Hello,
I have few AppVMs, each of them is connecting to Wireguard server and routes 0/0 via the tunnel. When the tunnel is up, all traffic to default DNS (10.139.1.1 and 10.139.1.2) is routed via the tunnel and resolving fails.
Is there a way to provide different DNS per AppVM on boot? I read on Networking | Qubes OS that DNS1/DNS1 are passed to AppVM during boot, thus not counting on DHCP, but I can’t figure out if this can be tweaked further.
Regards
If you want to use a different DNS server for your qubes, the best way is to change the /etc/resolv.conf file. You can do this by adding commands to /rw/config/rc.local:
# Debian
echo "nameserver 1.1.1.1" | tee /etc/resolv.conf
# Fedora
echo "nameserver 1.1.1.1" | tee /etc/resolv.conf
systemctl restart systemd-resolved
If instead you want them all to use the same DNS server, you can flush the dnat-dns nftables chain and nat the DNS requests to whatever you want:
# In vpn qube
nft flush chain qubes dnat-dns
nft add rule ip qubes dnat-dns meta l4proto { tcp, udp } iifgroup 2 ip daddr {10.139.1.1, 10.139.1.2} th dport 53 dnat to 1.1.1.1