DNS server on
udp 53 that forwards DNS
On Wed, Mar 07, 2018 at 11:58:21AM -0500, Micah Lee wrote:
> I'm trying to make all DNS requests in Qubes go over TLS (more information
> about this [1]).
>
> I've got this successfully working in sys-net by running a local DNS server
> on udp 53 that forwards DNS requests to a remote DNS
Qubes 4.0.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to
On Wed, Mar 07, 2018 at 11:58:21AM -0500, Micah Lee wrote:
> I'm trying to make all DNS requests in Qubes go over TLS (more information
> about this [1]).
>
> I've got this successfully working in sys-net by running a local DNS server
> on udp 53 that forwards DNS requests to a remote DNS
I'm trying to make all DNS requests in Qubes go over TLS (more information
about this [1]).
I've got this successfully working in sys-net by running a local DNS server on
udp 53 that forwards DNS requests to a remote DNS server over TLS, and then
setting my only nameserver in /etc/resolv.conf
On Friday, 5 January 2018 15:37:37 GMT Unman wrote:
> Look at the nat table in the upstream netvm.
> You'll see that sys-net NATs these requests to the NS used by sys-net.
Ah, that hint was enough, I didn't expect NAT, thanks!
Got it working now.
--
Tom Zander
Blog: https://zander.github.io
On Fri, Jan 05, 2018 at 03:17:38PM +, 'Tom Zander' via qubes-users wrote:
> I'm trying to figure out how this works, and I am stuck.
>
> In every qube (except sys-net) there is a resolv.conf that points to two
> name servers.
> 10.139.1.1 and .2
>
> This raises two questions;
>
> * how
I'm trying to figure out how this works, and I am stuck.
In every qube (except sys-net) there is a resolv.conf that points to two
name servers.
10.139.1.1 and .2
This raises two questions;
* how does sys-net handle these requests on this odd address. No 'ip ad'
network seems to listen on
On Mon, Nov 27, 2017 at 09:27:16PM +0100, CF wrote:
> Dear Users,
>
> A few (simple) questions as I was reading about DNS servers:
>
> 1 - Any feedback on using your own DNS server directly on your Qubes
> machine (using unbound for instance)? Is it straightforward to have your
> DNS cache
Dear Users,
A few (simple) questions as I was reading about DNS servers:
1 - Any feedback on using your own DNS server directly on your Qubes
machine (using unbound for instance)? Is it straightforward to have your
DNS cache persistent across reboots?
2 - Any feedback on the DNS over TLS
On Tue, Apr 25, 2017 at 08:30:17AM -0700, adonis28...@gmail.com wrote:
> On Monday, April 24, 2017 at 4:06:11 PM UTC-4, Unman wrote:
> > On Mon, Apr 24, 2017 at 11:33:58AM -0700 wrote:
> > > On Sunday, April 23, 2017 at 6:20:33 PM UTC-4, Chris Laprise wrote:
> > > > On 04/23/2017 05:50 PM, wrote:
On Monday, April 24, 2017 at 4:06:11 PM UTC-4, Unman wrote:
> On Mon, Apr 24, 2017 at 11:33:58AM -0700 wrote:
> > On Sunday, April 23, 2017 at 6:20:33 PM UTC-4, Chris Laprise wrote:
> > > On 04/23/2017 05:50 PM, wrote:
> > > > Would you mind to share these files with me from your Debian 8
On 04/23/2017 05:50 PM, adonis28...@gmail.com wrote:
Would you mind to share these files with me from your Debian 8 template to see
if I can fin what the problem is?!
Unman, no I haven't enabled anything. I got a Debian 8 template, almost clean,
and then a bunch of AppVMs using it as a
On Sun, Apr 23, 2017 at 02:40:12PM -0400, Chris Laprise wrote:
> On 04/23/2017 01:33 PM, adonis28...@gmail.com wrote:
> >Hi guys,
> >
> >I've updated my Debian 8 template, and for some reason it's messed up the
> >DNS-related iptables rules.
>
> This still works on my Debian 8 proxyVM. Haven't
On 04/23/2017 01:33 PM, adonis28...@gmail.com wrote:
Hi guys,
I've updated my Debian 8 template, and for some reason it's messed up the
DNS-related iptables rules.
This still works on my Debian 8 proxyVM. Haven't tried appVM yet as I
normally use Debian 9.
I've narrowed the problem down
Hi guys,
I've updated my Debian 8 template, and for some reason it's messed up the
DNS-related iptables rules.
I've narrowed the problem down to this script:
/usr/lib/qubes/qubes-setup-dnat-to-ns
---
#!/bin/sh
addrule()
{
if [ $FIRSTONE = yes ] ; then
On Thu, Mar 09, 2017 at 12:30:21AM +, Unman wrote:
> If you had two servers on your network, or your DHCP server gave out two
> addresses both would be used, I think.
> If you want to lose one, you could overwrite it from rc.local or use
> bind-dirs on resolv.conf: both methods are covered in
On Sat, Mar 11, 2017 at 10:05:50PM +0100, 'Antoine' via qubes-users wrote:
> On Thu, Mar 09, 2017 at 12:30:21AM +, Unman wrote:
> > > > > > >> https://github.com/QubesOS/qubes-issues/issues/2674
> > > > > I have the same problem with Fedora 23, Debian 8 and Debian 9:
> > > > >
> > > > > =
On Thu, Mar 09, 2017 at 12:30:21AM +, Unman wrote:
> > > > > >> https://github.com/QubesOS/qubes-issues/issues/2674
> > > > I have the same problem with Fedora 23, Debian 8 and Debian 9:
> > > >
> > > > = Fedora 23 =
> > > > [user@work ~]$ grep PRETTY /etc/os-release
> > > >
On Wed, Mar 08, 2017 at 11:55:17PM +0100, 'Antoine' via qubes-users wrote:
> On Tue, Mar 07, 2017 at 09:08:07PM +, Unman wrote:
> > On Tue, Mar 07, 2017 at 09:56:23PM +0100, 'Antoine' via qubes-users wrote:
> > > On Mon, Mar 06, 2017 at 04:31:31PM -0800, Andrew David Wong wrote:
> > > > >>
On Tue, Mar 07, 2017 at 09:08:07PM +, Unman wrote:
> On Tue, Mar 07, 2017 at 09:56:23PM +0100, 'Antoine' via qubes-users wrote:
> > On Mon, Mar 06, 2017 at 04:31:31PM -0800, Andrew David Wong wrote:
> > > >> Filed a bug report:
> > > >>
> > > >>
On Tue, Mar 07, 2017 at 09:56:23PM +0100, 'Antoine' via qubes-users wrote:
> On Mon, Mar 06, 2017 at 04:31:31PM -0800, Andrew David Wong wrote:
> > >> Filed a bug report:
> > >>
> > >> https://github.com/QubesOS/qubes-issues/issues/2674
> > >>
> > >> Antoine, you didn't mention which version of
On Mon, Mar 06, 2017 at 04:31:31PM -0800, Andrew David Wong wrote:
> >> Filed a bug report:
> >>
> >> https://github.com/QubesOS/qubes-issues/issues/2674
> >>
> >> Antoine, you didn't mention which version of Qubes or Debian
> >> you're using, so I assumed Qubes 3.2 and the Debian 8
> >>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-03-06 14:22, Antoine wrote:
> On Sun, Mar 05, 2017 at 05:35:03PM -0800, Andrew David Wong wrote:
>> Filed a bug report:
>>
>> https://github.com/QubesOS/qubes-issues/issues/2674
>>
>> Antoine, you didn't mention which version of Qubes or
On Sun, Mar 05, 2017 at 05:35:03PM -0800, Andrew David Wong wrote:
> Filed a bug report:
>
> https://github.com/QubesOS/qubes-issues/issues/2674
>
> Antoine, you didn't mention which version of Qubes or Debian you're
> using, so I assumed Qubes 3.2 and the Debian 8 TemplateVM.
In fact, I am
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-03-05 13:07, Unman wrote:
> On Sun, Mar 05, 2017 at 09:25:07PM +0100, 'Antoine' via qubes-users wrote:
>> Hi,
>>
>> I have recently installed Qubes OS and I am experiencing some slow time
>> resolution in my debian VM. I have checked the
On Sun, Mar 05, 2017 at 09:25:07PM +0100, 'Antoine' via qubes-users wrote:
> Hi,
>
> I have recently installed Qubes OS and I am experiencing some slow time
> resolution in my debian VM. I have checked the /etc/resolv.conf file and
> it contains the following lines:
>
> nameserver 10.137.2.1
>
Hi,
I have recently installed Qubes OS and I am experiencing some slow time
resolution in my debian VM. I have checked the /etc/resolv.conf file and
it contains the following lines:
nameserver 10.137.2.1
nameserver 10.137.2.254
Playing with dig I can realise that the first IP is working well
Hello
I have setup a VPN in network-manager of my proxyVM. The guide about to
stop DNS leak says that initially I have to copy all the vpn configuration
files in a folder called openvpn, write the script in each one and after
create DNS-handling script.
I have used a different way, saved dns
62 matches
Mail list logo