On Tue, Jun 06, 2023 at 01:24:18PM -0500, Leo28C wrote: > I managed to set up a pi-hole qube and make it my network's DNS > filtering/caching server. Ironically, it works flawlessly across my network > EXCEPT it completely breaks DNS for all other qubes in the same system. On > Debian-based qubes I figured out I can simply edit /etc/resolv.conf, while > making sure sys-firewall lets the two qubes talk to each other, as a > workaround. However this is a hacky per-qube solution and doesn't persist > across qube restarts. It would be nice to simply have sys-firewall relay > the information to all of its client qubes automatically. Any idea how to > do this? > > Thanks in advance! > You dont need to change the settings per qube at all. You haven't said *where* the pi-hole qube is located in your qubes network, or what the nature of the breakage is. I assume from what you say it is attached to sys-firewall.
You can do this by editing the PR-QBS chain in nat table in sys-firewall. By default, this forwards all DNS traffic to 10.139.1.1 and 10.139.1.2 using dnat. Flush that chain and replace it with dnat rules to the IP address of your Pi-hole qube. You could do this in /rw/config/qubes-firewall-user-script or by script in /rw/config/qubes-firewall.d -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ZIHekYeyI0BY5uUa%40thirdeyesecurity.org.
