To run lokinet I need to set persistently the nameserver to 127.3.2.1 (which comes with lokinet). Linux troubleshooting - Oxen Docs
Can’t you change it in /etc/resolve.conf
?
No, it is not working.
If you want you can simple try it on your side. The setup is done in 2 mins.
I did tests with
sudo nano /etc/resolvconf/resolv.conf.d/head
and
sudo nano /etc/resolv.conf
and did the update afterwards but it returns:
etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf
And after every reboot it switches back to the Qubes default DNS.
The only qube I have that uses a custom DNS is my VPN, and it uses NetworkManager to configure the DNS after boot.
But changing the nameservers in resolve.conf should allow you to use a different DNS.
Ok, thx. I will give it a try.
No, I did not get it working and in the Qubes Settings it still displays the default Virtual DNS.
This is not particularly helpful.
That is a natural result of you editing a file in /etc, that comes from
the template.
If you want to make a permanent change, either use bind-dirs
or make the change using /rw/config/rc.local
You’ll have to fix the other error message you have reported.
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
Ok, obviously my simple question " How to overwrite Qubes Virtual DNS 10.139.1.1, 10.139.1.2" cannot be solved by a simple command.
I start with a step-by-step explanation. Hopefully, this will give some more light into the setup, the DNS issue and how to troubleshoot this on Qubes.
I did a fresh setup on a standaloneVM, followed the lokinet installation instructions:
-
sudo apt-get update && sudo apt install curl
-
sudo curl -so /etc/apt/trusted.gpg.d/oxen.gpg https://deb.oxen.io/pub.gpg
-
echo “deb https://deb.oxen.io $(lsb_release -sc) main” | sudo tee /etc/apt/sources.list.d/oxen.list
-
sudo apt update && sudo apt install lokinet-gui
during the installation routine I see this (I guess this could be a useful info):
Created symlink /etc/systemd/system/sysinit.target.wants/resolvconf.service
→ /lib/systemd/system/resolvconf.service.
Created symlink /etc/systemd/system/systemd-resolved.service.wants/resolvconf-pull-resolved.path
→ /lib/systemd/system/resolvconf-pull-resolved.path.
Created symlink /etc/systemd/system/systemd-resolved.service.wants/resolvconf-pull-resolved.service
→ /lib/systemd/system/resolvconf-pull-resolved.service.
checking Qubes DNS returns:
user@lokinet-standalone-debian-11:~$ cat /etc/resolvconf/resolv.conf.d/head
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.
user@lokinet-standalone-debian-11:~$ cat /etc/resolvconf/resolv.conf.d/original
nameserver 10.139.1.1
nameserver 10.139.1.2
checking the lokinet’s systemctl:
user@lokinet-standalone-debian-11:~$ systemctl status lokinet
● lokinet.service - LokiNET: Anonymous Network layer thingydoo, client
Loaded: loaded (/lib/systemd/system/lokinet.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 20yy-mm-dd hh:mm:ss XXXX; 13min ago
Process: 4897 ExecStartPost=/usr/sbin/lokinet-resolvconf add /var/lib/lokinet/lokinet.ini (code=exited, status=0/SUCCESS)
Main PID: 4888 (lokinet)
Status: "v0.9.11 client | known/connected: 954/6 | paths/endpoints 44/1"
Tasks: 9 (limit: 4633)
Memory: 11.2M
CPU: 22.294s
CGroup: /system.slice/lokinet.service
└─4888 /usr/bin/lokinet /var/lib/lokinet/lokinet.ini
Verify everything is working fine:
-
Starting a web-browser, set HTTPS-Only Mode to: Don’t enable HTTPS-Only Mode.
browse to a *.loki website: http://deb.loki , http://mirror.loki/debian …
→ works. -
Switch on lokinet VPN mode (exit.loki) and checking IP (https://myip.is , https://iplocation.net …):
IPv4 address: 199.195.253.224 / exit.loki.network
→ works. -
Checking the lokinet status / lokinet-GUI displays: ~1600 routers, active paths ~100 with 92% success.
→ works.
NOW, reboot the standaloneVM.
- checking the systemctl status again:
user@lokinet-standalone-debian-11:~$ sudo systemctl status lokinet
● lokinet.service - LokiNET: Anonymous Network layer thingydoo, client
Loaded: loaded (/lib/systemd/system/lokinet.service; enabled; vendor prese>
Active: active (running) since Tue 20yy-mm-dd hh:mm:ss XXXX; 44s ago
Process: 656 ExecStartPost=/usr/sbin/lokinet-resolvconf add /var/lib/lokine>
Main PID: 599 (lokinet)
Status: "v0.9.11 client | known/connected: 1596/4 | paths/endpoints 11/0"
Tasks: 8 (limit: 4633)
Memory: 28.1M
CPU: 933ms
CGroup: /system.slice/lokinet.service
└─599 /usr/bin/lokinet /var/lib/lokinet/lokinet.ini
- Open web-browser and go to a *.loki
→ We can’t connect to the server at deb.loki.
Any idea what is set during the installation routine and overwritten with the (standaloneVM) reboot?
How to fix the DNS reboot issue?
… ultimately, what needs to be done (bind-dirs …) to get it working as ProxyVM?
Thanks for your support
The following has a solution that might be helpful.
@whoami - I suggested that you use /rw/config/rc.local to overwrite the Qubes DNS
settings.
Can you explain why you think this simple solution does not provide an answer to
your simple question?
Since I still do not know what needs to be entered to get lokinet’s DNS working after reboot (after one week).
I would very thankful if you just simply drop me the simple one-liner solution for my simple question even if this proofs that I still need to learn a lot about DNS, Qubes DNS workflow and how to manipulate it. That is fine for me, I still want to learn more about QOS
I tested the official troubleshooting recommendations (for normal Linux distros) with your recommendation:
echo ‘nameserver 127.3.2.1’ > /etc/resolvconf/resolv.conf.d/head
I also did some tests with
echo ‘nameserver 127.3.2.1’ > /etc/resolv.conf
echo ‘nameserver 127.3.2.1’ > /etc/resolvconf/resolv.conf.d/original
As already stated here:
and here:
I guess this symlink is the issue here but I have no clue where to start here. I never used / worked with symlink before but what I understood it is simply a link which points to a directory.
I tried your second recommendation: using bind-dirs
As descripted in the docs I made a 50_user.conf and added
/etc/systemd/system
with that I hoped to keep the symlink persistent (which was made during the installation routine). I also did this test with a lokinet-gw and a lokinet-ws setup instead of the previous standalone Qube tests. Both still without success.
Accidentally, I saw @qubist nice Guide on:
He also used your recommended /rw/config/rc.local
approach:
echo 'nameserver 127.0.0.1' > /etc/resolv.conf
But he used it in a much more complex content and I guess in my case the issue is strongly linked to the way lokinet implemented its DNS.
@qubist maybe you have an additional hint / solution for me. As described here the issue can be reproduced very quickly (in 5 mins).
I am still learning about Qubes OS and I have never heard about lokinet before seeing this thread, so consider this as a disclaimer for anything I write here. I think we need better documentation about how various things work in Qubes OS, as well as about setting up custom DNS services.
What I have learned so far is that Qubes OS routes all DNS requests to 10.139.1.1
and 10.139.1.2
which is done using /etc/resolv.conf
files in templates and firewall rules. To use a custom DNS one obviously needs to modify both, otherwise DNS requests would still go to the 2 default hosts.
To persist modifications in /etc/*
you must either do them in the particular template, or use some of the other methods described in the docs: config files or bind-dirs. Since you mentioned that you are using a StandaloneVM, I don’t know why the changes you make may be volatile. You may need to look deeper into logs of the VM and the service file itself.
You can use the guide I shared in the other thread too. The sys-wall
I use there routes all DNS requests to a sys-dns
qube. Just replace the part related to dnscrypt
with your lokinet specific stuff, thus creating your own sys-dns
running whatever DNS you like. This approach makes any modifications in the client qube (your lokinet-standalone-debian-11
) unnecessary as sys-wall
which you will use as a NetVM will do that for you upstream.
You asked a simple question - how do I overwrite /etc/resolv.conf from
Qubes default?
The simple answer is:
Put a line in /rw/.config/rc.local like this:
echo "nameserver 9.9.9.9 " > /etc/resolv.conf
That is the simple answer to the question you asked.
The difficult t you have is that your problem is not encompassed by that
simple question.
That is why I told you you would have to deal with the warning message
that you received.
etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf
If you had spent 5 minutes in the past week of travail searching for
that issue, then you would have found a solution to your actual
problem.
Try these lines in /rw/config/rc.local
:
rm /etc/resolv.conf
ln -s /run/resolvconf/resolv.conf /etc/resolv.conf
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
I was pretty close. I have already tested
ln -s /run/resolvconf/resolv.conf/head /etc/resolv.conf
resolvconf -u
Thank you @unman !!
Standalone works now, lokinet-gw with lokinet-ws not. Let’s see if I get the split setup working
Glad you got that working.
If you need help with a loki gateway, open a new thread.