In /etc/dnscrypt-proxy/dnscrypt-proxy.toml there is a section named [sources]. Each subsection of it has a line cache_file = <value> . What you quote means that the value should be a path in /run if you want these stored in RAM, e.g. for [sources.public-resolvers]:
I wanted to ask you about IP addresses in the script /rw/config/rc.local of f37-m-firewall-dvm.
The IP addresses 10.139.1.1 and 10.139.1.2 are more or less clear from your answer elsewhere:
What about the following IP address? Should I adapt it according to IPs of my VMs? If yes, to which one? If no, what does it represent?
@apparatus Thank you for your answer!
Yes, I did put the IP address of my sys-dns like you indicated here.
My problem is I couldn’t obtain the same result as in the test of @qubist therefore I am double checking everything:
even though *google-analytics* is in the blocked-names.txt.
In a qube attached to sys-wall, I am obtaining the following, which is not normal:
[user@avm ~]$ host google-analytics.com
google-analytics.com has address 142.250.75.228
google-analytics.com has IPv6 address 2a00:1450:4007:810::2004
because in sys-dns I am getting:
[user@sys-dns ~]$ host google-analytics.com
google-analytics.com host information "This query has been locally blocked" "by dnscrypt-proxy"
google-analytics.com host information "This query has been locally blocked" "by dnscrypt-proxy"
google-analytics.com host information "This query has been locally blocked" "by dnscrypt-proxy"```
On second thought, I don’t thing sys-wall is even needed in your setup because you’re already redirecting the DNS traffic to dnscrypt-proxy in sys-dns and there is no point in blocking the DNS requests to non-virtual DNS servers in separate firewall qube.
You can just do the blocking in sys-dns.
I attached sys-dns directly to a qube. In this qube I am getting:
[user@avm ~]$ host google-analytics.com
google-analytics.com has address 142.250.75.228
google-analytics.com has IPv6 address 2a00:1450:4007:810::2004
which is strange because in sys-dns I am getting:
[user@sys-dns ~]$ host google-analytics.com
google-analytics.com host information "This query has been locally blocked" "by dnscrypt-proxy"
google-analytics.com host information "This query has been locally blocked" "by dnscrypt-proxy"
google-analytics.com host information "This query has been locally blocked" "by dnscrypt-proxy"```
@apparatus I’m using Qubes OS 4.2 ( 4.2.0-rc5 testing release, is the problem because of this?)
I also use fedora-38-minimal template for net.
The sudo command in sys-dns demands a password. I don’t know what passport should I use? Do the minimal templates have a default password?