Dear Qubes users,
today DNS lookup temporarily failed in my Debian AppVMs attached to
sys-firewall. I took a look at /etc/resolv.conf and it lists the
nameservers
10.139.1.1
10.139.1.2
Qubes Manager shows no VMs with that address, sys-firewall has
10.137.0.6 and sys-net has 10.137.0.5.
Editing /etc/resolv.conf to use external nameservers restored DNS
lookup, but that is certainly not how it is supposed to be.
After a fedora-30 update and re-start of the physical machine, DNS
lookup works again, even with the seemingly non-existent nameserver.
sys-net lists my DSL router as nameserver. Name resolution worked on
other devices attached to the router.
What is going on here? (I already looked at the networking
documentation at
qubes-os.org.) Reading
/usr/lib/qubes/qubes-setup-dnat-to-ns
it seems that some iptables rules are set on VM boot that redirect port
53 requests, but I can't get iptables inside the AppVM to divulge these
rules. Hence I wonder how to debug this if the issue should happen
again.
Thanks,
Olaf