This issue only occurs when I attempt to use my WWAN card to connect to the internet. Using the same sys-net but with the wifi card connected this issue does not occur. The WWAN shows up as a usb device so it is being passed to sys-net via a standard sys-usb.
Recently in Qubes 4.0 I noticed my sys-vpn wasn’t able to resolve its entry server. It uses www.vpnserver.com for instance and would throw up errors that there was a temporary failure in name resolution.
Ahead of the sys-vpn is sys-net and sys-firewall on Fedora (also tested with Debian just in case) and nothing is changed in them. I can resolve domain names or ip addresses in sys-net or sys-firewall.
If I moved the sys-vpn to connect to sys-net it was able to resolve its entry address just fine. A similar thing happens with any other vm. Only when connected to sys-firewall a vm cant resolve anything.
Strange thing is when you connect sys-whonix to sys-vpn(or just to sys-firewall) the firewall now allows DNS to both sys-vpn and sys-whonix and everything works fine. But connecting any other vm to sys-vpn without sys-whonix also being connected to sys-vpn(or sys-firewall) all qubes connected to sys-firewall are being prevented from resolving DNS queries.
pinging an ip address doesn’t work either, the packets seem to be dropped somewhere. But the iptables in sys-firewall show that the packets are being forwarded to sys-net.
Making a new sys-firewall had the same effect, no dns resolution down stream. Starting up each qube several minutes apart did not change anything either, so it isn’t a timing issue in the vm’s boot timing.
Is there a command to resync dns across all open qubes? similar to qvm-clock-sync? From logs and my feeble testing there doesnt seem to be any error other than temporary failure in domain name resolution.