On Fri, Jan 05, 2018 at 03:17:38PM +, 'Tom Zander' via qubes-users wrote:
> I'm trying to figure out how this works, and I am stuck.
>
> In every qube (except sys-net) there is a resolv.conf that points to two
> name servers.
> 10.139.1.1 and .2
>
> This raises two questions;
>
> * how does sys-net handle these requests on this odd address. No 'ip ad'
> network seems to listen on this address.
>
> * how can I change this in indidivual qubes in the correct matter.
> I have some qubes routing through sys-vpn and I adjusted the vpn VM to find
> the DNS, but users of the vpn can't find any DNS service now.
>
> Any help appreciated.
>
Hi Tom,
You don't say which Qubes version you're using, or how the sys-vpn is
configured.
Look at the nat table in the upstream netvm.
You'll see that sys-net NATs these requests to the NS used by sys-net.
You should be able to change name servers in a qube using bind-dirs on
/etc/resolv.conf. Or, (somewhat better since it allows you to switch
qubes in and out of vpn), just change the NAT rules on sys-vpn to
capture DNS traffic and send it down the tunnel.
unman
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20180105153737.iwf2gmhad2m36f2j%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.