I'm trying to figure out how I can change my DNS settings for an AppVM. I'm relatively new to Qubes, so other related issues in this forum have clarified me some ideas but I am still quite puzzled.
This is what I have done so far:
1 - I have created a ProxyVM, which in turns connect to sys-firewall as NetVM. This ProxyVM uses debian-8 as template, because I'm following some tutorials in Internet about networking stuff using kali linux (configuring OpenDNS is one part). This ProxyVM is a StandaloneVM in order to keep changes in /.
2 - I have added to it network-manager service
3 - I have edited /etc/dhcp/dhclient.conf in my ProxyVM and I have added the following line with OpenDNS IPs:
prepend domain-name-servers 208.67.222.222, 208.67.220.220;
4 - I have connected my AppVM to this ProxyVM as NetVM.
5 - I have restarted my ProxyVM and my AppVM.
Now, I thought /etc/resolv.conf in my AppVM and ProxyVM should have changed. But no, they still have:
nameserver 10.137.5.1
nameserver 10.137.5.254
I see that my AppVM takes its /etc/dhcp/dhclient.conf from the ProxyVM, because that line is also added there.
Going to https://dnsleaktest.com confirms that I'm still using my ISP DNS server.
I guess that there is a way to do that without having to create a StandaloneVM for my ProxyVM, but I tried to do everything manual to learn how everything is tied. But anyway it doesn't work...
Thanks!
Thanks for your answer. I thought that changing /etc/resolv.conf by hand was not recommended because some other programs can overwrite it. Anyway, I tried it and changes in /etc/resolv.conf in my standalone ProxyVM are lost once I reboot...
I assigned "network-manager" service through "Qubes VM Manager" to my debian standalone ProxyVM, but I see this disappears once I start and shutdown the machine... I tried again to be sure and I can reproduce the issue. I will inspect it further and open a Qubes issue if needed.
But, anyway, I changed my ProxyVM to use fedora template (still standalone): Then, "network-manager" survives after reboot, but not the content in "/etc/resolv.conf"... But, in fedora template this file has an interesting hint:
# Generated by NetworkManager
I think this confirms my fears that /etc/resolv.conf should not be edited by hand...
I tried then to edit file /etc/NetworkManager/system-connections/qubes-uplink-eth0 and added OpenDNS IP's in "[ipv4]" section but changes are lost after reboot (I'm not using ethernet cable but wifi, but there is no other file. Furthermore, "ifconfig" only shows loop and eth0, but I suppose there is some kind of delegation to sys-net for that).
Thanks for your answer.
Does it mean that all VM have to share the same DNS settings (except Tor/Whonix)? What I was trying to do is routing only one of them through OpenDNS, while keeping the rest with my ISP DNS server (and I would like to avoid an HVM just for that).
I see I can create a new "NetVM" but I'm not sure if it is full supported. If I create a new one, is the GUI adapted so that I can configure both (sys-net and my custom one)? I prefer to ask before trying it and risking leaving something in an inconsistent state.
Ok, thanks a lot for your help. I'll try it.
--
You received this message because you are subscribed to a topic in the Google Groups "qubes-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/qubes-users/Q0kLzqD1ir4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a038a41c-61c1-da76-225e-68600908de45%40riseup.net.
For more options, visit https://groups.google.com/d/optout.