On Mon, Feb 13, 2017 at 05:10:28AM -0800, ThierryIT wrote: > Hi, > > Thx a lot for these information. > > I have installed dnssec-trigger on a newly created VM from a debian template > as ProxyVM type. This is working, I have checked for the DNSSEC and all are > ok. > > In the same way, I do have a VM to browse on internet, and I want all DNS > request forwarded to this ProxyVM freshly installed ... How to do this ?? > > Thx > > Le lundi 13 février 2017 09:40:42 UTC+2, Andrew David Wong a écrit : > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > On 2017-02-12 23:18, ThierryIT wrote: > > > Hi, > > > > > > I think that I have missed something concerning Qubes. When I > > > installed, let's say "Unbound" packages, after a reboot of the VM > > > it disappear ... Normal ? > > > > > > Thx > > > > > > > You have to install it in the TemplateVM (or, for more advanced users, > > pick a persistent dir and/or use bind-dirs): > > > > https://www.qubes-os.org/doc/templates/ > > > > - -- > > Andrew David Wong (Axon) > > Community Manager, Qubes OS > > https://www.qubes-os.org > > -----BEGIN PGP SIGNATURE----- > > > > iQIcBAEBCgAGBQJYoWLcAAoJENtN07w5UDAwAoQQAM+eiQ77VRPjYIf/0pKepUh0 > > eMpVANLYuKUC1yOnkyQR4p+eZBY1aRxLenC1y5pZXfk0ZFySKATa+lw2gZR0A6dn > > oMzZVtMxqDpVs3SQOImFvGEJCrhmaro1NmyL7+xNTgbEIO7Q35Az+AMLT3nNUa5N > > qclPsdCi48MWki4YhCMOaNLxxeFYlJoN1JMdqVg9wWKfPWWL7t15koO0gB2hWAj0 > > izroJeb9jDOW73PCo13zIs3nBrgmUnP/1VTg7emipVTfeQabHbpads61dNNSCgfv > > TEQfXI8+b4TX1ajN5mT90sX5N11OOY0rePRHhhSlRlGMNM+2P6rxjMPvXTrxkF1q > > 6TX12i2f2MxKg0uY7wJj2bCqG20Mo9sIsbxybvtFXKphnHZYOGaRmasdw4QciW/m > > 1Ojy9dFUdLlqRSsbJRsk91CE6MwhmCqGQAsJsFd1WKdY6+EyH1cSuNpr+PEt01xl > > hY91+ljOpI2/wYAQ+cumRV7JAydeCVv59Qs3k5yeFnpeqPMbPe9hKOnTj6eLyDbb > > WCCHJzmJJ0NIqzEvdsaiJnfOy9gTSKVdX4YIOoC5b2wjW4+vqJwqPUssSC511zpa > > OxEmKTSN7raMuuNLG370oplr5pRnrA/iolg/W/tDM2TbyfGQuEOHZXh91C6vyKKv > > mFM7z+UCGxMljbNCEuDN > > =laqs > > -----END PGP SIGNATURE----- >
Please don't top post. If the new proxyVM is upstream from the browsing machine then you will need to adjust iptables in the nat table to redirect dns requests to the dnssec-trigger listener. If the new proxy is not upstream, but connected to the same upstream proxy then you can set the ip address in /etc/resolv.conf in the browsing qube, and allow traffic between the qubes as shown in this page: www.qubes-os.org/doc/firewall in the section "Enabling networking between two qubes" You could set the dns record from /rw/config/rc.local. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170214005727.GB27086%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.