Hi,
I wrote a blog post [0] explaining the steps required to move all the DNS calls
to any secure DoH server using Tor (to keep the calls anonymized). Here I am
modifying sys-firewall as the primary netwvm for the other AppVMs.
[0]
https://kushaldas.in/posts/use-doh-over-tor-for-your-qubes-system.html
Kushal
--
Public Interest Technologist, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in