On 6/30/19 2:46 PM, 'qubeslover' via qubes-users wrote:
Dear tasket, today here is so hot that I feel like I am drunk. I typed the wrong title. The topic actually was "Dns-over-TLS in *sys-net*. Is it possible? How?" Obviously, as you correctly (and politely) pointed out, it doesn't make sense at all to run DoT over VPN. Actually, I want to run DoT in sys-net since my link is insecure. Apologies for mistake. Suggestions are still appreciated. Off Topic P.S: I use and love your scripts and extensions for Qubes. You made my life much easier. Look forward to test sparsebak once encryption will be deployed into it.
Cool. Then this part still applies in sys-net:
A shortcut you can take to setting up iptables for DNS is to populate /etc/resolv.conf and then run '/usr/lib/qubes/qubes-setup-dnat-to-ns'. This should configure the nat/PR-QBS chain with the DNS addresses you set.
So check that your DoT setup is updating /etc/resolv.conf, then run '/usr/lib/qubes/qubes-setup-dnat-to-ns'.
-- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5e060b4a-4561-9123-1077-a109971c7a9e%40posteo.net. For more options, visit https://groups.google.com/d/optout.