On Thu, Mar 09, 2017 at 12:30:21AM +0000, Unman wrote: > > > > > >> https://github.com/QubesOS/qubes-issues/issues/2674 > > > > I have the same problem with Fedora 23, Debian 8 and Debian 9: > > > > > > > > = Fedora 23 = > > > > [user@work ~]$ grep PRETTY /etc/os-release > > > > PRETTY_NAME="Fedora 23 (Workstation Edition)" > > > > [user@work ~]$ cat /etc/resolv.conf > > > > nameserver 10.137.2.1 > > > > nameserver 10.137.2.254 > > > > [user@work ~]$ dig +short gov.uk @10.137.2.1 > > > > 23.235.33.144 > > > > 23.235.37.144 > > > > [user@work ~]$ dig +short gov.uk @10.137.2.254 > > > > ;; connection timed out; no servers could be reached > > I have understood why I have this problem. > > > > On my LAN, the DNS recursive server (unbound) has a blacklist: it > > refuses to answer queries for tracking/ad domains. The problem is that > > when a program receives a "REFUSED" packet from its DNS query, it tries > > to solve the same host on the second DNS server in resolv.conf. > > > > I can see the pattern clearly using tcpdump: Query -> fast answer > > REFUSED -> Query on the second DNS server -> no answer. > > > > On the DNS resolver: > > # grep facebook unbound-blacklist.conf > > local-zone: "facebook.com" refuse > > > > on any Qubes VM: > > $ host facebook.com 10.137.2.1 > > Using domain server: > > Name: 10.137.2.1 > > Address: 10.137.2.1#53 > > Aliases: > > > > Host facebook.com not found: 5(REFUSED) > > $ host facebook.com 10.137.2.254 > > [... 10s ...] > > ;; connection timed out; no servers could be reached > > $ host facebook.com > > Host facebook.com not found: 5(REFUSED) > > $ ping facebook.com > > [... 10s ...] > > ping: facebook.com: Temporary failure in name resolution > > > > I do not understand why this second DNS server is populated in all Qubes > > VM. Is there a simple way to configure only 1 DNS server? > > > > Antoine > > > > If you had two servers on your network, or your DHCP server gave out two > addresses both would be used, I think.
The issue is that my DHCP server is only giving 1 DNS server. I do not understand why Qubes thinks I have 2. Antoine -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170311210550.uzoxnnr6dnglhteq%40fedora-23-dvm. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature