I'd like to setup a DNS cache server with a cache application like dnsmasq or similar on a different qube than 'sys-net', so that 'sys-firewall' DNAT all requests to my dnsVM, instead of passing it directly to 'sys-net' and the dnsVM, of course, could pass both 'sys-firewall' or 'sys-net'.
I'd like to have an easy way to switch the DNS configurations from dom0, both via cli and GUI, maybe in the 'Qubes Global Settings' with another field in the 'System Defaults' section, that let me switch from 'sys-net' to other qubes. The final goal is to make possible to specify a custom dnsVM backend based on tags and labels, for example to send all request from "trusted" VMs to a dnsVM with where a DNSCrypt is installed and all request from "untrusted" VMs to a dnsVM that apply a small set of filtering rules. The problem is I don't know which configurations/files to change and how to make this configuration persist for a session or permanently, since I know ServiceVMs update dynamically the iptables rules, the nat table in particular, on interfaces UP and DOWN events. Any ideas? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a46dcc76-7df4-4b0a-9199-2db6475b89f3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.