dns in qubes
160 views
Skip to first unread message
Tom Zander
Jan 5, 2018, 10:17:46 AM1/5/18
to qubes-users
I'm trying to figure out how this works, and I am stuck.
In every qube (except sys-net) there is a resolv.conf that points to two
name servers.
10.139.1.1 and .2
This raises two questions;
* how does sys-net handle these requests on this odd address. No 'ip ad'
network seems to listen on this address.
* how can I change this in indidivual qubes in the correct matter.
I have some qubes routing through sys-vpn and I adjusted the vpn VM to find
the DNS, but users of the vpn can't find any DNS service now.
Any help appreciated.
--
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel
In every qube (except sys-net) there is a resolv.conf that points to two
name servers.
10.139.1.1 and .2
This raises two questions;
* how does sys-net handle these requests on this odd address. No 'ip ad'
network seems to listen on this address.
* how can I change this in indidivual qubes in the correct matter.
I have some qubes routing through sys-vpn and I adjusted the vpn VM to find
the DNS, but users of the vpn can't find any DNS service now.
Any help appreciated.
--
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel
Unman
Jan 5, 2018, 10:37:43 AM1/5/18
to Tom Zander, qubes-users
On Fri, Jan 05, 2018 at 03:17:38PM +0000, 'Tom Zander' via qubes-users wrote:
> I'm trying to figure out how this works, and I am stuck.
>
> In every qube (except sys-net) there is a resolv.conf that points to two
> name servers.
> 10.139.1.1 and .2
>
> This raises two questions;
>
> * how does sys-net handle these requests on this odd address. No 'ip ad'
> network seems to listen on this address.
>
> * how can I change this in indidivual qubes in the correct matter.
> I have some qubes routing through sys-vpn and I adjusted the vpn VM to find
> the DNS, but users of the vpn can't find any DNS service now.
>
> Any help appreciated.
>
Hi Tom,
> I'm trying to figure out how this works, and I am stuck.
>
> In every qube (except sys-net) there is a resolv.conf that points to two
> name servers.
> 10.139.1.1 and .2
>
> This raises two questions;
>
> * how does sys-net handle these requests on this odd address. No 'ip ad'
> network seems to listen on this address.
>
> * how can I change this in indidivual qubes in the correct matter.
> I have some qubes routing through sys-vpn and I adjusted the vpn VM to find
> the DNS, but users of the vpn can't find any DNS service now.
>
> Any help appreciated.
>
You don't say which Qubes version you're using, or how the sys-vpn is
configured.
Look at the nat table in the upstream netvm.
You'll see that sys-net NATs these requests to the NS used by sys-net.
You should be able to change name servers in a qube using bind-dirs on
/etc/resolv.conf. Or, (somewhat better since it allows you to switch
qubes in and out of vpn), just change the NAT rules on sys-vpn to
capture DNS traffic and send it down the tunnel.
unman
Tom Zander
Jan 5, 2018, 11:57:35 AM1/5/18
to qubes-users
On Friday, 5 January 2018 15:37:37 GMT Unman wrote:
> Look at the nat table in the upstream netvm.
> You'll see that sys-net NATs these requests to the NS used by sys-net.
Ah, that hint was enough, I didn't expect NAT, thanks!
> Look at the nat table in the upstream netvm.
> You'll see that sys-net NATs these requests to the NS used by sys-net.
Got it working now.
Reply all
Reply to author
Forward
0 new messages