I use NextDNS to encrypt and filter my DNS request on windows / android.
I would also like to use it for some of my qubes VMs and tried it out but run into issues.
I tried to change the DNS settings in /etc/systemd/resolved.conf but this broke name resolution.
My setup:
sys-net ← sys-vpn (expressvpn) ← sys-firewall ←
all VMs are configured as disposable VMs, but I know how to edit /rw/config/qubes-bind-dirs.d/ if I need to apply any persistent changes.
I also tried to enable the qubes-disable-dns-server option and set my DNS serves manually in sys-vpn, but it didn’t work.
Question:
where do I need to put in my custom DNS servers so that they will be used by my AppVMs.
Short Update after further testing how to setup NextDNS in Qubes.
I was able to change the DNS servers in my AppVM by editing /etc/systemd/resolv.conf and adding the following lines:
The exakt settings can be found in your NextDNS account under Setup for systemd.
I had to restart the service after changing the config file:
systemctl restart systemd-resolved
DNS queries will now go via NextDNS as seen in the Live Log but if stop the system-resolved service DNS is still working.
Most likely because /etc/resolv.conf in the AppVM is still pointing to the default Qubes DNS IPs:
how can I make the DNS leakproof, so that DNS queries will only work via the NextDNS nameservers and not via Qubes DNS?
Additionally what would be the best setup to place those DNS servers?
sys-net ← sys-vpn (expressvpn) ← sys-firewall ←
In each AppVM? Firewall-VM? VPN-VM?