Does it work if I set the DNS servers via systemd-resolved in the AppVM in which an Internet browser is running, or does this have to be done in sys-net?
/etc/systemd/resolved.conf.d/upstream.conf has following content:
[Resolve]
DNS=8.8.8.8#dns.goooooogle.com
DNSOverTLS=yes
Afterwards run sudo systemctl restart systemd-resolved.
Doing this in sys-net would apply the DNS to every single qube on your system, is that what you want to do?
Since you are talking about an app qube, I will base everything on that.
With an app qube you will lose all your changes unless you use bind-dirs.
You can also use /rw/config/rc.local inside your app qube with these commands:
systemd-resolve --set-dns=8.8.8.8 --set-dnsovertls=yes --interface=eth0
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
systemctl restart systemd-resolved
Make a DNS request and then verify that you have an “ESTABLISHED” TCP request using port 853.
ping qubes-os.org
ss -tuna | grep ":853"
Thank you. If I use systemd-resolve rules in the AppVM (DNS: 7.7.7.7) and in the sys-net as well (DNS: 8.8.8.8), which DNS server will be used by the internet browser in the AppVM?
It will use the one you set in the app qube. sys-net will not process the DNS requests because they do not come from the internal Qubes DNS system.