Re: [qubes-users] Install DNSSEC on ProxyVM type (debian) ?
Le mardi 14 février 2017 02:57:28 UTC+2, Unman a écrit : > On Mon, Feb 13, 2017 at 05:10:28AM -0800, ThierryIT wrote: > > Hi, > > > > Thx a lot for these information. > > > > I have installed dnssec-trigger on a newly created VM from a debian > > template as ProxyVM type. This is working, I have checked for the DNSSEC > > and all are ok. > > > > In the same way, I do have a VM to browse on internet, and I want all DNS > > request forwarded to this ProxyVM freshly installed ... How to do this ?? > > > > Thx > > > > Le lundi 13 février 2017 09:40:42 UTC+2, Andrew David Wong a écrit : > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA512 > > > > > > On 2017-02-12 23:18, ThierryIT wrote: > > > > Hi, > > > > > > > > I think that I have missed something concerning Qubes. When I > > > > installed, let's say "Unbound" packages, after a reboot of the VM > > > > it disappear ... Normal ? > > > > > > > > Thx > > > > > > > > > > You have to install it in the TemplateVM (or, for more advanced users, > > > pick a persistent dir and/or use bind-dirs): > > > > > > https://www.qubes-os.org/doc/templates/ > > > > > > - -- > > > Andrew David Wong (Axon) > > > Community Manager, Qubes OS > > > https://www.qubes-os.org > > > -BEGIN PGP SIGNATURE- > > > > > > iQIcBAEBCgAGBQJYoWLcAAoJENtN07w5UDAwAoQQAM+eiQ77VRPjYIf/0pKepUh0 > > > eMpVANLYuKUC1yOnkyQR4p+eZBY1aRxLenC1y5pZXfk0ZFySKATa+lw2gZR0A6dn > > > oMzZVtMxqDpVs3SQOImFvGEJCrhmaro1NmyL7+xNTgbEIO7Q35Az+AMLT3nNUa5N > > > qclPsdCi48MWki4YhCMOaNLxxeFYlJoN1JMdqVg9wWKfPWWL7t15koO0gB2hWAj0 > > > izroJeb9jDOW73PCo13zIs3nBrgmUnP/1VTg7emipVTfeQabHbpads61dNNSCgfv > > > TEQfXI8+b4TX1ajN5mT90sX5N11OOY0rePRHhhSlRlGMNM+2P6rxjMPvXTrxkF1q > > > 6TX12i2f2MxKg0uY7wJj2bCqG20Mo9sIsbxybvtFXKphnHZYOGaRmasdw4QciW/m > > > 1Ojy9dFUdLlqRSsbJRsk91CE6MwhmCqGQAsJsFd1WKdY6+EyH1cSuNpr+PEt01xl > > > hY91+ljOpI2/wYAQ+cumRV7JAydeCVv59Qs3k5yeFnpeqPMbPe9hKOnTj6eLyDbb > > > WCCHJzmJJ0NIqzEvdsaiJnfOy9gTSKVdX4YIOoC5b2wjW4+vqJwqPUssSC511zpa > > > OxEmKTSN7raMuuNLG370oplr5pRnrA/iolg/W/tDM2TbyfGQuEOHZXh91C6vyKKv > > > mFM7z+UCGxMljbNCEuDN > > > =laqs > > > -END PGP SIGNATURE- > > > > Please don't top post. > > If the new proxyVM is upstream from the browsing machine then you will > need to adjust iptables in the nat table to redirect dns requests to the > dnssec-trigger listener. > > If the new proxy is not upstream, but connected to the same upstream > proxy then you can set the ip address in /etc/resolv.conf in the > browsing qube, and allow traffic between the qubes as shown in this > page: > www.qubes-os.org/doc/firewall in the section "Enabling networking > between two qubes" > You could set the dns record from /rw/config/rc.local. For me it will be the first case. So to do it right, I will need to: In the Browsing VM (10.137.4.16): - DNS resolver to the IP of the ProxyVM - VM settings: NetVM to ProxyVM In the ProxyVM (10.137.2.13): - VM settings: NetVM to sys-firewall - DNS resolver to 127.0.0.1 (already done) - New iptables NAT rules to forward all DNS request from the BrowsingVM to the local DNS listener Is it right ? Thx -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d4cdac77-bcd7-4bad-8a96-f15bc3bcf5cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Install DNSSEC on ProxyVM type (debian) ?
On Mon, Feb 13, 2017 at 05:10:28AM -0800, ThierryIT wrote: > Hi, > > Thx a lot for these information. > > I have installed dnssec-trigger on a newly created VM from a debian template > as ProxyVM type. This is working, I have checked for the DNSSEC and all are > ok. > > In the same way, I do have a VM to browse on internet, and I want all DNS > request forwarded to this ProxyVM freshly installed ... How to do this ?? > > Thx > > Le lundi 13 février 2017 09:40:42 UTC+2, Andrew David Wong a écrit : > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA512 > > > > On 2017-02-12 23:18, ThierryIT wrote: > > > Hi, > > > > > > I think that I have missed something concerning Qubes. When I > > > installed, let's say "Unbound" packages, after a reboot of the VM > > > it disappear ... Normal ? > > > > > > Thx > > > > > > > You have to install it in the TemplateVM (or, for more advanced users, > > pick a persistent dir and/or use bind-dirs): > > > > https://www.qubes-os.org/doc/templates/ > > > > - -- > > Andrew David Wong (Axon) > > Community Manager, Qubes OS > > https://www.qubes-os.org > > -BEGIN PGP SIGNATURE- > > > > iQIcBAEBCgAGBQJYoWLcAAoJENtN07w5UDAwAoQQAM+eiQ77VRPjYIf/0pKepUh0 > > eMpVANLYuKUC1yOnkyQR4p+eZBY1aRxLenC1y5pZXfk0ZFySKATa+lw2gZR0A6dn > > oMzZVtMxqDpVs3SQOImFvGEJCrhmaro1NmyL7+xNTgbEIO7Q35Az+AMLT3nNUa5N > > qclPsdCi48MWki4YhCMOaNLxxeFYlJoN1JMdqVg9wWKfPWWL7t15koO0gB2hWAj0 > > izroJeb9jDOW73PCo13zIs3nBrgmUnP/1VTg7emipVTfeQabHbpads61dNNSCgfv > > TEQfXI8+b4TX1ajN5mT90sX5N11OOY0rePRHhhSlRlGMNM+2P6rxjMPvXTrxkF1q > > 6TX12i2f2MxKg0uY7wJj2bCqG20Mo9sIsbxybvtFXKphnHZYOGaRmasdw4QciW/m > > 1Ojy9dFUdLlqRSsbJRsk91CE6MwhmCqGQAsJsFd1WKdY6+EyH1cSuNpr+PEt01xl > > hY91+ljOpI2/wYAQ+cumRV7JAydeCVv59Qs3k5yeFnpeqPMbPe9hKOnTj6eLyDbb > > WCCHJzmJJ0NIqzEvdsaiJnfOy9gTSKVdX4YIOoC5b2wjW4+vqJwqPUssSC511zpa > > OxEmKTSN7raMuuNLG370oplr5pRnrA/iolg/W/tDM2TbyfGQuEOHZXh91C6vyKKv > > mFM7z+UCGxMljbNCEuDN > > =laqs > > -END PGP SIGNATURE- > Please don't top post. If the new proxyVM is upstream from the browsing machine then you will need to adjust iptables in the nat table to redirect dns requests to the dnssec-trigger listener. If the new proxy is not upstream, but connected to the same upstream proxy then you can set the ip address in /etc/resolv.conf in the browsing qube, and allow traffic between the qubes as shown in this page: www.qubes-os.org/doc/firewall in the section "Enabling networking between two qubes" You could set the dns record from /rw/config/rc.local. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170214005727.GB27086%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Install DNSSEC on ProxyVM type (debian) ?
Hi, Thx a lot for these information. I have installed dnssec-trigger on a newly created VM from a debian template as ProxyVM type. This is working, I have checked for the DNSSEC and all are ok. In the same way, I do have a VM to browse on internet, and I want all DNS request forwarded to this ProxyVM freshly installed ... How to do this ?? Thx Le lundi 13 février 2017 09:40:42 UTC+2, Andrew David Wong a écrit : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2017-02-12 23:18, ThierryIT wrote: > > Hi, > > > > I think that I have missed something concerning Qubes. When I > > installed, let's say "Unbound" packages, after a reboot of the VM > > it disappear ... Normal ? > > > > Thx > > > > You have to install it in the TemplateVM (or, for more advanced users, > pick a persistent dir and/or use bind-dirs): > > https://www.qubes-os.org/doc/templates/ > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJYoWLcAAoJENtN07w5UDAwAoQQAM+eiQ77VRPjYIf/0pKepUh0 > eMpVANLYuKUC1yOnkyQR4p+eZBY1aRxLenC1y5pZXfk0ZFySKATa+lw2gZR0A6dn > oMzZVtMxqDpVs3SQOImFvGEJCrhmaro1NmyL7+xNTgbEIO7Q35Az+AMLT3nNUa5N > qclPsdCi48MWki4YhCMOaNLxxeFYlJoN1JMdqVg9wWKfPWWL7t15koO0gB2hWAj0 > izroJeb9jDOW73PCo13zIs3nBrgmUnP/1VTg7emipVTfeQabHbpads61dNNSCgfv > TEQfXI8+b4TX1ajN5mT90sX5N11OOY0rePRHhhSlRlGMNM+2P6rxjMPvXTrxkF1q > 6TX12i2f2MxKg0uY7wJj2bCqG20Mo9sIsbxybvtFXKphnHZYOGaRmasdw4QciW/m > 1Ojy9dFUdLlqRSsbJRsk91CE6MwhmCqGQAsJsFd1WKdY6+EyH1cSuNpr+PEt01xl > hY91+ljOpI2/wYAQ+cumRV7JAydeCVv59Qs3k5yeFnpeqPMbPe9hKOnTj6eLyDbb > WCCHJzmJJ0NIqzEvdsaiJnfOy9gTSKVdX4YIOoC5b2wjW4+vqJwqPUssSC511zpa > OxEmKTSN7raMuuNLG370oplr5pRnrA/iolg/W/tDM2TbyfGQuEOHZXh91C6vyKKv > mFM7z+UCGxMljbNCEuDN > =laqs > -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1f60d7a6-e536-49ce-9c87-85b9913b6834%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Install DNSSEC on ProxyVM type (debian) ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-02-12 23:18, ThierryIT wrote: > Hi, > > I think that I have missed something concerning Qubes. When I > installed, let's say "Unbound" packages, after a reboot of the VM > it disappear ... Normal ? > > Thx > You have to install it in the TemplateVM (or, for more advanced users, pick a persistent dir and/or use bind-dirs): https://www.qubes-os.org/doc/templates/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYoWLcAAoJENtN07w5UDAwAoQQAM+eiQ77VRPjYIf/0pKepUh0 eMpVANLYuKUC1yOnkyQR4p+eZBY1aRxLenC1y5pZXfk0ZFySKATa+lw2gZR0A6dn oMzZVtMxqDpVs3SQOImFvGEJCrhmaro1NmyL7+xNTgbEIO7Q35Az+AMLT3nNUa5N qclPsdCi48MWki4YhCMOaNLxxeFYlJoN1JMdqVg9wWKfPWWL7t15koO0gB2hWAj0 izroJeb9jDOW73PCo13zIs3nBrgmUnP/1VTg7emipVTfeQabHbpads61dNNSCgfv TEQfXI8+b4TX1ajN5mT90sX5N11OOY0rePRHhhSlRlGMNM+2P6rxjMPvXTrxkF1q 6TX12i2f2MxKg0uY7wJj2bCqG20Mo9sIsbxybvtFXKphnHZYOGaRmasdw4QciW/m 1Ojy9dFUdLlqRSsbJRsk91CE6MwhmCqGQAsJsFd1WKdY6+EyH1cSuNpr+PEt01xl hY91+ljOpI2/wYAQ+cumRV7JAydeCVv59Qs3k5yeFnpeqPMbPe9hKOnTj6eLyDbb WCCHJzmJJ0NIqzEvdsaiJnfOy9gTSKVdX4YIOoC5b2wjW4+vqJwqPUssSC511zpa OxEmKTSN7raMuuNLG370oplr5pRnrA/iolg/W/tDM2TbyfGQuEOHZXh91C6vyKKv mFM7z+UCGxMljbNCEuDN =laqs -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/79cbb644-75b3-bf3c-5fc9-48ba236c472b%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Install DNSSEC on ProxyVM type (debian) ?
Hi, I think that I have missed something concerning Qubes. When I installed, let's say "Unbound" packages, after a reboot of the VM it disappear ... Normal ? Thx -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e04e8da9-5ac4-4f15-aa8c-543db8258506%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.