"force-sticking" DNS settings for a particular template and all VMs based on it (Qubes 3.2 question)

33 views
Skip to first unread message

daltong defourne

unread,
Oct 31, 2018, 5:08:39 AM10/31/18
to qubes-devel
Hello!

Long story short, I want to do a really basic thing:

modify a template VM (and / or relevant dom0-side configs) in a manner that ensures that DNS is resolved through localhost (I have dnscrypt2 running there already, working fine)

I realize that I could DNAT to 127.0.0.1 and that is more or less the Qubes way to do it (at least judging from /usr/lib/qubes/qubes-setup-dnat-to-ns content) but I suspect one of the issues I am intermittently having is due to doing precisely that, and would like to test out "hardcoding" the localhost as DNS for a particular template VM.

Oh, and I would like the modification to propagate to all VMs using that template (noting that in case the DNS hardcoding requires Dom0 modification as well as modification of the template)

Marek Marczykowski-Górecki

unread,
Oct 31, 2018, 6:59:24 AM10/31/18
to daltong defourne, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
You can prevent qubes scripts touching /etc/resolv.conf by adding it to
/etc/qubes/protected-files.d/something.conf in the template. Just create
such file (you can name it whatever you want) and put "/etc/resolv.conf"
as an only line there.
Then, you can use can modify /etc/resolv.conf as you wish and it should
stay this way, including in VMs made from this template.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlvZiwcACgkQ24/THMrX
1yzNowf7BCaBW91MMDPUgdR4fxESPiJxbVg9QE+/eavYCtrfgie3W+3/JoJyWiXO
XvUIAhbf+/NdyAdfVjZ/49DWU1Oc7cCd27YLCIBUthZSK9ok3iiuB60vUmkfknQm
fmb8NBYbs9LYZWttBgXh+/79y4m53y8n++M/qezX+nMJovFAMItGAHV4E3lNy1OL
qzio7abE5lD/ZuAG4ZxLTg3PnqO+KYsTV/Zo77K5tn6WiMXachZxSy8KLZUZ6jZQ
qBoBcZVppjdLixKA5GYfKHt98h444f4nN60RIc4cwzFbeXQXMUMC+H/HhB0LHEWG
ci58ddVLW/7IJAdPXr38nhp5eCsPsw==
=WLqF
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages